GB/T 21078.1-2007
Banking Personal Identification Number management and security Part 1: Basic principles and requirements for online PIN handling in A TM and POS systems (English Version)

Standard No.
GB/T 21078.1-2007
Language
Chinese, Available in English version
Release Date
2007
Published By
General Administration of Quality Supervision, Inspection and Quarantine of the People‘s Republic of China
Status
 2023-03
Replace By
GB/T 21078.1-2023
Latest
GB/T 21078.1-2023
Scope
This standard specifies the basic principles and techniques to provide the minimum security measures required for effective PIN management. These measures apply to those organizations responsible for implementing PIN management and protection technologies. This part also specifies the standard methods for PIN protection technology and PIN data exchange applied to financial transaction cards in the online environment. These technologies apply to those organizations responsible for implementing PIN management and protection technologies in ATMs and POS terminals. The provisions of this part do not cover: a) PIN management and security in the offline PIN environment, which is covered in ISO 9564-3:2003; b) PIN management and security in the electronic commerce environment, the subsequent parts of ISO 9564 will Include this item; c) Prevent customers or employees authorized by the issuing bank from losing or intentionally misusing PIN; d) Confidentiality of non-PIN transaction data; e) Protection of transaction messages to prevent modification or replacement. Such as authorization response to PIN verification; f) prevention of replay of PIN or transaction; g) specific key management techniques.

GB/T 21078.1-2007 Referenced Document

  • GB/T 15694.1-1995 Identification cards--Identification of issuers--Part 1: Numbering system
  • GB/T 16649.1 Identification cards - Integrated circuit(s) cards with contacts - Part 1: Physical characteristics
  • GB/T 16649.10 Identification cards-Intergrated circuit(s) cards with contacts--Part 10: Electronic signals and answer to reset for synchronous cards
  • GB/T 16649.11 Identification cards—Integrated circuit cards—Part 11: Personal verification through biometric methods*2019-08-30 Update
  • GB/T 16649.12 Identification cards.Integrated circuit card.Part 12:Cards with contacts.USB electrical interface and operating procedures*2010-12-01 Update
  • GB/T 16649.13 Identification cards.Integrated circuit cards.Part 13:Commands for application management in a multi-application environment*2013-11-12 Update
  • GB/T 16649.15 Identification cards.Integrated circuit card.Part 15:Cryptographic information application*2010-12-01 Update
  • GB/T 16649.2 Identification cards - Integrated circuit(s) cards with contacts - Part 2: Dimensions and location of the contacts
  • GB/T 16649.3 Identification cards - Integrated circuit(s) cards with contacts - Part 3: Electronic signals and transmission protocols
  • GB/T 16649.4 Identification Cards.Integrated circuit cards.Part 4:Organization,security and commands for interchange*2010-12-01 Update
  • GB/T 16649.5 Identification cards-integrated circuit(s) cards with contacts Part 5: National numbering system and registration procedure for application identifiers
  • GB/T 16649.6 Identification cards--Integrated circuit(s) cards with contacts--Part 6: Interindustrv data elements
  • GB/T 16649.7 Identification cards--Integrated circuit(s) cards with contacts--Part 7: Interindustry commands for structured Card query language(SCQL)
  • GB/T 16649.8 Identification cards-Intergrated circuit(s) cards with contacts--Part 8: Security related interindustry commands
  • GB/T 16649.9 Identification cards.Integrated circuit cards.Part 9:Commands for card management*2010-12-01 Update
  • GB/T 17552-1998 Identification cards--Financial transaction cards
  • ISO 11568 Financial services — Key management (retail)*2023-02-17 Update
  • ISO 13491 Financial services — Secure cryptographic devices (retail) — Part 2: Security compliance checklists for devices used in financial transactions*2023-01-11 Update
  • ISO 9564-2:1991 Banking; Personal Identification Number management and security; part 2: approved algorithm(s) for PIN encipherment
  • ISO 9564-3:2003 Banking - Personal Identification Number management and security - Part 3: Requirements for offline PIN handling in ATM and POS systems
  • ISO/IEC 7812-2 Identification cards - Identification of issuers - Part 2: Application and registration procedures*2017-01-01 Update

GB/T 21078.1-2007 history

  • 2023 GB/T 21078.1-2023 Financial Services Personal Identification Number Management and Security Part 1: PIN Basic Principles and Requirements for Card-Based Systems
  • 2007 GB/T 21078.1-2007 Banking Personal Identification Number management and security Part 1: Basic principles and requirements for online PIN handling in A TM and POS systems
Banking Personal Identification Number management and security Part 1: Basic principles and requirements for online PIN handling in A TM and POS systems

GB/T 21078.1-2007 -All Parts

GB/T 21078.1-2023 Financial Services Personal Identification Number Management and Security Part 1: PIN Basic Principles and Requirements for Card-Based Systems GB/T 21078.2-2011 Banking.Personal identification number management and security.Part 2: Requirements for offline PIN handling in ATM and POS systems GB/T 21078.3-2011 Banking.Personal identification number (PIN) management and security.Part 3: Guidelines for PIN handling in open networks GB/T 21078.4-2023 Financial Services Personal Identification Number Management and Security Part 4: Approved PIN Encryption Algorithms


Copyright ©2024 All Rights Reserved