GB/T 21078.2-2011 Banking.Personal identification number management and security.Part 2: Requirements for offline PIN handling in ATM and POS systems (English Version)
This standard specifies the minimum security requirements for offline PIN handling and the standard method for exchanging PIN data in an offline environment. This standard applies to card-initiated financial transactions that require offline PIN verification, and also to those organizations responsible for implementing PIN management and protection technologies in ATMs and acquirer-placed POS terminals. This section does not apply to the following situations: a) PIN management and security in the online PIN environment, GB/T 21078.1 includes the content of this item; b) Approved PIN encryption algorithm; c) Using PIN in an open network environment, GB/T 21078.1 contains the content of this item; T 21078.3 includes this content; d) PIN protection to prevent loss or intentional misuse by authorized employees of users or card issuers and their agents; e) Privacy of non-PIN transaction data; f) Protection of transaction messages to prevent Modification or replacement, such as online authorization response; g) prevention of PIN or transaction replay; h) specific key management technology; i) decision whether IC card accepts encrypted PIN; j) contactless IC card. The basic principles of PIN management described in Chapter 4 of GB/T 21078.1-2007 also apply to this part.
GB/T 21078.2-2011 Referenced Document
GB/T 16649.1 Identification cards - Integrated circuit(s) cards with contacts - Part 1: Physical characteristics
GB/T 16649.10 Identification cards-Intergrated circuit(s) cards with contacts--Part 10: Electronic signals and answer to reset for synchronous cards
GB/T 16649.11 Identification cards—Integrated circuit cards—Part 11: Personal verification through biometric methods*, 2019-08-30 Update
GB/T 16649.12 Identification cards.Integrated circuit card.Part 12:Cards with contacts.USB electrical interface and operating procedures
GB/T 16649.13 Identification cards.Integrated circuit cards.Part 13:Commands for application management in a multi-application environment*, 2013-11-12 Update
GB/T 16649.15 Identification cards.Integrated circuit card.Part 15:Cryptographic information application
GB/T 16649.2 Identification cards - Integrated circuit(s) cards with contacts - Part 2: Dimensions and location of the contacts
GB/T 16649.3 Identification cards - Integrated circuit(s) cards with contacts - Part 3: Electronic signals and transmission protocols
GB/T 16649.4 Identification Cards.Integrated circuit cards.Part 4:Organization,security and commands for interchange
GB/T 16649.5 Identification cards-integrated circuit(s) cards with contacts Part 5: National numbering system and registration procedure for application identifiers
GB/T 16649.6 Identification cards--Integrated circuit(s) cards with contacts--Part 6: Interindustrv data elements
GB/T 16649.7 Identification cards--Integrated circuit(s) cards with contacts--Part 7: Interindustry commands for structured Card query language(SCQL)
GB/T 16649.8 Identification cards-Intergrated circuit(s) cards with contacts--Part 8: Security related interindustry commands
GB/T 16649.9 Identification cards.Integrated circuit cards.Part 9:Commands for card management
GB/T 21078.1-2007 Banking Personal Identification Number management and security Part 1: Basic principles and requirements for online PIN handling in A TM and POS systems
GB/T 21078.2-2011 history
2023GB/T 21078.1-2023 Financial Services Personal Identification Number Management and Security Part 1: PIN Basic Principles and Requirements for Card-Based Systems
2011GB/T 21078.2-2011 Banking.Personal identification number management and security.Part 2: Requirements for offline PIN handling in ATM and POS systems
GB/T 21078.2-2011 Banking.Personal identification number management and security.Part 2: Requirements for offline PIN handling in ATM and POS systems was changed to GB/T 21078.1-2023 Financial Services Personal Identification Number Management and Security Part 1: PIN Basic Principles and Requirements for Card-Based Systems.