AS 2805.3.2-2008
Current
The latest, up-to-date edition.
Electronic funds transfer - Requirements for interfaces PIN management and security - Offline (Reconfirmed 2019)
Hardcopy , PDF 1 User , PDF 3 Users , PDF 5 Users , PDF 9 Users
English
07-04-2008
Specifies requirements for addressing offline PIN management using IC cards.
Committee |
IT-005
|
DocumentType |
Standard
|
ISBN |
0 7337 8545 X
|
Pages |
6
|
ProductNote |
Reconfirmation Notice 28/06/2019 Reconfirmed 28/06/2019.
This standard has been reconfirmed in Australia in 2019 and remains current in New Zealand. |
PublisherName |
Standards Australia
|
Status |
Current
|
Supersedes |
This Standard specifies the minimum security measures required for PIN management in an off-line environment. It is applicable to financial transaction card originated transactions requiring offline PIN verification by an IC card and to those institutions responsible for implementing techniques for the management and protection of the PIN at Automated Teller Machines (ATM) and Point-of-Sale (POS) terminals. The provisions of this part of AS 2805.3 are not intended to cover:(a) PIN management and security in the online PIN environment, which is covered in AS 2805.3.1.(b) The protection of the PIN against loss or intentional misuse by the customer or authorized employees of the issuer or their agents.(c) Privacy of non-PIN transaction data.(d) Protection of transaction messages against alteration or substitution, e.g. an online authorisation response.(e) Protection against replay of the PIN or transaction.(f) Specific key management techniques.(g) The decision as to whether the IC card is to receive the PIN enciphered.(h) Contactless IC cards. Requirements associated with multi-application IC cards are considered to be the responsibility of the issuer and are not included in this Standard. This Standard is described in terms applicable to IC card technology, however this language is not meant to restrict the applicability of this part to IC card technology.
Originated as part of AS 2805.3-1985.
Previous edition part of AS 2085.3-2000.
Revised in part and redesignated AS 2805.3.2-2008.
AS 2805.14.1-2000 | Electronic funds transfer - Requirements for interfaces Secure cryptographic devices (retail) - Concepts, requirements and evaluation methods |
AS 2805.3.1-2008 | Electronic funds transfer - Requirements for interfaces PIN management and security - General (Reconfirmed 2019) |
AS 2805.14.2-2003 | Electronic funds transfer - Requirements for interfaces Secure cryptographic devices (retail) - Security compliance checklists for devices used in magnetic stripe card systems |
AS 2805.3.1-2008 | Electronic funds transfer - Requirements for interfaces PIN management and security - General (Reconfirmed 2019) |
AS 2805.6.7-2011 | Electronic funds transfer - Requirements for interfaces Key management - Transaction keys - Derived unique key per transaction (DUKPT) (Reconfirmed 2023) |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.