ISO 9564-3:2003
Banking - Personal Identification Number management and security - Part 3: Requirements for offline PIN handling in ATM and POS systems

Standard No.
ISO 9564-3:2003
Release Date
2003
Published By
International Organization for Standardization (ISO)
Status
Latest
ISO 9564-3:2003
Scope
This part of ISO 9564 specifies the minimum security measures required for offline Personal Identification Number (PIN) handling and a standard means of interchanging PIN data in an offline environment. It is applicable to financial transaction, card-originated transactions requiring offline PIN verification, and to those institutions responsible for implementing techniques for the management and protection of the PIN at Automated Teller Machines (ATMs) and acquirer sponsored Point-of-Sale (POS) terminals. This part of ISO 9564 is not applicable to a) PIN management and security in the online PIN environment, which is covered in ISO 9564-1, b) approved algorithms for PIN encipherment, which are covered in ISO 9564-2, c) the use of PJNs in an open network environment, which is to be covered in ISO 9564-4, d) the protection of the PIN against loss or intentional misuse by the customer or authorized employees of the issuer or their agents, e) privacy of non-PIN transaction data, f) protection of transaction messages against alteration or substitution, e.g. an online authorization response, g) protection against replay of the PIN or transaction, h) specific key management techniques, i) the decision as to whether the IC card is to receive the PIN enciphered, j) contactless IC cards. The basic principles of PIN management described in Clause 4 of ISO 9564-1:2002 are applicable and normative to this part of ISO 9564. Requirements associated with multi-application IC cards are considered to be the responsibility of the issuer and are not included. This part of ISO 9564 is framed in terms applicable to IC card technology, however, by this it is not intended to restrict its applicability to IC card technology.

ISO 9564-3:2003 history

  • 2003 ISO 9564-3:2003 Banking - Personal Identification Number management and security - Part 3: Requirements for offline PIN handling in ATM and POS systems
Banking - Personal Identification Number management and security - Part 3: Requirements for offline PIN handling in ATM and POS systems


Copyright ©2024 All Rights Reserved