News Ποιότητα ISO standard makes sure that PINs are secure
ISO standard makes sure that PINs are secure PDF Print E-mail
Wednesday, 04 May 2011 14:35
piniso9564

ISO 9564-1:2011, Financial services - Personal Identification Number (PIN) management and security - Part 1: Basic principles and requirements for PINs in card-based systems, specifies principles and techniques that provide the minimum security measures required for effective international PIN management. These measures are applicable to institutions responsible for the management and protection of PINs during their creation, issuance, usage and deactivation.

Online and offline PIN verification may have very different security requirements. Since online PINs can be verified independent of the card itself, any type of payment card or device can be used to initiate a transaction. However, there are special requirements for cards used in offline verifications. In particular because the latter type does not require that a cardholder's PIN be sent to the issuer host for verification.

This part of ISO 9564 is designed so that issuers can uniformly make certain that a PIN, while under the control of other institutions, is properly managed. Techniques are given for protecting the PIN-based customer authentication process throughout its life cycle.

Source: ISO