ISO 9564-1:2017
Current
Current
The latest, up-to-date edition.
Financial services — Personal Identification Number (PIN) management and security — Part 1: Basic principles and requirements for PINs in card-based systems
Available format(s)
Hardcopy , PDF , PDF 3 Users , PDF 5 Users , PDF 9 Users
Language(s)
English
Published date
11-02-2017
Important note : All end users must be registered with an Account prior to user licenses being assigned.
ISO 9564-1:2017 specifies the basic principles and techniques which provide the minimum security measures required for effective international PIN management. These measures are applicable to those institutions responsible for implementing techniques for the management and protection of PINs during their creation, issuance, usage and deactivation.
ISO 9564-1:2017 is applicable to the management of cardholder PINs for use as a means of cardholder verification in retail banking systems in, notably, automated teller machine (ATM) systems, point-of-sale (POS) terminals, automated fuel dispensers, vending machines, banking kiosks and PIN selection/change systems. It is applicable to issuer and interchange environments.
The provisions of ISO 9564-1:2017 are not intended to cover:
a) PIN management and security in environments where no persistent cryptographic relationship exists between the transaction-origination device and the acquirer, e.g. use of a browser for online shopping (for these environments, see ISO 9564-4);
b) protection of the PIN against loss or intentional misuse by the customer;
c) privacy of non-PIN transaction data;
d) protection of transaction messages against alteration or substitution;
e) protection against replay of the PIN or transaction;
f) specific key management techniques;
g) offline PIN verification used in contactless devices;
h) requirements specifically associated with PIN management as it relates to multi-application functionality in an ICC.
| Committee |
ISO/TC 68/SC 2
|
| DevelopmentNote |
Supersedes ISO 9564-3. (02/2011) Supersedes ISO/DIS 9564-1. (11/2017)
|
| DocumentType |
Standard
|
| Pages |
32
|
| PublisherName |
International Organization for Standardization
|
| Status |
Current
|
| Supersedes |
| Standards | Relationship |
| IS 15042 : Part 1 : 2021 | Identical |
| BS ISO 9564-1 : 2011 | Identical |
| NEN ISO 9564-1 : 2017 | Identical |
| ANSI X9.8-1 : 2015 | Identical |
| BS ISO 9564-1:2017 | Identical |
| EN 29564-1 : 1993 | Identical |
| UNE-EN 29564-1:1999 | Identical |
| DIN EN 29564-1:1994-02 | Corresponds |
| BS EN 29564-1:1994 | Identical |
| I.S. EN 29564-1:1994 | Identical |
| BIS IS 15042-1 : 2015 | Identical |
| PN ISO 9564-1 : 2004 | Identical |
| NS ISO 9564-1 : 1ED 1991 | Identical |
| 11/30231373 DC : 0 | BS ISO 11568-2 - FINANCIAL SERVICES - KEY MANAGEMENT (RETAIL) - PART 2: SYMMETRIC CIPHERS, THEIR KEY MANAGEMENT AND LIFE CYCLE |
| 14/30265624 DC : 0 | BS ISO 9564-4 - FINANCIAL SERVICES - PERSONAL IDENTIFICATION NUMBER (PIN) MANAGEMENT AND SECURITY - PART 4: REQUIREMENTS FOR PIN HANDLING IN ECOMMERCE FOR PAYMENT TRANSACTIONS |
| 05/30144069 DC : DRAFT DEC 2005 | ISO 13491-1 - BANKING - SECURE CRYPTOGRAPHIC DEVICES (RETAIL) - PART 1: CONCEPTS, REQUIREMENTS AND EVALUATION METHODS |
| 14/30265618 DC : 0 | BS ISO 13491-2 - BANKING - SECURE CRYPTOGRAPHIC DEVICES (RETAIL) - PART 2: SECURITY COMPLIANCE CHECKLISTS FOR DEVICES USED IN FINANCIAL TRANSACTIONS |
| BS ISO 9564-4:2016 | Financial services. Personal Identification Number (PIN) management and security Requirements for PIN handling in eCommerce for Payment Transactions |
| PD CR 1750:1999 | Identification card systems. Inter-sector messages between devices and hosts. Acceptor to acquirer messages |
| ISO 9564-4:2016 | Financial services — Personal Identification Number (PIN) management and security — Part 4: Requirements for PIN handling in eCommerce for Payment Transactions |
| BIS IS 15256-4 : 2013 | BANKING - KEY MANAGEMENT (RETAIL) - PART 4: ASYMMETRIC CRYPTOSYSTEMS - KEY MANAGEMENT AND LIFE CYCLE |
| EN 1332-1:2009 | Identification card systems - Human-machine interface - Part 1: Design principles for the user interface |
| DIN EN 1332-3:2008-11 | IDENTIFICATION CARD SYSTEMS - MAN-MACHINE INTERFACE - PART 3: KEYPADS |
| ISO 11568-2:2012 | Financial services — Key management (retail) — Part 2: Symmetric ciphers, their key management and life cycle |
| ISO 13491-2:2017 | Financial services — Secure cryptographic devices (retail) — Part 2: Security compliance checklists for devices used in financial transactions |
| BIS IS 14943-1 : 2014 | FINANCIAL TRANSACTION CARD ORIGINATED MESSAGES - INTERCHANGE MESSAGE SPECIFICATIONS - PART 1: MESSAGES, DATA ELEMENTS AND CODE VALUES |
| ANSI X9.93-1 : 2014 | FINANCIAL TRANSACTION MESSAGES - ELECTRONIC BENEFITS TRANSFER (EBT) - PART 1: MESSAGES |
| BS ISO 9564-2:2014 | Financial services. Personal Identification Number (PIN) management and security Approved algorithms for PIN encipherment |
| BS ISO 11568-1:2005 | Banking. Key management (retail) Principles |
| ISO 13492:2007 | Financial services Key management related data element Application and usage of ISO 8583 data elements 53 and 96 |
| BS ISO 10202-8:1998 | Financial transaction cards. Security architecture of financial transaction systems using integrated circuit cards General principles and overview |
| 04/30104265 DC : DRAFT SEP 2004 | ISO 13491-2 - BANKING - SECURE CRYPTOGRAPHIC DEVICES, RETAIL - PART 2: SECURITY COMPLIANCE CHECKLISTS FOR DEVICES USED IN FINANCIAL TRANSACTION ENVIRONMENTS |
| 02/648262 DC : DRAFT JUN 2002 | ISO/IEC FCD 7816-15 - INFORMATION TECHNOLOGY - IDENTIFICATION CARDS - INTEGRATED CIRCUIT(S) CARDS WITH CONTACTS - PART 15: CRYPTOGRAPHIC INFORMATION APPLICATION |
| BS ISO 13491-2:2017 | Financial services. Secure cryptographic devices (retail) Security compliance checklists for devices used in financial transactions |
| I.S. EN ISO 9807:1997 | BANKING AND RELATED FINANCIAL SERVICES - REQUIREMENTS FOR MESSAGE AUTHENTICATION (RETAIL) |
| BS ISO/IEC 7816-15 : 2016 | IDENTIFICATION CARDS - INTEGRATED CIRCUIT CARDS - PART 15: CRYPTOGRAPHIC INFORMATION APPLICATION |
| ISO 11568-3:1994 | Banking Key management (retail) Part 3: Key life cycle for symmetric ciphers |
| NF ISO 13491-1 : 1999 | BANKING - SECURE CRYPTOGRAPHIC DEVICES (RETAIL) - CONCEPTS, REQUIREMENTS AND EVALUATION METHODS |
| ISO 11568-5:1998 | Banking Key management (retail) Part 5: Key life cycle for public key cryptosystems |
| I.S. CWA 14174-7:2004 | FINANCIAL TRANSACTIONAL IC CARD READER (FINREAD) - PART 7: FINREAD CARD READER APPLICATION PROGRAMMING INTERFACES (APIS) |
| DIN EN 1332-1:2009-10 | IDENTIFICATION CARD SYSTEMS - HUMAN-MACHINE INTERFACE - PART 1: DESIGN PRINCIPLES FOR THE USER INTERFACE |
| BS EN ISO 8583:1995 | Financial transaction card originated messages. Interchange message specifications |
| UNI EN 1332-3 : 2009 | IDENTIFICATION CARD SYSTEMS - MAN-MACHINE INTERFACE - PART 3: KEYPADS |
| I.S. EN 1332-3:2008 | IDENTIFICATION CARD SYSTEMS - MAN-MACHINE INTERFACE - PART 3: KEYPADS |
| I.S. EN 1332-1:2009 | IDENTIFICATION CARD SYSTEMS - HUMAN-MACHINE INTERFACE - PART 1: DESIGN PRINCIPLES FOR THE USER INTERFACE |
| I.S. EN ISO 8583:1995 | FINANCIAL TRANSACTION CARD ORIGINATED MESSAGES - INTERCHANGE MESSAGE SPECIFICATIONS |
| BS ISO 11568-5:1998 | Banking. Key management (retail) Key life cycle for public key cryptosystems |
| 14/30293056 DC : 0 | BS ISO/IEC 7816-15 - IDENTIFICATION CARDS - INTEGRATED CIRCUIT CARDS - PART 15: CRYPTOGRAPHIC INFORMATION APPLICATION |
| ISO/IEC 9995-8:2009 | Information technology Keyboard layouts for text and office systems Part 8: Allocation of letters to the keys of a numeric keypad |
| ISO 10202-6:1994 | Financial transaction cards Security architecture of financial transaction systems using integrated circuit cards Part 6: Cardholder verification |
| BS ISO 11568-4:2007 | Banking. Key management (retail) Asymmetric cryptosystems. Key management and life cycle |
| BS ISO 15668:1999 | Banking. Secure file transfer (retail) |
| 07/30161079 DC : 0 | BS EN 14890-1 - APPLICATION INTERFACE FOR SMART CARDS USED AS SECURE SIGNATURE CREATION DEVICES - PART 1: BASIC SERVICES |
| 07/30160845 DC : 0 | BS EN 1332-3 - IDENTIFICATION CARD SYSTEMS - MAN-MACHINE INTERFACE - PART 3: KEY PADS |
| BS EN ISO 11568-3:1996 | Banking. Key management (retail) Key life cycle for symmetric ciphers |
| S.R. CWA 16926-65:2015 | EXTENSIONS FOR FINANCIAL SERVICES (XFS) INTERFACE SPECIFICATION RELEASE 3.30 - PART 65: PIN KEYPAD DEVICE CLASS INTERFACE - MIGRATION FROM VERSION 3.20 (CWA 16374) TO VERSION 3.30 (THIS CWA) - PROGRAMMER'S REFERENCE |
| S.R. CWA 16374-65:2011 | EXTENSIONS FOR FINANCIAL SERVICES (XFS) INTERFACE SPECIFICATION RELEASE 3.20 - PART 65: PIN KEYPAD DEVICE CLASS INTERFACE MIGRATION FROM VERSION 3.10 (CWA 15748) TO VERSION 3.20 (THIS CWA) PROGRAMMER'S REFERENCE |
| S.R. CWA 15748-65:2008 | EXTENSIONS FOR FINANCIAL SERVICES (XFS) INTERFACE SPECIFICATION - RELEASE 3.10 - PART 65: PIN KEYPAD DEVICE CLASS INTERFACE - MIGRATION FROM VERSION 3.03 (CWA 14050) TO VERSION 3.10 (THIS CWA) - PROGRAMMER'S REFERENCE |
| BS ISO 13492:2007 | Financial services. Key management related data element. Application and usage of ISO 8583 data elements 53 and 96 |
| ISO 11568-1:2005 | Banking — Key management (retail) — Part 1: Principles |
| ISO/IEC 7816-15:2016 | Identification cards Integrated circuit cards Part 15: Cryptographic information application |
| I.S. EN ISO 11568-1:1997 | BANKING - KEY MANAGEMENT (RETAIL) - PART 1: INTRODUCTION TO KEY MANAGEMENT |
| I.S. EN ISO 10202-6:1998 | FINANCIAL TRANSACTION CARDS - SECURITY ARCHITECTURE OF FINANCIAL TRANSACTION SYSTEMS USING INTEGRATED CIRCUIT CARDS - PART 6: CARDHOLDER VERIFICATION |
| EN 1332-3:2008 | Identification card systems - Man-machine interface - Part 3: Keypads |
| UNI EN 1332-1 : 2010 | IDENTIFICATION CARD SYSTEMS - HUMAN- MACHINE INTERFACE - PART 1: DESIGN PRINCIPLES FOR THE USER INTERFACE |
| ISO 8583-1:2003 | Financial transaction card originated messages — Interchange message specifications — Part 1: Messages, data elements and code values |
| DD ENV 13729:2000 | Health informatics. Secure user identification. Strong authentication microprocessor cards |
| BS ISO 11568-2:2012 | Financial services. Key management (retail) Symmetric ciphers, their key management and life cycle |
| UNE-EN 1332-1:2010 | Identification card systems - Human-machine interface - Part 1: Design principles for the user interface |
| ISO 15668:1999 | Banking Secure file transfer (retail) |
| BS EN ISO 10202-6:1996 | Financial transaction cards. Security architecture of financial transaction systems using integrated circuit cards Cardholder verification |
| INCITS/ISO/IEC 9995-8 : 1994 | INFORMATION TECHNOLOGY - KEYBOARD LAYOUTS FOR TEXT AND OFFICE SYSTEMS - PART 8: ALLOCATION OF LETTERS TO THE KEYS OF A NUMERIC KEYPAD |
| 07/30161082 DC : 0 | BS EN 14890-2 - APPLICATION INTERFACE FOR SMART CARDS USED AS SECURE SIGNATURE CREATION DEVICES - PART 2: ADDITIONAL SERVICES |
| ISO 13491-1:2016 | Financial services — Secure cryptographic devices (retail) — Part 1: Concepts, requirements and evaluation methods |
| S.R. CWA 16926-6:2015 | EXTENSIONS FOR FINANCIAL SERVICES (XFS) INTERFACE SPECIFICATION RELEASE 3.30 - PART 6: PIN KEYPAD DEVICE CLASS INTERFACE - PROGRAMMER'S REFERENCE |
| S.R. CWA 15748-6:2008 | EXTENSIONS FOR FINANCIAL SERVICES (XFS) INTERFACE SPECIFICATION - RELEASE 3.10 - PART 6: PIN KEYPAD DEVICE CLASS INTERFACE - PROGRAMMER'S REFERENCE |
| I.S. CWA 14890-2:2004 | APPLICATION INTERFACE FOR SMART CARDS USED AS SECURE SIGNATURE CREATION DEVICES - PART 2: ADDITIONAL SERVICES |
| I.S. EN ISO 11568-3:1997 | BANKING - KEY MANAGEMENT (RETAIL) - PART 3: KEY LIFE CYCLE FOR SYMMETRIC CIPHERS |
| ISO 10202-5:1998 | Financial transaction cards Security architecture of financial transaction systems using integrated circuit cards Part 5: Use of algorithms |
| ANSI X9.97-2 : 2009(R2017) | BANKING - SECURE CRYPTOGRAPHIC DEVICES (RETAIL) - PART 2: SECURITY COMPLIANCE CHECKLISTS FOR DEVICES USED IN FINANCIAL TRANSACTIONS |
| BS EN 1332-3:2008 | Identification card systems. Man-machine interface Keypads |
| BS EN 1332-1:2009 | Identification card systems. Human-machine interface Design principles for the user interface |
| EN ISO 11568-3 : 1996 | BANKING - KEY MANAGEMENT (RETAIL) - PART 3: KEY LIFE CYCLE FOR SYMMETRIC CIPHERS |
| EN ISO 11568-1 : 1996 | BANKING - KEY MANAGEMENT (RETAIL) - PART 1: INTRODUCTION TO KEY MANAGEMENT |
| EN 726-3:1994 | Identification card systems - Telecommunications integrated circuit(s) cards and terminals - Part 3: Application independent card requirements |
| EN ISO 10202-6 : 1995 | FINANCIAL TRANSACTION CARDS - SECURITY ARCHITECTURE OF FINANCIAL TRANSACTION SYSTEMS USING INTEGRATED CIRCUIT CARDS - PART 6: CARDHOLDER VERIFICATION |
| EN ISO 8583 : 1995 | FINANCIAL TRANSACTION CARD ORIGINATED MESSAGES - INTERCHANGE MESSAGE SPECIFICATIONS |
| 05/30144066 DC : DRAFT DEC 2005 | ISO 13492 - FINANCIAL SERVICES - KEY MANAGEMENT RELATED DATA ELEMENT - APPLICATION AND USAGE OF ISO 8353 DATA ELEMENTS 53 AND 96 |
| ISO 9564-3:2003 | Banking Personal Identification Number management and security Part 3: Requirements for offline PIN handling in ATM and POS systems |
| ANSI X9.105-1 : 2009 | FINANCIAL TRANSACTION CARD ORIGINATED MESSAGES - INTERCHANGE MESSAGE SPECIFICATIONS - PART 1: MESSAGES, DATA ELEMENTS AND CODE VALUES |
| BS ISO 10202-5:1998 | Financial transaction cards. Security architecture of financial transaction systems using integrated circuit cards Use of algorithms |
| BS ISO 13491-1:2007 | Banking. Secure cryptographic devices (retail) Concepts, requirements and evaluation methods |
| 07/30164625 DC : 0 | BS EN 1332-1 - IDENTIFICATION CARD SYSTEMS - HUMAN-MACHINE INTERFACE - PART 1: DESIGN PRINCIPLES FOR THE USER INTERFACE |
| S.R. CWA 16374-6:2011 | EXTENSIONS FOR FINANCIAL SERVICES (XFS) INTERFACE SPECIFICATION RELEASE 3.20 - PART 6: PIN KEYPAD DEVICE CLASS INTERFACE PROGRAMMER'S REFERENCE |
| CR 1750:1999 | Identification card systems - Inter-sector messages between devices and hosts - Acceptor to acquirer messages |
| CSA ISO/IEC 9995-8 : 2010 | INFORMATION TECHNOLOGY - KEYBOARD LAYOUTS FOR TEXT AND OFFICE SYSTEMS - PART 8: ALLOCATION OF LETTERS TO THE KEYS OF A NUMERIC KEYPAD |
| CSA ISO/IEC 9995-8 : 2010 : R2015 | INFORMATION TECHNOLOGY - KEYBOARD LAYOUTS FOR TEXT AND OFFICE SYSTEMS - PART 8: ALLOCATION OF LETTERS TO THE KEYS OF A NUMERIC KEYPAD |
| INCITS/ISO/IEC 7816-15 : 2004 | IDENTIFICATION CARDS - INTEGRATED CIRCUIT CARDS WITH CONTACTS - PART 15: CRYPTOGRAPHIC INFORMATION APPLICATION |
| ISO 10202-8:1998 | Financial transaction cards Security architecture of financial transaction systems using integrated circuit cards Part 8: General principles and overview |
| I.S. CWA 14174-3:2004 | FINANCIAL TRANSACTIONAL IC CARD READER (FINREAD) - PART 3: SECURITY REQUIREMENTS |
| S.R. CR 1750:1999 | IDENTIFICATION CARD SYSTEMS - INTER-SECTOR MESSAGES BETWEEN DEVICES AND HOSTS - ACCEPTOR TO ACQUIRER MESSAGES |
| ISO 9564-2:2014 | Financial services — Personal Identification Number (PIN) management and security — Part 2: Approved algorithms for PIN encipherment |
| ISO 11568-4:2007 | Banking — Key management (retail) — Part 4: Asymmetric cryptosystems — Key management and life cycle |
| BS EN 726-3:1996 | Identification card systems. Telecommunications. Integrated circuit(s) cards and terminals Application independent card requirements |
| CAN/CSA-ISO/IEC 7816-15:18 | Identification cards - Integrated circuit cards - Part 15: Cryptographic information application (Adopted ISO/IEC 7816-15:2016, second edition, 2016-06-15) |
| ISO/IEC 18031:2011 | Information technology Security techniques Random bit generation |
| AS ISO 13491.1:2019 | Financial services - Secure cryptographic devices (retail) Concepts, requirements and evaluation methods |
| ISO 13491-2:2017 | Financial services — Secure cryptographic devices (retail) — Part 2: Security compliance checklists for devices used in financial transactions |
| ISO/IEC 7813:2006 | Information technology Identification cards Financial transaction cards |
| ISO 13491-1:2016 | Financial services — Secure cryptographic devices (retail) — Part 1: Concepts, requirements and evaluation methods |
| EN 1332-3:2008 | Identification card systems - Man-machine interface - Part 3: Keypads |
| AS ISO 13491.2:2019 | Financial services - Secure cryptographic devices (retail) Security compliance checklists for devices used in financial transactions |
| ISO 16609:2012 | Financial services — Requirements for message authentication using symmetric techniques |
| ISO/IEC 7812-1:2017 | Identification cards — Identification of issuers — Part 1: Numbering system |
| ISO 9564-2:2014 | Financial services — Personal Identification Number (PIN) management and security — Part 2: Approved algorithms for PIN encipherment |
| ISO 9564-4:2016 | Financial services — Personal Identification Number (PIN) management and security — Part 4: Requirements for PIN handling in eCommerce for Payment Transactions |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.