GB/T 21078.1-2007 Banking Personal Identification Number management and security Part 1: Basic principles and requirements for online PIN handling in A TM and POS systems (English Version)
This standard specifies the basic principles and techniques to provide the minimum security measures required for effective PIN management. These measures apply to those organizations responsible for implementing PIN management and protection technologies. This part also specifies the standard methods for PIN protection technology and PIN data exchange applied to financial transaction cards in the online environment. These technologies apply to those organizations responsible for implementing PIN management and protection technologies in ATMs and POS terminals. The provisions of this part do not cover: a) PIN management and security in the offline PIN environment, which is covered in ISO 9564-3:2003; b) PIN management and security in the electronic commerce environment, the subsequent parts of ISO 9564 will Include this item; c) Prevent customers or employees authorized by the issuing bank from losing or intentionally misusing PIN; d) Confidentiality of non-PIN transaction data; e) Protection of transaction messages to prevent modification or replacement. Such as authorization response to PIN verification; f) prevention of replay of PIN or transaction; g) specific key management techniques.
GB/T 21078.1-2007 Referenced Document
GB/T 15694.1-1995 Identification cards--Identification of issuers--Part 1: Numbering system
GB/T 16649.1 Identification cards - Integrated circuit(s) cards with contacts - Part 1: Physical characteristics
GB/T 16649.10 Identification cards-Intergrated circuit(s) cards with contacts--Part 10: Electronic signals and answer to reset for synchronous cards
GB/T 16649.11 Identification cards—Integrated circuit cards—Part 11: Personal verification through biometric methods*, 2019-08-30 Update
GB/T 16649.12 Identification cards.Integrated circuit card.Part 12:Cards with contacts.USB electrical interface and operating procedures*, 2010-12-01 Update
GB/T 16649.13 Identification cards.Integrated circuit cards.Part 13:Commands for application management in a multi-application environment*, 2013-11-12 Update
GB/T 16649.2 Identification cards - Integrated circuit(s) cards with contacts - Part 2: Dimensions and location of the contacts
GB/T 16649.3 Identification cards - Integrated circuit(s) cards with contacts - Part 3: Electronic signals and transmission protocols
GB/T 16649.4 Identification Cards.Integrated circuit cards.Part 4:Organization,security and commands for interchange*, 2010-12-01 Update
GB/T 16649.5 Identification cards-integrated circuit(s) cards with contacts Part 5: National numbering system and registration procedure for application identifiers
GB/T 16649.6 Identification cards--Integrated circuit(s) cards with contacts--Part 6: Interindustrv data elements
GB/T 16649.7 Identification cards--Integrated circuit(s) cards with contacts--Part 7: Interindustry commands for structured Card query language(SCQL)
GB/T 16649.8 Identification cards-Intergrated circuit(s) cards with contacts--Part 8: Security related interindustry commands
ISO 11568 Financial services — Key management (retail)*, 2023-02-17 Update
ISO 13491 Financial services — Secure cryptographic devices (retail) — Part 2: Security compliance checklists for devices used in financial transactions*, 2023-01-11 Update
ISO 9564-2:1991 Banking; Personal Identification Number management and security; part 2: approved algorithm(s) for PIN encipherment
ISO 9564-3:2003 Banking - Personal Identification Number management and security - Part 3: Requirements for offline PIN handling in ATM and POS systems
ISO/IEC 7812-2 Identification cards - Identification of issuers - Part 2: Application and registration procedures*, 2017-01-01 Update
GB/T 21078.1-2007 history
2023GB/T 21078.1-2023 Financial Services Personal Identification Number Management and Security Part 1: PIN Basic Principles and Requirements for Card-Based Systems
2007GB/T 21078.1-2007 Banking Personal Identification Number management and security Part 1: Basic principles and requirements for online PIN handling in A TM and POS systems