UNLIMITED FREE
ACCESS
TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

ISO FDIS 9564-4

Financial services - Personal Identification Number (PIN) management and security - Part 4: Requirements for PIN handling in eCommerce for Payment Transactions

inactive
Buy Now
Organization: ISO
Publication Date: 23 November 2015
Status: inactive
Page Count: 22
ICS Code (IT applications in banking): 35.240.40
scope:

This part of ISO 9564 provides requirements for the use of personal identification numbers (PIN) in eCommerce. The PINs in scope are the same cardholder PINs used as a means of cardholder verification in card-based financial transactions; notably, automated teller machine (ATM) systems, point-of-sale (POS) terminals, automated fuel dispensers, and vending machines.

It is applicable to financial card-originated transactions requiring verification of the PIN and to those organizations responsible for implementing techniques for the management of the PIN in eCommerce.

The provisions of this part of ISO 9564 are not intended to cover:

- Passwords, passcodes, pass phrases and other shared secrets used for customer authentication in online banking, telephone banking, digital wallets, mobile payment etc.

- Management of cardholder PINs for use as a means of cardholder verification in retail banking systems in, notably, automated teller machine (ATM) systems, point-of-sale (POS) terminals, automated fuel dispensers, vending machines, banking kiosks and PIN selection/change systems, which are covered in ISO 9564-1,  PIN selection and change, which are covered in ISO 9564-1,

- card proxies such as mobile phones or key fobs,

- approved algorithms for PIN encipherment, which are covered in ISO 9564-2,

- the protection of the PIN against loss or intentional misuse by the customer or authorised employees of the issuer or their agents,

- privacy of non-PIN transaction data,

- protection of transaction messages against alteration or substitution, e.g. an online authorisation response,

- protection against replay of the transaction,  functionality of devices used for PIN entry which is related to issuer functions other than PIN entry

- specific key management techniques,

- access to, and storage of, card data other than the PIN by applications such as wallets.

Document History

ISO FDIS 9564-4
November 23, 2015
Financial services - Personal Identification Number (PIN) management and security - Part 4: Requirements for PIN handling in eCommerce for Payment Transactions
This part of ISO 9564 provides requirements for the use of personal identification numbers (PIN) in eCommerce. The PINs in scope are the same cardholder PINs used as a means of cardholder...
March 15, 2004
Banking - Personal Identification Number (PIN) management and security - Part 4: Guidelines for PIN handling in open networks
A description is not available for this item.

References

Advertisement