BS ISO 9564-1:2017 pdf free download.Financial services – Personal Identification Number ( PIN ) management and security.
Introduction
A Personal Identification Number (PIN) is used in financial services as one method of cardholder verification.
The objective of PIN management Is to protect the PIN against unauthorized disclosure, compromise and misuse throughout its life cycle and. in so doing, to minimize the risk of fraud occurring within electronic funds transfer (EFT) systems. The secrecy of the PIN needs to be ensured at all times during Its life cycle, which consists of its establishment. issuance, activation, storage, entry, transmission, validation, deactivation and any other use made of it,
In this document, the following terms are used for the types of communication of the PIN.
a) Conveyance: reference PIN to the integrated circuit (IC) card or cardholder selected PIN to the issuer,
b) Delivery: PIN to the cardholder.
c) Transmission: transaction PIN to the issuer or IC reader for subsequent PIN verification.
d) Submission: transaction PIN to the ICC.
PIN security in part depends upon sound key management. Maintaining the secrecy of cryptographic keys Is of the utmost Importance because the compromise of any key allows the compromise of any PIN ever enciphered under it.
PINs can be verified online or offline. Since online PIN verification can be performed Independent of the card itself, any type of payment card or device can be used to Initiate such a transaction. However, there are special card requirements for those cards that perform offline PIN verification on the card itself.
Financial transaction cards with embedded IC can support offline PIN verification using the IC of the card. Issuers can choose whether to have PIN verification performed online or offline. Ofuline PIN verification does not require that a cardholder’s PIN be sent to the Issuer host for verification and so security requirements relating to PIN protection differ from online PIN verification security requirements. However, many general PIN protection principles and techniques are still applicable even though a PIN can be yen lied offl Inc.
BS ISO 9564-1 is designed so that issuers can achieve reasonable assurance that a PIN, while under the control of other institutions, is properly managed. Techniques are given for protecting the PIN-based customer authentication process by safeguarding the PIN against unauthorized disclosure during the PIN’s life cyde.
In ISO 9564-2, approved encipherment algorithms for use in the protection of the PIN are specified.
ISO 9564 is one olseveral series of International Standards which describe requirements for security in the retail banking environment; these include ISO 11568 (all parts), ISO 13491 (all parts) and ISO 16609.
1 Scope
BS ISO 9564-1 specifies the basic principles and techniques which provide the minimum security measures required for effective international PIN management. These measures are applicable to those institutions responsible for implementing techniques for the management and protection of PINs during their creation, issuance, usage and deactivation.
BS ISO 9564-1 is applicable to the management of cardholder PINs for use as a means of cardholder verification in retail banking systems In. notably, automated teller machine (ATM) systems, point- of-sale (POS) terminaLs, automated fuel dispensers, vending machines. banking kiosks and PIN selection/change systems. It is applicable to issuer and interchange environments.
The provisions of BS ISO 9564-1 are not intended to cover:
a) PIN management and security in environments where no persistent cryptographic relationship exists between the transaction-origination device and the acquirer. e.g. use of a browser for online shopping (for these environments, see ISO 9564.4);
b) protection of the PIN against loss or intentional misuse by the customer;
c) privacy of non-PIN transaction data;
d) protection of transaction messages against alteration or substitution;
e) protection against replay of the PIN or transaction;
f) specific key management techniques;
g) off line PIN verification used in contactless devices;
h) requirements specifically associated with PIN management as it relates to multi-application functionality in an ICC.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content constitutes requirements of BS ISO 9564-1. For dated references, only the edition cited applies For undated references, the latest edition of the referenced document (Induding any amendments) applies.
ISO/IEC 7816 (all parts), identification cards — integrated circuit cards
Iso 9564-2 • Financial services — Personal IdentIfication Number (PIN) management and security — Part 2: Approved algorithms for PIN encipherment
ISO 11568 (all parts). Banking — Key management (retail)
8.5.4 PIN change at an unattended terminal
The procedure for PIN change at an unattended terminal shall require the current PIN to be entered and verified before selection and activation of the replacement customer selected PIN.
The entry of the new PIN shall be validated by requiring It to be entered twice and verifying that both entries arc identical. The comparison of the two PIN entries shall be performed in a manner such that no PIN information is exposed.
8.5.5 PIN change by mail
The card issuer shall authenticate the cardholder prior to dispatching the MN change form. The issuer should communicate with the cardholder, notifying them of means of dispatch. Such communications should be performed using the method of record.
The remaining procedure for PIN change by mail shall be the same as specified for PIN selection in 8.4.4. NOTE This process is not suitable for applications where PIN related data needs io be updated on the card.
8.6 PIN replacement
8.6.1 Replacement of forgotten PIN
Replacement of a forgotten PIN shall be performed through the issuer’s system; it shall not be performed In an Interchange environment. The issuer shall authenticate the cardholder prior to issuing a replacement PIN. The procedures used to replace a forgotten PIN shall follow those covered In LI.
8.6.2 Re-advIce of forgotten PIN
Re-advice of a forgotten PIN shall be performed through the issuer’s system; It shall not be performed in an Interchange envlronmenl The issuer shall authenticate the cardholder prior to re’advislng the cardholder of their forgotten PIN. The procedures used to re-advise a customer of their forgotten PIN shall follow those covered In LI.
8.6.3 Replacement of compromised PIN
When a PIN Is believed to have been compromised, It shall be deactivated as soon as possible (see LID) and the customer informed of a replacement value or given the opportunity to select one. A replacement PIN shall not be Intentionally the same as the compromised PIN. Activation ola replacement PIN maybe implicit or explicit (see 8.8),
When an assigned derived PIN is believed to have been exposed. at least one data element used in deriving the PIN shall be changed and a new PIN derived and issued. This may require that any corresponding card be re-issued or re-encoded and that the old card be blocked from use.
8.7 DIsposal of waste material and returned PIN mailers
Issuers shall ensure that adequate security measures are taken over the internal handling and disposal of returned PIN mailers and any waste material associated with the printing of PIN mailers.
Return addresses for card and PIN mailers should be different.
8.8 PIN activation
A PIN may be activated either implicitly or explicitly. Under a system of implicit PIN activation, the Issuer assumes successful PIN delivery, unless advised to the contrary.