AS 2805.3.1-2008
Current
The latest, up-to-date edition.
Electronic funds transfer - Requirements for interfaces PIN management and security - General (Reconfirmed 2019)
Hardcopy , PDF 1 User , PDF 3 Users , PDF 5 Users , PDF 9 Users
04-04-2008
Specifies the minimum security measures required for effective pin management.
Committee |
IT-005
|
DocumentType |
Standard
|
ISBN |
0 7337 8613 8
|
Pages |
25
|
ProductNote |
Reconfirmation Notice 28/06/2019 Reconfirmed 28/06/2019.
This standard has been reconfirmed in Australia in 2019 and remains current in New Zealand. |
PublisherName |
Standards Australia
|
Status |
Current
|
Supersedes |
This Standard specifies the minimum security measures required for effective PIN management. Standard means of interchanging PIN data are provided. This Standard does not cover the following:(a) rotection of the PIN against loss or intentional misuse by the customer or authorized employees of the issuer.(b) Privacy of non-PIN transaction data (see AS 2805.9).(c) Protection of transaction messages against alteration or substitution, e.g. an authorization response to a PIN verification (see AS 2805.4.1).(d) Protection against replay of the PIN or transaction.(e) Specific key management techniques (see AS 2805.6 series).(f) PIN management and security for transactions in which the PIN is locally verified by an integrated circuit card.(g) The use of asymmetric encipherment algorithms for PIN management.NOTES:1 For a detailed discussion on the need for PIN protection, see Appendix A.2 Further information on PIN management for security is given in Appendices A and C.
Originated as part of AS 2805.3-1985.
Previous edition part of AS 2805.3-2000.
Revised in part and redesignated as AS 2805.3.1-2008.
Reissued incorporating Amendment No. 1 (February 2011).
AS 3523.2-1998 | Identification cards - Identification of issuers - Application and registration procedures |
AS 3523.3-2000 | Identification cards - Identification of issuers Australian national numbering system and registration procedures (Reconfirmed 2013) |
AS 2805.5.4-2000 | Electronic funds transfer - Requirements for interfaces Ciphers - Data encipherment algorithm 3 (DEA 3) and related techniques |
AS 2805.9-2000 | Electronic funds transfer - Requirements for interfaces Privacy of communications (Reconfirmed 2013) |
AS 2805.3.2-2008 | Electronic funds transfer - Requirements for interfaces PIN management and security - Offline (Reconfirmed 2019) |
AS 2805.14.2-2003 | Electronic funds transfer - Requirements for interfaces Secure cryptographic devices (retail) - Security compliance checklists for devices used in magnetic stripe card systems |
AS 3523.1-2006 | Identification cards - Identification of issuers Numbering system |
AS 2805.14.1-2000 | Electronic funds transfer - Requirements for interfaces Secure cryptographic devices (retail) - Concepts, requirements and evaluation methods |
AS 2805.4.1-2001 | Electronic funds transfer - Requirements for interfaces Message authentication - Mechanisms using a block cipher (Reconfirmed 2016) |
AS 2805.6.7-2011 | Electronic funds transfer - Requirements for interfaces Key management - Transaction keys - Derived unique key per transaction (DUKPT) (Reconfirmed 2023) |
AS 2805.3.2-2008 | Electronic funds transfer - Requirements for interfaces PIN management and security - Offline (Reconfirmed 2019) |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.