ISO 9564-1:2017 pdf free
ISO 9564-1:2017 pdf free.Financial services一Personal Identification Number (PIN) management and security
Methods used for the issuance and delivery of the PIN to the cardholder shall comply with the following basic requirements.
a) The plain text PIN shall never be transmitted over communications lines outside of a secure environment as specified in ISO 13491-2:2017, H.5, unless there is no feasible way in which the PIN could be related to the cardholder, the cardholder’s account or card.
b) The PIN shall never be known to, or accessible by, any employee or agent of the institution, not even in the PIN issuing process.
c) All PIN issuance functions involving issuer personnel (including their agents) shall be under dual control.
d) At no point in the delivery process shall the PIN appear in plain text where it can be associated with a customer’s account, primary account number (PAN) or PAN Token.
e) The PIN shall never be retrieved and deciphered or regenerated for recording, processing,displaying or printing, except for presentation to the cardholder in a manner that ensures the secrecy of the PIN (e.g. a PIN mailer implemented in accordance with 8.11 or personal secure cryptographic device with display capability).
f) Where it is necessary, for the purposes of preparing the PIN for delivery to the cardholder, for the PIN to exist as plain text outside of a secure cryptographic device (e.g. PIN mailer printing), then it shall exist in that condition for the minimum period of time necessary and it shall be contained within a secure environment as specified in ISO 13491-2:2016, H.5.
PIN selection by mail shall only be accomplished by the use of a form containing a control number and space for a selected PIN. The control number shall not disclose the account number. Any cryptographic key used to generate a control number shall not be used for any other purpose and shall be managed in accordance with ISO 11568 (all parts). The completed form shall not contain any information which relates the PIN to the customer’s name, address or account number. The following procedures shall apply.ISO 9564-1 pdf free download.
