UNLIMITED FREE ACCESS TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

- Trained on our vast library of engineering resources.

ISO DIS 9564-5

Financial services — Personal Identification Number (PIN) management and security — Part 5: Methods for the generation, change, and verification of PINs and card security data using the advanced encryption standard

active, Most Current
Buy Now
Organization: ISO
Publication Date: 14 April 2021
Status: active
Page Count: 18
ICS Code (IT applications in banking): 35.240.40
scope:

This document provides requirements and guidance for methods of Issuer PIN Management using AES. It additionally defines a method for generating and verifying Card Security Codes using AES.

The processes defined in this Standard (in order as presented) are:

- PIN Generation

- PIN Change

- PIN Verification

- Generation and Verification of Card Security Code

All AES key lengths (128 bits, 192 bits and 256 bits) are acceptable for this Standard

Within this document, references to CMAC refer to algorithm 5 in ISO/IEC 9797-1 used with AES.

Assigned derived PINS, where PINs are derived from PANs and customer selection is supported by means of offsets, are not prohibited but are not recommended and so an AES-based method for this approach is not specified in this standard. One reason for not recommending this approach is that with this approach if a user PIN is discovered by a fraudster (along with non-secret PIN verification data) then to recover PIN security the card must be reissued with a new PAN.

Document History

ISO DIS 9564-5
April 14, 2021
Financial services — Personal Identification Number (PIN) management and security — Part 5: Methods for the generation, change, and verification of PINs and card security data using the advanced encryption standard
This document provides requirements and guidance for methods of Issuer PIN Management using AES. It additionally defines a method for generating and verifying Card Security Codes using AES. The...

References

Advertisement