GB/T 21078.3-2011 (English Version) PDF

Standard No.: GB/T 21078.3-2011
Language: Chinese, Available in English version
Release Date: 2011
Published By: General Administration of Quality Supervision, Inspection and Quarantine of the People‘s Republic of China
Latest: GB/T 21078.3-2011

Scope: This part specifies the PIN processing guidelines in the open network system; in the environment where the card issuer and the acquirer do not directly control the PIN management, or when the PIN input device has no relationship with the acquirer before the transaction occurs, it is necessary for management PINs and processing financial card-initiated transactions provide best practices for financial business security measures. This standard applies to transactions initiated by financial cards that require verification of a PIN, and to organizations responsible for implementing PIN management technologies in terminals and PIN entry devices used in open network systems. This part does not apply to: - PIN management and security in the online PIN environment, GB/T 21078.1 and GB/T 21078.2 include this content; - Approved PIN encryption algorithm; - Prevent users or card issuers and their agents from - PIN protection against loss or deliberate misuse by authorized employees of the vendor; - privacy of non-PIN transaction data; - protection of transaction messages against modification or replacement, such as on-line authorization responses; - protection against PIN or transaction replay ; - specific key management techniques; - access and storage of card data by server-based applications (e.g., e-wallets); - cardholder-activated, secure PIN entry devices deployed by financial institutions .

GB/T 21078.3-2011 history

2011 GB/T 21078.3-2011 Banking.Personal identification number (PIN) management and security.Part 3: Guidelines for PIN handling in open networks