• Shopping Cart
    There are no items in your cart

AS 2805.3.2-2008

Current

Current

The latest, up-to-date edition.

Electronic funds transfer - Requirements for interfaces PIN management and security - Offline (Reconfirmed 2019)

Available format(s)

Hardcopy , PDF 1 User , PDF 3 Users , PDF 5 Users , PDF 9 Users

Language(s)

English

Published date

07-04-2008

€32.89
Excluding VAT

1 - AS 2805.3.2-2008 ELECTRONIC FUNDS TRANSFER-REQUIREMENTS FOR INTERFACES - PIN MANAGEMENT AND SECURITY-OFFLINE
4 - PREFACE
6 - CONTENTS
7 - FOREWORD
8 - 1 SCOPE
8 - 2 APPLICATION
9 - 3 REFERENCED DOCUMENTS
9 - 4 DEFINITIONS
9 - 4.1 Acquirer
9 - 4.2 Cipher text
9 - 4.3 Encipherment
9 - 4.4 Encryption algorithm
9 - 4.5 Integrated Circuit Card (ICC)
9 - 4.6 Personal identification number (PIN)
9 - 4.7 PIN block
9 - 4.8 Plain text
10 - 5 BASIC PRINCIPLES OF PIN MANAGEMENT
10 - 6 PIN PROTECTION DURING TRANSMISSION BETWEEN PED AND ICC READER
11 - 7 SECURITY REQUIREMENTS
12 - 8 PIN BLOCK FORMAT
12 - 8.1 General
12 - 8.2 Format 2 PIN block
12 - 9 PHYSICAL SECURITY
12 - 9.1 Physical security for PIN entry devices
12 - 9.2 Physically secure device
13 - 9.3 Physically secure environment
13 - 9.4 PIN entry device requirements

Specifies requirements for addressing offline PIN management using IC cards.

Committee
IT-005
DocumentType
Standard
ISBN
0 7337 8545 X
Pages
6
ProductNote
Reconfirmation Notice 28/06/2019 Reconfirmed 28/06/2019.
This standard has been reconfirmed in Australia in 2019 and remains current in New Zealand.
PublisherName
Standards Australia
Status
Current
Supersedes

This Standard specifies the minimum security measures required for PIN management in an off-line environment. It is applicable to financial transaction card originated transactions requiring offline PIN verification by an IC card and to those institutions responsible for implementing techniques for the management and protection of the PIN at Automated Teller Machines (ATM) and Point-of-Sale (POS) terminals. The provisions of this part of AS 2805.3 are not intended to cover:(a) PIN management and security in the online PIN environment, which is covered in AS 2805.3.1.(b) The protection of the PIN against loss or intentional misuse by the customer or authorized employees of the issuer or their agents.(c) Privacy of non-PIN transaction data.(d) Protection of transaction messages against alteration or substitution, e.g. an online authorisation response.(e) Protection against replay of the PIN or transaction.(f) Specific key management techniques.(g) The decision as to whether the IC card is to receive the PIN enciphered.(h) Contactless IC cards. Requirements associated with multi-application IC cards are considered to be the responsibility of the issuer and are not included in this Standard. This Standard is described in terms applicable to IC card technology, however this language is not meant to restrict the applicability of this part to IC card technology.

Originated as part of AS 2805.3-1985.
Previous edition part of AS 2085.3-2000.
Revised in part and redesignated AS 2805.3.2-2008.

AS 2805.14.1-2000 Electronic funds transfer - Requirements for interfaces Secure cryptographic devices (retail) - Concepts, requirements and evaluation methods
AS 2805.3.1-2008 Electronic funds transfer - Requirements for interfaces PIN management and security - General (Reconfirmed 2019)
AS 2805.14.2-2003 Electronic funds transfer - Requirements for interfaces Secure cryptographic devices (retail) - Security compliance checklists for devices used in magnetic stripe card systems

AS 2805.3.1-2008 Electronic funds transfer - Requirements for interfaces PIN management and security - General (Reconfirmed 2019)
AS 2805.6.7-2011 Electronic funds transfer - Requirements for interfaces Key management - Transaction keys - Derived unique key per transaction (DUKPT) (Reconfirmed 2023)

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.