scope:

This part of ISO 9564 specifies the basic principles and techniques which provide the minimum security measures required for effective international PIN management. These measures are applicable to those institutions responsible for implementing techniques for the management and protection of PINs during their creation, issuance, usage and deactivation. This part of ISO 9564 is applicable to the management of cardholder PINs that will be used as a means of cardholder verification in retail banking systems in, but not limited to, ATM, POS, automated fuel dispensers, vending machines, banking kiosks and PIN selection/change systems. It is applicable to issuer and interchange environments. The provisions of this part of ISO 9564 are not intended to cover: a) PIN management and security in open networks and personal devices e.g., mobile phones, which are covered in ISO/TR 9564-4; b) the protection of the PIN against loss or intentional misuse by the customer; c) privacy of non-PIN transaction data; d) protection of transaction messages against alteration or substitution; e) protection against replay of the PIN or transaction; f) specific key management techniques; g) contactless IC cards; h) requirements specifically associated with securing multi-application functionality in IC cards.