Home>ISO Standards>BS ISO 9564-4:2016 pdf free

BS ISO 9564-4:2016 pdf free

BS ISO 9564-4:2016 pdf free.Financial services一Personal Identification Number (PIN) management and security
In eCommerce, the cardholder and the merchant are not typically in the same location at the time of payment. eCommerce occurs in an open network environment and the cardholder uses a network access device (NAD) to perform an eCommerce transaction. In the open network environment, the NAD may initiate a transaction with any open-network-connected merchant. In eCommerce, the device into which the PIN is entered might not be under the control of the merchant or the merchant’s acquirer.
FSPEDs that support software updates shall have a cryptographic relationship with the card issuer but the associated cryptographic keys shall not be used for PIN encipherment. The device shall only apply software updates that it has cry ptographically authenticated and shall ensure that the software updates are applied in the correct order (an older update cannot be applied after a newer one has
already been applied).
An FSPED shall contain a contact IC reader for communication with an IC card. The device shall also contain a keypad for PIN entry and a display screen.
Following entry of a PIN (which may be verified by the IC card), the FSPED interacts with the IC card to produce an OTT for subsequent verification by the issuer. The IC card generates a cry ptographic value. This value may be used directly as the OTT or the FSPED may format this value to an OTT (e.g. by decimalization and/or truncation) that is convenient for a user to enter manually. The OTT is then either entered into or transferred to the NAD as part of the eCommerce transaction and sent to the issuer for verification. In addition to the PIN, solutions may require the entry of other transaction related data into the FSPED before an OTT can be generated. Such transaction related data may be manually entered or transmitted from the NAD to the FSPED. Such transaction details (e.g. amount) should be displayed on the FSPED for the cardholder to verify.BS ISO 9564-4 pdf free.

Related standards