• Shopping Cart
    There are no items in your cart

BS ISO 9564-1:2017

Current

Current

The latest, up-to-date edition.

Financial services. Personal Identification Number (PIN) management and security Basic principles and requirements for PINs in card-based systems

Available format(s)

Hardcopy , PDF

Language(s)

English

Published date

11-24-2017

US$302.14
Excluding Tax where applicable

Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Basic principles of PIN management
5 PIN handling devices
6 PIN security issues
7 PIN verification
8 Techniques for management/protection of account-related
   PIN functions
9 Techniques for management/protection of
   transaction-related PIN functions
Annex A (normative) - Destruction of sensitive data
Annex B (informative) - Additional guidelines for the design
        of a PIN entry device
Annex C (informative) - Information for customers
Bibliography

Describes the basic principles and techniques which provide the minimum security measures required for effective international PIN management.

Committee
IST/12
DevelopmentNote
Supersedes 09/30201974 DC. (03/2011) Supersedes 13/30275456 DC. (05/2015) Supersedes 15/30323818 DC. (11/2017)
DocumentType
Standard
Pages
42
PublisherName
British Standards Institution
Status
Current
Supersedes

This document specifies the basic principles and techniques which provide the minimum security measures required for effective international PIN management. These measures are applicable to those institutions responsible for implementing techniques for the management and protection of PINs during their creation, issuance, usage and deactivation. This document is applicable to the management of cardholder PINs for use as a means of cardholder verification in retail banking systems in, notably, automated teller machine (ATM) systems, point-of-sale (POS) terminals, automated fuel dispensers, vending machines, banking kiosks and PIN selection/change systems. It is applicable to issuer and interchange environments. The provisions of this document are not intended to cover: PIN management and security in environments where no persistent cryptographic relationship exists between the transaction-origination device and the acquirer, e.g. use of a browser for online shopping (for these environments, see ISO9564‑4 ); protection of the PIN against loss or intentional misuse by the customer; privacy of non-PIN transaction data; protection of transaction messages against alteration or substitution; protection against replay of the PIN or transaction; specific key management techniques; offline PIN verification used in contactless devices; requirements specifically associated with PIN management as it relates to multi-application functionality in an ICC.

Standards Relationship
ISO 9564-1:2017 Identical

ISO/IEC 18031:2011 Information technology Security techniques Random bit generation
ISO 13491-2:2017 Financial services — Secure cryptographic devices (retail) — Part 2: Security compliance checklists for devices used in financial transactions
ISO/IEC 7813:2006 Information technology Identification cards Financial transaction cards
ISO 13491-1:2016 Financial services — Secure cryptographic devices (retail) — Part 1: Concepts, requirements and evaluation methods
EN 1332-3:2008 Identification card systems - Man-machine interface - Part 3: Keypads
ISO 16609:2012 Financial services — Requirements for message authentication using symmetric techniques
ISO/IEC 7812-1:2017 Identification cards — Identification of issuers — Part 1: Numbering system
ISO 9564-2:2014 Financial services — Personal Identification Number (PIN) management and security — Part 2: Approved algorithms for PIN encipherment
ISO 9564-4:2016 Financial services — Personal Identification Number (PIN) management and security — Part 4: Requirements for PIN handling in eCommerce for Payment Transactions

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.