Hubbry Logo
ISO 9564ISO 9564Main
Open search
ISO 9564
Community hub
ISO 9564
logo
7 pages, 0 posts
0 subscribers
Be the first to start a discussion here.
Be the first to start a discussion here.
ISO 9564
ISO 9564
ISO 9564
View on Wikipedia
from Wikipedia

ISO 9564 is an international standard for personal identification number (PIN) management and security in financial services.

The PIN is used to verify the identity of a customer (the user of a bank card) within an electronic funds transfer system, and (typically) to authorize the transfer or withdrawal of funds. Therefore, it is important to protect PINs against unauthorized disclosure or misuse. Modern banking systems require interoperability between a variety of PIN entry devices, smart cards, card readers, card issuers, acquiring banks and retailers – including transmission of PINs between those entities – so a common set of rules for handling and securing PINs is required, to ensure both technical compatibility and a mutually agreed level of security. ISO 9564 provides principles and techniques to meet these requirements.

ISO 9564 comprises three parts,[Note 1] under the general title of Financial services — Personal Identification Number (PIN) management and security.

Part 1: Basic principles and requirements for PINs in card-based systems

[edit]

ISO 9564-1:2011[1] specifies the basic principles and techniques of secure PIN management. It includes both general principles and specific requirements.

Basic principles

[edit]

The basic principles of PIN management include:

  • PIN management functions shall be implemented in software and hardware in such a way that the functionality cannot be modified without detection, and that the data cannot be obtained or misused.
  • Encrypting the same PIN with the same key but for a different bank account shall not predictably give the same cipher text.
  • Security of the PIN encryption shall depend on secrecy of the key, not secrecy of the algorithm.
  • The PIN must always be stored encrypted or physically secured.
  • Only the customer (i.e. the user of a card) and/or authorized card issuer staff shall be involved with PIN selection or issuing. Where card issuer staff are involved, appropriate strictly enforced procedures shall be used.
  • A stored encrypted PIN shall be protected from substitution.
  • A PIN shall be revoked if it is compromised, or suspected to be.
  • The card issuer shall be responsible for PIN verification.
  • The customer shall be advised of the importance of keeping the PIN secret.

PIN entry devices

[edit]

The standard specifies some characteristics required or recommended of PIN entry devices (also known as PIN pads), i.e. the device into which the customer enters the PIN, including:

  • All PIN entry devices shall allow entry of the digits zero to nine. Numeric keys may also have letters printed on them, e.g. as per E.161. These letters are only for the customers' convenience; internally, the PIN entry device only handles digits. (E.g. the standard does not support multi-tap or similar.) The standard also recommends that customers should be warned that not all devices may have letters.
  • The PIN entry device shall be physically secured so that it is not feasible to modify its operation or extract PINs or encryption keys from it.
  • The PIN entry device should be designed or installed so as to prevent other people from observing the PIN as it is entered.
  • The keyboard layout should be standardized, with consistent and unambiguous labels for function keys, such as "enter", "clear" (this entry) and "cancel" (the transaction). The standard also recommends specific colours for function keys: green for "enter", yellow for "clear", red for "cancel".

Smart card readers

[edit]

A PIN may be stored in a secure smart card, and verified offline by that card. The PIN entry device and the reader used for the card that will verify the PIN may be integrated into a single physically secure unit, but they do not need to be.

Additional requirements that apply to smart card readers include:

  • The card reader should be constructed in such a way as to prevent someone monitoring the communications to the card by inserting a monitoring device into the card slot.
  • If the PIN entry device and the card reader are not both part of an integrated secure unit, then the PIN shall be encrypted while it is transmitted from the PIN entry device to the card reader.

Other specific PIN control requirements

[edit]

Other specific requirements include:

  • All hardware and software used for PIN processing shall be implemented such that:
    • Their correct functioning can be assured.
    • They cannot be modified or accessed without detection.
    • The data cannot be inappropriately accessed, modified or misused.
    • The PIN cannot be determined by a brute-force search.
  • The PIN shall not be communicated verbally. In particular bank personnel shall never ask the customer to disclose the PIN, nor recommend a PIN value.
  • PIN encryption keys should not be used for any other purpose.

PIN length

[edit]

The standard specifies that PINs shall be from four to twelve digits long, noting that longer PINs are more secure but harder to use. It also suggests that the issuer should not assign PINs longer than six digits.

PIN selection

[edit]

There are three accepted methods of selecting or generating a PIN:

assigned derived PIN
The card issuer generates the PIN by applying some cryptographic function to the account number or other value associated with the customer.
assigned random PIN
The card issuer generates a PIN value using a random number generator.
customer selected PIN
The customer selects the PIN value.

PIN issuance and delivery

[edit]

The standard includes requirements for keeping the PIN secret while transmitting it, after generation, from the issuer to the customer. These include:

  • The PIN is never available to the card issuing staff.
  • The PIN can only be displayed or printed for the customer in an appropriately secure manner. One method is a PIN mailer, an envelope designed so that it can be printed without the PIN being visible (even at printing time) until the envelope is opened. A PIN mailer must also be constructed so that any prior opening will be obvious to the customer, who will then be aware that the PIN may have been disclosed.
  • The PIN shall never appear where it can be associated with a customer's account. For example, a PIN mailer must not include the account number, but only sufficient information for its physical delivery (e.g. name and address). The PIN and the associated card shall not be mailed together, nor at the same time.

PIN encryption

[edit]

To protect the PIN during transmission from the PIN entry device to the verifier, the standard requires that the PIN be encrypted, and specifies several formats that may be used. In each case, the PIN is encoded into a PIN block, which is then encrypted by an "approved algorithm", according to part 2 of the standard).

The PIN block formats are:

Format 0
[edit]

The PIN block is constructed by XOR-ing two 64-bit fields: the plain text PIN field and the account number field, both of which comprise 16 four-bit nibbles.

The plain text PIN field is:

  • one nibble with the value of 0, which identifies this as a format 0 block
  • one nibble encoding the length N of the PIN
  • N nibbles, each encoding one PIN digit
  • 14−N nibbles, each holding the "fill" value 15 (i.e. 11112)

The account number field is:

Format 1
[edit]

This format should be used where no PAN is available. The PIN block is constructed by concatenating the PIN with a transaction number thus:

  • one nibble with the value of 1, which identifies this as a format 1 block
  • one nibble encoding the length N of the PIN
  • N nibbles, each encoding one PIN digit
  • 14−N nibbles encoding a unique value, which may be a transaction sequence number, time stamp or random number
Format 2
[edit]

Format 2 is for local use with off-line systems only, e.g. smart cards. The PIN block is constructed by concatenating the PIN with a filler value thus:

  • one nibble with the value of 2, which identifies this as a format 2 block
  • one nibble encoding the length N of the PIN
  • N nibbles, each encoding one PIN digit
  • 14−N nibbles, each holding the "fill" value 15 (i.e. 11112)

(Except for the format value in the first nibble, this is identical to the plain text PIN field of format 0.)

Format 3
[edit]

Format 3 is the same as format 0, except that the "fill" digits are random values from 10 to 15, and the first nibble (which identifies the block format) has the value 3.

Extended PIN blocks
[edit]

Formats 0 to 3 are all suitable for use with the Triple Data Encryption Algorithm, as they correspond to its 64-bit block size. However the standard allows for other encryption algorithms with larger block sizes, e.g. the Advanced Encryption Standard has a block size of 128 bits. In such cases the PIN must be encoding into an extended PIN block, the format of which is defined in a 2015 amendment to ISO 9564-1.[2]

Part 2: Approved algorithms for PIN encipherment

[edit]

ISO 9564-2:2014[3] specifies which encryption algorithms may be used for encrypting PINs. The approved algorithms are:

Part 3 (withdrawn)

[edit]

ISO 9564-3 Part 3: Requirements for offline PIN handling in ATM and POS systems,[4] most recently published in 2003, was withdrawn in 2011 and its contents merged into part 1.

Part 4: Requirements for PIN handling in eCommerce for Payment Transactions

[edit]

ISO 9564-4:2016[5] defines minimum security requirements and practices for the use of PINs and PIN entry devices in electronic commerce.

Notes

[edit]

References

[edit]
[edit]
Revisions and contributorsEdit on WikipediaRead on Wikipedia

ISO 9564

View on Grokipedia
from Grokipedia
ISO 9564 is a series of international standards developed by the (ISO) that specify the minimum security measures, principles, and techniques required for the effective management and security of Personal Identification Numbers (PINs) in , particularly within card-based retail banking systems such as automated teller machines (ATMs) and point-of-sale (POS) terminals. These standards apply to both issuer and interchange environments, focusing on PIN creation, issuance, usage, protection, and deactivation to mitigate risks in transactions. The core document, ISO 9564-1:2017, outlines the foundational requirements for PIN handling in card-based systems, excluding aspects such as non-persistent cryptographic environments, customer misuse prevention, and specific key management protocols, which are addressed elsewhere in related ISO standards like ISO 13491 or ISO 16609. Developed under the ISO/TC 68/SC 2 committee for , this part emphasizes cryptographic protection during PIN entry and transmission to ensure and in international financial transactions. Subsequent editions, including amendments up to 2015, have refined these principles to align with evolving threats in . The ISO 9564 series extends beyond basic principles through additional parts that address specialized aspects of PIN security. ISO 9564-2:2025 details approved algorithms for the encipherment of PINs, ensuring robust cryptographic methods for protecting PIN data during processing and storage. ISO 9564-4:2016 provides requirements for PIN entry devices specifically in environments, focusing on secure virtual and remote PIN input to support online . ISO 9564-5:2025 specifies cryptographic methods for PIN generation, reference PIN changes, and transaction PIN verification, offering recommendations for maintaining security throughout the PIN lifecycle. Together, these parts form a comprehensive framework for global PIN security, influencing standards in industries and helping to standardize protections against and unauthorized access.

Overview

Scope and Purpose

ISO 9564 is a series of international standards developed by the International Organization for Standardization's Technical Committee ISO/TC 68, Subcommittee SC 2, focusing on (PIN) management and security within and payment systems. These standards outline foundational security practices to safeguard sensitive PIN data throughout its lifecycle in financial transactions. Recent parts, such as ISO 9564-2:2025 and ISO 9564-5:2025, further specify approved algorithms and cryptographic methods for PIN encipherment, generation, and verification, enhancing the series' applicability to contemporary financial systems. The primary purpose of ISO 9564 is to establish basic principles, techniques, and minimum security requirements for protecting PINs against compromise during processes such as creation, issuance, transmission, verification, usage, and deactivation, particularly in card-based and related electronic environments. It addresses vulnerabilities in retail financial operations by promoting consistent, secure handling protocols that mitigate risks like unauthorized access or interception. This series complements other security frameworks, such as ISO 11568 for in . The standards apply to issuer, acquirer, and interchange environments in , encompassing devices and systems like automated teller machines (ATMs), point-of-sale (POS) terminals, automated fuel dispensers, vending machines, banking kiosks, and PIN selection or change mechanisms where persistent cryptographic relationships exist between transaction-origination devices and acquirers. However, ISO 9564 excludes non-PIN authentication methods, such as or passwords, as well as scenarios involving PIN loss or misuse by customers, non-PIN transaction data , message alteration, replay attacks, specific techniques, offline PIN verification in contactless devices, and multi-application card (ICC) functionality. By standardizing PIN block formats—such as ISO formats 0 through 4—ISO 9564 plays a critical role in enhancing financial security, helping to prevent fraud in ATMs, POS terminals, and eCommerce transactions through uniform encryption and data structuring practices that ensure PIN integrity during interchange. This standardization fosters interoperability and trust across global payment ecosystems while establishing scalable defenses against evolving threats.

Key Concepts

ISO 9564 defines a (PIN) as a numeric code, typically consisting of four to twelve digits, used in to verify the identity of a cardholder during transactions. The PIN serves as a secret shared between the cardholder and the issuing , enabling without revealing sensitive card data. A PIN block is an 8-byte (64-bit) formatted structure that encapsulates the PIN, along with optional account-related data or padding, for secure transmission between systems; it is constructed to ensure the PIN remains protected during exchange. The terms "clear PIN" and "enciphered PIN" refer to the unencrypted and encrypted forms of the PIN, respectively, with the standard mandating that clear PINs never be transmitted unprotected and must be immediately converted to enciphered form using approved methods. The standard specifies several PIN block formats to accommodate different scenarios, each beginning with a 4-bit identifier followed by a PIN (indicating 4 to 12 digits) and the PIN digits encoded in . Format 0, also known as the IBA format, uses identifier 0; it includes the rightmost 12 digits of the Primary Account Number (PAN) XORed with the PIN digits, padded on the right with hexadecimal 'F' if the PIN is shorter than 12 digits, making it suitable for environments where PAN data is available. Format 1, with identifier 1, is designed for PAN-less operations; the PIN digits occupy the remaining space after the , padded with random hexadecimal values (0-F) to enhance security against known-plaintext attacks. Format 3, identified by 3, mirrors Format 0 in incorporating PAN data via XOR but uses random padding instead of 'F' for added protection in secure messaging protocols. Format 4 is an extended PIN block format consisting of two 128-bit fields—a PIN field and a PAN field—for use with 128-bit block ciphers such as AES. It supports PIN s of 4 to 12 digits. The PIN field begins with a 4-bit control value of 0100 (identifier 4), followed by a 4-bit PIN , the PIN digits, fill digits 'A' (binary 1010) if needed, and random data to complete 128 bits. The PAN field includes a 4-bit indicator (0 for 12 digits, up to 7 for 19 digits), followed by the right-justified PAN digits with left padding of zeros if shorter than 12 digits. The clear PIN block is formed by XORing the two fields before encipherment. ISO 9564 distinguishes between types of PINs based on their verification method and purpose. An online PIN is transmitted to a remote host for verification against a reference value, enabling centralized across networks. In contrast, an offline PIN is verified locally on the terminal or card device, comparing the entered value directly to a stored version without network involvement, which is common in point-of-sale environments with limited connectivity. A reference PIN represents the master or original PIN generated and stored securely by the , serving as the baseline for all derivations. A transaction PIN, meanwhile, is a derived or temporary variant created from the reference PIN for specific uses, such as one-time authorizations, to limit exposure of the primary value. These types align with basic principles, such as a minimum PIN of four digits to balance and . The core security objectives of ISO 9564 center on ensuring , , and of PIN data across its entire lifecycle—from generation and personalization to verification and retirement. prevents unauthorized disclosure by requiring of PINs in transit and storage, while safeguards against alteration through validated block formats and . verifies the cardholder's identity while protecting the PIN from misuse, with the standard emphasizing protection against at every stage to maintain trust in financial systems.

History and Development

Origins and Evolution

ISO 9564 originated in the late amid the rapid proliferation of automated teller machines (s) and systems, which necessitated standardized global security measures for personal identification numbers (PINs) to mitigate risks in . As magnetic stripe cards and ATM networks expanded internationally following ISO efforts in the , the need for uniform PIN management principles became critical to ensure secure handling across borders. The standard was developed by ISO Technical Committee 68 (Banking, securities and other ) and Sub-Committee 2 (), culminating in its first publications in December 1991 as ISO 9564-1 (basic principles for PINs in card-based systems) and ISO 9564-2 (algorithms for PIN encipherment). These initial parts focused on fundamental PIN handling and encryption to protect against unauthorized disclosure and misuse throughout the PIN lifecycle. The standard evolved into a comprehensive multipart structure to address specialized domains within PIN . By 2003, ISO 9564-3 was introduced to cover offline PIN handling in ATMs and point-of-sale (POS) systems, integrating requirements for non-real-time verification scenarios. This expansion continued with ISO 9564-4 in 2016, targeting PIN in eCommerce environments, and further diversified the series to accommodate emerging transaction types. In 2025, Part 5 was added to specify advanced cryptographic methods for PIN generation, change, and verification, reflecting ongoing adaptations to modern encryption needs. This development was driven by escalating financial fraud concerns, prompting alignments with complementary standards such as for chip card transactions and PCI PIN Security Requirements, which mandate ISO 9564 compliance for PIN block formats and encryption. Additionally, international collaboration, including identical adoptions by ANSI X9.8 for U.S. , facilitated and broader implementation. These factors ensured ISO 9564's role as a foundational framework for secure PIN practices amid evolving payment ecosystems.

Revisions Across Editions

The ISO 9564 series has undergone several revisions to address evolving needs in PIN management for . Part 1, focusing on basic principles for card-based PIN systems, saw its second edition published in 2002, establishing foundational requirements for PIN handling and . The third edition in 2011 merged content from the withdrawn Part 3 on offline PIN handling, reflecting a shift toward integrated verification processes in modern banking environments. The fourth edition, released in 2017 and confirmed current through systematic review in 2023, introduced updates for extended PIN blocks supporting lengths up to 12 digits via new formats like Format 4, alongside enhanced requirements for PIN entry devices, including tamper-resistant hardware and authorized personnel management for device operations. Part 2, which specifies approved for PIN encipherment, progressed with its second edition in 2005, incorporating approval for (3DES) as a strengthened symmetric over single DES. The third edition followed in 2014 with technical refinements to algorithm usage. The fourth edition, published in August 2025, added support for AES-256 as a preferred symmetric algorithm and removed deprecated options like single DES, enhancing resistance to emerging threats including potential quantum computing attacks through longer key lengths. Part 4, addressing PIN handling in , was initially developed as a (ISO/TR 9564-4:2004) before its first formal edition in March 2016, which outlined requirements for secure PIN verification in online payment transactions while excluding specifics covered elsewhere in the series. Part 5 represents a new addition to the series, with its first edition published in October 2025, introducing standardized cryptographic methods for PIN generation, reference PIN changes, and transaction PIN verification using approved encryption, CMAC, and techniques aligned with Part 1 principles. Across editions, revisions have aligned the standard with advancing threats such as shoulder surfing during PIN entry and man-in-the-middle attacks in transmission, emphasizing robust device protections and algorithm updates. The withdrawal of Part 3 in February 2011, due to its obsolescence in increasingly online-dominant systems where offline PIN handling became less prevalent, further streamlined the series by integrating relevant protections into Part 1.

Structure of the Standard

Active Parts Summary

ISO/IEC 9564 consists of several active parts that collectively address the management and of personal identification numbers (PINs) in , ensuring secure handling across various transaction environments. Part 1, published in 2017, specifies the basic principles and techniques for PIN management in card-based systems, such as automated teller machines (ATMs) and point-of-sale (POS) terminals, including requirements for PIN creation, issuance, and verification to maintain minimum measures for international use. Part 2, updated in 2025, defines approved symmetric algorithms for enciphering PIN blocks during transmission, focusing on secure cryptographic protection of PIN data in transit within financial networks. Part 4, issued in 2016, outlines requirements for PIN handling in payment transactions, emphasizing secure entry and verification methods over open networks while aligning with the same cardholder PINs used in traditional card-based verifications. Part 5, released in 2025, details cryptographic methods for PIN generation, reference PIN changes, and transaction verification, applicable to both online and offline environments for authenticating cardholders. These parts interrelate such that Part 1 establishes foundational security rules for PIN operations, Parts 2 and 5 provide the specific technical and cryptographic methods to implement those rules, and Part 4 extends the framework to digital commerce scenarios.

Withdrawn Parts

The ISO 9564 series includes one withdrawn part as of 2025: Part 3, originally published in 2003 and withdrawn on February 7, 2011. ISO 9564-3:2003 established requirements for offline personal identification number (PIN) handling specifically in automated teller machines (ATMs) and point-of-sale (POS) systems, targeting card-originated financial transactions. It outlined minimum security measures to protect PINs during local verification processes, where the PIN is checked without real-time connection to the issuer's host system, thereby reducing risks from unauthorized access or tampering in disconnected environments. Key elements included protocols for offline PIN verification, such as try limits to prevent brute-force attacks, and standardized data interchange formats like the ISO-2 PIN block, which formats the PIN alongside primary account number (PAN) data for secure transmission in offline scenarios. These provisions ensured consistent protection during the encipherment and interchange of PIN data between terminals and cards in low-connectivity settings. The withdrawal of ISO 9564-3 occurred because its content was technically revised and integrated into the third edition of ISO 9564-1:2011, which expanded basic PIN management principles to encompass both handling more comprehensively. This merger reflected the evolving landscape, where verification became predominant, diminishing the standalone need for dedicated offline protocols. Additionally, the widespread adoption of chip card technology, which incorporates dynamic authentication and often prioritizes authorization, further reduced the reliance on traditional offline PIN risks addressed by Part 3. Despite its obsolescence, ISO 9564-3 played a historical role in pre-EMV magnetic stripe systems, providing foundational guidelines for secure offline operations that informed subsequent standards like those in PCI PIN Security Requirements. No other parts of the ISO 9564 series are currently withdrawn.

Part 1: Basic Principles for Card-Based PIN Systems

Fundamental Security Principles

ISO 9564-1:2017 establishes that the fundamental objective of PIN management is to protect the PIN against unauthorized disclosure, , and misuse throughout its entire lifecycle, ensuring the secrecy of the PIN at all times. This principle mandates that PINs must remain confidential and protected from disclosure, with no single individual or entity having unrestricted access to sensitive PIN-related functions or information. To achieve this, dual control is required for and other critical operations, involving two or more separate entities (typically persons) acting in concert to safeguard sensitive materials, such as cryptographic keys, thereby preventing any single point of . Additionally, all PIN handling must occur within secure environments, utilizing secure cryptographic devices (SCDs) that comply with standards like ISO 13491-1, featuring tamper-detection mechanisms that erase secrets upon breach. The lifecycle of a PIN—from creation to deactivation—demands stringent protections at each stage to mitigate risks. PIN creation must employ methods that generate unpredictable values, either randomly or derived from account , while transmission requires encipherment using approved algorithms to prevent . Verification is preferably conducted online to leverage centralized controls, with offline methods restricted to secure cards (ICCs) under specific conditions. Deactivation protocols activate after a limited number of failed attempts, rendering the PIN unusable to thwart brute-force attacks. Risk mitigation forms a core tenet, prohibiting the storage of PINs in form anywhere in the and ensuring that transaction-specific PINs exist only transiently during a single operation. Secure environments using SCDs limit exposure, alongside mandatory of all PIN access and events for . Minimum security measures reinforce these principles, including a limited number of attempts before lockout to balance and protection, the of default or predictable PINs to avoid easy guessing, and the establishment of comprehensive audit trails through journalizing of PIN-related transactions for ongoing monitoring and forensic analysis.

PIN Entry Devices and Readers

PIN entry devices (PEDs), also known as PIN handling devices, are specialized hardware used to securely capture cardholder PINs in systems, including automated teller machines (ATMs) and point-of-sale (POS) terminals. According to ISO 9564-1, PEDs must incorporate tamper-resistant keypads designed to prevent unauthorized observation or interception of PIN entry, with the PIN being immediately enciphered upon completion using approved methods to minimize exposure in cleartext form. These devices shall not visually display entered PIN digits; if a display is present, it may show a string of non-significant symbols, such as asterisks, to provide feedback without compromising . Compliance with PCI PTS (PIN Transaction ) standards is essential for PEDs, ensuring they meet rigorous physical and logical criteria, including resistance to invasive attacks and secure . Smart card readers integrated into PIN systems provide secure interfaces for integrated circuit (chip) cards, enabling offline or online PIN verification while adhering to EMV-compliant protocols. These readers protect against skimming and man-in-the-middle attacks through secure messaging, which encrypts data exchanges between the reader and the card to maintain and during PIN processing. PIN block formats, such as those outlined in ISO 9564, facilitate this secure handling by structuring the PIN data for transmission. ISO 9564-1 provides distinct guidelines for unattended terminals, like ATMs and vending machines, which operate without constant supervision and thus require enhanced physical enclosures to deter tampering, compared to attended POS devices where merchant oversight offers additional protection. Both types must include anti-tampering features, such as epoxy potting of sensitive to obscure internals and provide evidence of intrusion, along with mechanisms that detect attacks and render the device inoperable, zeroizing keys and halting operations. Verification processes in these devices emphasize online transmission of the enciphered PIN to the for , supporting formats 0, 1, 3, and 4 to ensure compatibility and during transit over networks. Error handling for invalid entries includes limiting retry attempts to mitigate brute-force risks, with clear instructions provided to the cardholder without revealing sensitive details.

PIN Management Requirements

ISO 9564-1 establishes specific requirements for the length of Personal Identification Numbers (PINs) used in card-based financial systems to balance and . The standard mandates that a PIN consist of a string of at least four digits and not more than twelve digits, with each digit being one of the decimal numeric characters from zero through nine. This range applies to standard PIN block formats 0 through 3, while Format 4, designed for use with longer block ciphers like AES, extends support to PIN lengths up to 19 digits by incorporating variable-length fields within a 128-bit structure. PIN selection methods under ISO 9564-1 prioritize secrecy and randomness to minimize predictability, with options including assigned derived PINs, assigned random PINs, and customer-selected PINs. An assigned derived PIN is generated by applying an algorithm to the cardholder account number plus a secret offset value, ensuring reproducibility for verification without direct storage of the PIN. Assigned random PINs are produced using a secure random number generator by the issuer, while customer-selected PINs allow the cardholder to choose the value, subject to validation checks. All methods prohibit simple sequences such as 1234, repeated digits like 1111, or patterns derived from easily guessable information like birthdates or telephone numbers to reduce vulnerability to guessing attacks. Issuance and delivery of PINs must employ secure methods to prevent unauthorized disclosure throughout the cardholder's lifecycle. Authorized issuer personnel handle issuance using approved techniques, such as mailing the PIN in a tamper-evident sealed or generating it at an under supervised conditions, with dual custody required for any physical handling to ensure no single individual has complete access. Delivery via mail demands opaque, sealed mailers that are tracked and disposed of securely upon receipt, while customer-selected PINs are conveyed through encrypted channels or in-person verification. Verbal disclosure of PINs is strictly prohibited at all stages, and any waste materials, such as returned mailers, must be destroyed using methods that render them unreadable, such as shredding or . Encryption of PINs is mandatory during transmission between entities to protect against interception, with requirements tailored to the zone. PINs must be enciphered using approved symmetric algorithms and formatted into secure PIN blocks (Formats 0-4) before transmission over open networks. Zone-specific keys, such as zone master keys (ZMK) for inter-zone transfers or local master keys () within a secure zone, are used to manage encryption, ensuring keys are segregated by operational boundaries. These measures integrate with PIN entry devices, such as secure keypads, to facilitate protected input and transmission. The 2017 edition of ISO 9564-1, confirmed current as of 2023, excludes aspects such as non-persistent cryptographic environments, customer misuse prevention, and specific protocols, which are addressed in related standards like ISO 13491 or ISO 16609.

References

  1. https://www.iso.org/standard/68669.html
  2. https://www.iso.org/standard/87565.html
  3. https://www.iso.org/standard/61246.html
  4. https://www.iso.org/standard/86132.html
  5. https://www.iso.org/committee/49670.html
  6. https://www.iso.org/obp/ui/en/#!iso:std:68669:en
  7. https://www.pcisecuritystandards.org/documents/Implementing_ISO_Format_4_PIN_Blocks_Information_Supplement.pdf
  8. https://cdn.standards.iteh.ai/samples/61447/358d47ddfa8e4130bd29aadee6725f67/ISO-9564-1-2011-Amd-1-2015.pdf
  9. https://cdn.standards.iteh.ai/samples/54083/3d15a78459a64ddf9aaca99322409947/ISO-9564-1-2011.pdf
  10. https://jbonneau.com/doc/BPA12-FC-banking_pin_security.pdf
  11. https://www.iso.org/standard/17309.html
  12. https://www.iso.org/standard/17310.html
  13. https://www.iso.org/standard/35124.html
  14. https://img.antpedia.com/standard/files/pdfs_ora/20230612/bs/BS%2520ISO/BS%2520ISO%252009564-4-2016.pdf?v=2.0
  15. https://www.pcisecuritystandards.org/documents/PCI_PIN_Security_Audit_Techniques_v2.pdf
  16. https://webstore.ansi.org/standards/ascx9/ansix92019iso95642017
  17. https://www.iso.org/standard/29374.html
  18. https://www.iso.org/obp/ui/#iso:std:iso:9564:-1:ed-3:v1:en
  19. https://cdn.standards.iteh.ai/samples/68669/821e7ce68bb54054b116a921cac041cb/ISO-9564-1-2017.pdf
  20. https://www.iso.org/standard/36289.html
  21. https://www.iso.org/obp/ui/#iso:std:iso:9564:-2:ed-3:v1:en
  22. https://www.iso.org/obp/ui/en/#!iso:std:87565:en
  23. https://www.iso.org/standard/36761.html
  24. https://knowledge.bsigroup.com/products/iso9564-3-2003-banking-personal-identification-number-management-and-security-part-3-pin-protection-requirements-for-offline-pin-handling-in-atm-and-pos-systems
  25. https://www.iso.org/obp/ui/#iso:std:iso:9564:-1:ed-4:v1:en
  26. https://www.iso.org/obp/ui/en/#%21iso:std:87565:en
  27. https://www.iso.org/obp/ui#%21iso:std:iso:9564:-5:ed-1:v1:en
  28. https://cdn.standards.iteh.ai/samples/35124/9a91c2e71b544b628c89ec79c45ad120/ISO-9564-3-2003.pdf
  29. https://www.iso.org/standard/54083.html
  30. https://www.pcisecuritystandards.org/documents/PCI_PIN_Security_Requirements_v2.pdf
  31. https://law.resource.org/pub/in/bis/S07/is.16005.2.2013.pdf
  32. https://www.pcisecuritystandards.org/documents/PCI_PTS_POI_SRs_v4_Final.pdf
  33. https://www.pcisecuritystandards.org/documents/pci_ped_technical_faqs.pdf
  34. https://www.standards.govt.nz/shop/iso-9564-12017
  35. https://www.sciencedirect.com/science/article/abs/pii/S0167404813001235
  36. https://webstore.ansi.org/preview-pages/ISO/preview_ISO%2B9564-1-2017.pdf
Add your contribution
Related Hubs
User Avatar
No comments yet.