Skip to content
Please enter a keyword to search

  • ISO 9564-1:2017

    Current The latest, up-to-date edition.

    Financial services — Personal Identification Number (PIN) management and security — Part 1: Basic principles and requirements for PINs in card-based systems

    Available format(s):  Hardcopy, PDF, PDF 3 Users, PDF 5 Users, PDF 9 Users

    Language(s):  English

    Published date:  02-11-2017

    Publisher:  International Organization for Standardization

    Add To Cart

    Abstract - (Show below) - (Hide below)

    ISO 9564-1:2017 specifies the basic principles and techniques which provide the minimum security measures required for effective international PIN management. These measures are applicable to those institutions responsible for implementing techniques for the management and protection of PINs during their creation, issuance, usage and deactivation.

    ISO 9564-1:2017 is applicable to the management of cardholder PINs for use as a means of cardholder verification in retail banking systems in, notably, automated teller machine (ATM) systems, point-of-sale (POS) terminals, automated fuel dispensers, vending machines, banking kiosks and PIN selection/change systems. It is applicable to issuer and interchange environments.

    The provisions of ISO 9564-1:2017 are not intended to cover:

    a) PIN management and security in environments where no persistent cryptographic relationship exists between the transaction-origination device and the acquirer, e.g. use of a browser for online shopping (for these environments, see ISO 9564-4);

    b) protection of the PIN against loss or intentional misuse by the customer;

    c) privacy of non-PIN transaction data;

    d) protection of transaction messages against alteration or substitution;

    e) protection against replay of the PIN or transaction;

    f) specific key management techniques;

    g) offline PIN verification used in contactless devices;

    h) requirements specifically associated with PIN management as it relates to multi-application functionality in an ICC.

    General Product Information - (Show below) - (Hide below)

    Committee ISO/TC 68/SC 2
    Development Note Supersedes ISO 9564-3. (02/2011) Supersedes ISO/DIS 9564-1. (11/2017)
    Document Type Standard
    Publisher International Organization for Standardization
    Status Current
    Supersedes

    Standards Referenced By This Book - (Show below) - (Hide below)

    11/30231373 DC : 0 BS ISO 11568-2 - FINANCIAL SERVICES - KEY MANAGEMENT (RETAIL) - PART 2: SYMMETRIC CIPHERS, THEIR KEY MANAGEMENT AND LIFE CYCLE
    14/30265624 DC : 0 BS ISO 9564-4 - FINANCIAL SERVICES - PERSONAL IDENTIFICATION NUMBER (PIN) MANAGEMENT AND SECURITY - PART 4: REQUIREMENTS FOR PIN HANDLING IN ECOMMERCE FOR PAYMENT TRANSACTIONS
    05/30144069 DC : DRAFT DEC 2005 ISO 13491-1 - BANKING - SECURE CRYPTOGRAPHIC DEVICES (RETAIL) - PART 1: CONCEPTS, REQUIREMENTS AND EVALUATION METHODS
    14/30265618 DC : 0 BS ISO 13491-2 - BANKING - SECURE CRYPTOGRAPHIC DEVICES (RETAIL) - PART 2: SECURITY COMPLIANCE CHECKLISTS FOR DEVICES USED IN FINANCIAL TRANSACTIONS
    BS ISO 9564-4:2016 Financial services. Personal Identification Number (PIN) management and security Requirements for PIN handling in eCommerce for Payment Transactions
    PD CR 1750:1999 Identification card systems. Inter-sector messages between devices and hosts. Acceptor to acquirer messages
    ISO 9564-4:2016 Financial services — Personal Identification Number (PIN) management and security — Part 4: Requirements for PIN handling in eCommerce for Payment Transactions
    BIS IS 15256-4 : 2013 BANKING - KEY MANAGEMENT (RETAIL) - PART 4: ASYMMETRIC CRYPTOSYSTEMS - KEY MANAGEMENT AND LIFE CYCLE
    DIN EN 1332-1 E : 2009 IDENTIFICATION CARD SYSTEMS - HUMAN-MACHINE INTERFACE - PART 1: DESIGN PRINCIPLES FOR THE USER INTERFACE
    DIN EN 1332-3 E : 2008 IDENTIFICATION CARD SYSTEMS - MAN-MACHINE INTERFACE - PART 3: KEYPADS
    EN 1332-1:2009 Identification card systems - Human-machine interface - Part 1: Design principles for the user interface
    DIN EN 1332-3:2008-11 IDENTIFICATION CARD SYSTEMS - MAN-MACHINE INTERFACE - PART 3: KEYPADS
    ISO 11568-2:2012 Financial services — Key management (retail) — Part 2: Symmetric ciphers, their key management and life cycle
    ISO 13491-2:2017 Financial services — Secure cryptographic devices (retail) — Part 2: Security compliance checklists for devices used in financial transactions
    BIS IS 14943-1 : 2014 FINANCIAL TRANSACTION CARD ORIGINATED MESSAGES - INTERCHANGE MESSAGE SPECIFICATIONS - PART 1: MESSAGES, DATA ELEMENTS AND CODE VALUES
    ANSI X9.93-1 : 2014 FINANCIAL TRANSACTION MESSAGES - ELECTRONIC BENEFITS TRANSFER (EBT) - PART 1: MESSAGES
    BS ISO 9564-2:2014 Financial services. Personal Identification Number (PIN) management and security Approved algorithms for PIN encipherment
    BS ISO 11568-1:2005 Banking. Key management (retail) Principles
    ISO 13492:2007 Financial services Key management related data element Application and usage of ISO 8583 data elements 53 and 96
    BS ISO 10202-8:1998 Financial transaction cards. Security architecture of financial transaction systems using integrated circuit cards General principles and overview
    04/30104265 DC : DRAFT SEP 2004 ISO 13491-2 - BANKING - SECURE CRYPTOGRAPHIC DEVICES, RETAIL - PART 2: SECURITY COMPLIANCE CHECKLISTS FOR DEVICES USED IN FINANCIAL TRANSACTION ENVIRONMENTS
    02/648262 DC : DRAFT JUN 2002 ISO/IEC FCD 7816-15 - INFORMATION TECHNOLOGY - IDENTIFICATION CARDS - INTEGRATED CIRCUIT(S) CARDS WITH CONTACTS - PART 15: CRYPTOGRAPHIC INFORMATION APPLICATION
    BS ISO 13491-2:2017 Financial services. Secure cryptographic devices (retail) Security compliance checklists for devices used in financial transactions
    I.S. EN ISO 9807:1997 BANKING AND RELATED FINANCIAL SERVICES - REQUIREMENTS FOR MESSAGE AUTHENTICATION (RETAIL)
    BS ISO/IEC 7816-15 : 2016 IDENTIFICATION CARDS - INTEGRATED CIRCUIT CARDS - PART 15: CRYPTOGRAPHIC INFORMATION APPLICATION
    ISO 11568-3:1994 Banking Key management (retail) Part 3: Key life cycle for symmetric ciphers
    NF ISO 13491-1 : 1999 BANKING - SECURE CRYPTOGRAPHIC DEVICES (RETAIL) - CONCEPTS, REQUIREMENTS AND EVALUATION METHODS
    CAN/CSA-ISO/IEC 7816-15:18 Identification cards - Integrated circuit cards - Part 15: Cryptographic information application (Adopted ISO/IEC 7816-15:2016, second edition, 2016-06-15)
    ISO 11568-5:1998 Banking Key management (retail) Part 5: Key life cycle for public key cryptosystems
    I.S. CWA 14174-7:2004 FINANCIAL TRANSACTIONAL IC CARD READER (FINREAD) - PART 7: FINREAD CARD READER APPLICATION PROGRAMMING INTERFACES (APIS)
    DIN EN 1332-1:2009-10 IDENTIFICATION CARD SYSTEMS - HUMAN-MACHINE INTERFACE - PART 1: DESIGN PRINCIPLES FOR THE USER INTERFACE
    BS EN ISO 8583:1995 Financial transaction card originated messages. Interchange message specifications
    UNI EN 1332-3 : 2009 IDENTIFICATION CARD SYSTEMS - MAN-MACHINE INTERFACE - PART 3: KEYPADS
    I.S. EN 1332-3:2008 IDENTIFICATION CARD SYSTEMS - MAN-MACHINE INTERFACE - PART 3: KEYPADS
    I.S. EN 1332-1:2009 IDENTIFICATION CARD SYSTEMS - HUMAN-MACHINE INTERFACE - PART 1: DESIGN PRINCIPLES FOR THE USER INTERFACE
    I.S. EN ISO 8583:1995 FINANCIAL TRANSACTION CARD ORIGINATED MESSAGES - INTERCHANGE MESSAGE SPECIFICATIONS
    BS ISO 11568-5:1998 Banking. Key management (retail) Key life cycle for public key cryptosystems
    14/30293056 DC : 0 BS ISO/IEC 7816-15 - IDENTIFICATION CARDS - INTEGRATED CIRCUIT CARDS - PART 15: CRYPTOGRAPHIC INFORMATION APPLICATION
    ISO/IEC 9995-8:2009 Information technology Keyboard layouts for text and office systems Part 8: Allocation of letters to the keys of a numeric keypad
    ISO 10202-6:1994 Financial transaction cards Security architecture of financial transaction systems using integrated circuit cards Part 6: Cardholder verification
    BS ISO 11568-4:2007 Banking. Key management (retail) Asymmetric cryptosystems. Key management and life cycle
    BS ISO 15668:1999 Banking. Secure file transfer (retail)
    07/30161079 DC : 0 BS EN 14890-1 - APPLICATION INTERFACE FOR SMART CARDS USED AS SECURE SIGNATURE CREATION DEVICES - PART 1: BASIC SERVICES
    07/30160845 DC : 0 BS EN 1332-3 - IDENTIFICATION CARD SYSTEMS - MAN-MACHINE INTERFACE - PART 3: KEY PADS
    BS EN ISO 11568-3:1996 Banking. Key management (retail) Key life cycle for symmetric ciphers
    S.R. CWA 16926-65:2015 EXTENSIONS FOR FINANCIAL SERVICES (XFS) INTERFACE SPECIFICATION RELEASE 3.30 - PART 65: PIN KEYPAD DEVICE CLASS INTERFACE - MIGRATION FROM VERSION 3.20 (CWA 16374) TO VERSION 3.30 (THIS CWA) - PROGRAMMER'S REFERENCE
    S.R. CWA 16374-65:2011 EXTENSIONS FOR FINANCIAL SERVICES (XFS) INTERFACE SPECIFICATION RELEASE 3.20 - PART 65: PIN KEYPAD DEVICE CLASS INTERFACE MIGRATION FROM VERSION 3.10 (CWA 15748) TO VERSION 3.20 (THIS CWA) PROGRAMMER'S REFERENCE
    S.R. CWA 15748-65:2008 EXTENSIONS FOR FINANCIAL SERVICES (XFS) INTERFACE SPECIFICATION - RELEASE 3.10 - PART 65: PIN KEYPAD DEVICE CLASS INTERFACE - MIGRATION FROM VERSION 3.03 (CWA 14050) TO VERSION 3.10 (THIS CWA) - PROGRAMMER'S REFERENCE
    BS ISO 13492:2007 Financial services. Key management related data element. Application and usage of ISO 8583 data elements 53 and 96
    ISO 11568-1:2005 Banking — Key management (retail) — Part 1: Principles
    ISO/IEC 7816-15:2016 Identification cards Integrated circuit cards Part 15: Cryptographic information application
    I.S. EN ISO 11568-1:1997 BANKING - KEY MANAGEMENT (RETAIL) - PART 1: INTRODUCTION TO KEY MANAGEMENT
    I.S. EN ISO 10202-6:1998 FINANCIAL TRANSACTION CARDS - SECURITY ARCHITECTURE OF FINANCIAL TRANSACTION SYSTEMS USING INTEGRATED CIRCUIT CARDS - PART 6: CARDHOLDER VERIFICATION
    EN 1332-3:2008 Identification card systems - Man-machine interface - Part 3: Keypads
    UNI EN 1332-1 : 2010 IDENTIFICATION CARD SYSTEMS - HUMAN- MACHINE INTERFACE - PART 1: DESIGN PRINCIPLES FOR THE USER INTERFACE
    ISO 8583-1:2003 Financial transaction card originated messages — Interchange message specifications — Part 1: Messages, data elements and code values
    DD ENV 13729:2000 Health informatics. Secure user identification. Strong authentication microprocessor cards
    BS ISO 11568-2:2012 Financial services. Key management (retail) Symmetric ciphers, their key management and life cycle
    UNE-EN 1332-1:2010 Identification card systems - Human-machine interface - Part 1: Design principles for the user interface
    ISO 15668:1999 Banking Secure file transfer (retail)
    BS EN ISO 10202-6:1996 Financial transaction cards. Security architecture of financial transaction systems using integrated circuit cards Cardholder verification
    INCITS/ISO/IEC 9995-8 : 1994 INFORMATION TECHNOLOGY - KEYBOARD LAYOUTS FOR TEXT AND OFFICE SYSTEMS - PART 8: ALLOCATION OF LETTERS TO THE KEYS OF A NUMERIC KEYPAD
    07/30161082 DC : 0 BS EN 14890-2 - APPLICATION INTERFACE FOR SMART CARDS USED AS SECURE SIGNATURE CREATION DEVICES - PART 2: ADDITIONAL SERVICES
    ISO 13491-1:2016 Financial services Secure cryptographic devices (retail) Part 1: Concepts, requirements and evaluation methods
    S.R. CWA 16926-6:2015 EXTENSIONS FOR FINANCIAL SERVICES (XFS) INTERFACE SPECIFICATION RELEASE 3.30 - PART 6: PIN KEYPAD DEVICE CLASS INTERFACE - PROGRAMMER'S REFERENCE
    S.R. CWA 15748-6:2008 EXTENSIONS FOR FINANCIAL SERVICES (XFS) INTERFACE SPECIFICATION - RELEASE 3.10 - PART 6: PIN KEYPAD DEVICE CLASS INTERFACE - PROGRAMMER'S REFERENCE
    I.S. CWA 14890-2:2004 APPLICATION INTERFACE FOR SMART CARDS USED AS SECURE SIGNATURE CREATION DEVICES - PART 2: ADDITIONAL SERVICES
    I.S. EN ISO 11568-3:1997 BANKING - KEY MANAGEMENT (RETAIL) - PART 3: KEY LIFE CYCLE FOR SYMMETRIC CIPHERS
    ISO 10202-5:1998 Financial transaction cards Security architecture of financial transaction systems using integrated circuit cards Part 5: Use of algorithms
    ANSI X9.97-2 : 2009(R2017) BANKING - SECURE CRYPTOGRAPHIC DEVICES (RETAIL) - PART 2: SECURITY COMPLIANCE CHECKLISTS FOR DEVICES USED IN FINANCIAL TRANSACTIONS
    BS EN 1332-3:2008 Identification card systems. Man-machine interface Keypads
    BS EN 1332-1:2009 Identification card systems. Human-machine interface Design principles for the user interface
    EN ISO 11568-3 : 1996 BANKING - KEY MANAGEMENT (RETAIL) - PART 3: KEY LIFE CYCLE FOR SYMMETRIC CIPHERS
    EN ISO 11568-1 : 1996 BANKING - KEY MANAGEMENT (RETAIL) - PART 1: INTRODUCTION TO KEY MANAGEMENT
    EN 726-3:1994 Identification card systems - Telecommunications integrated circuit(s) cards and terminals - Part 3: Application independent card requirements
    EN ISO 10202-6 : 1995 FINANCIAL TRANSACTION CARDS - SECURITY ARCHITECTURE OF FINANCIAL TRANSACTION SYSTEMS USING INTEGRATED CIRCUIT CARDS - PART 6: CARDHOLDER VERIFICATION
    EN ISO 8583 : 1995 FINANCIAL TRANSACTION CARD ORIGINATED MESSAGES - INTERCHANGE MESSAGE SPECIFICATIONS
    05/30144066 DC : DRAFT DEC 2005 ISO 13492 - FINANCIAL SERVICES - KEY MANAGEMENT RELATED DATA ELEMENT - APPLICATION AND USAGE OF ISO 8353 DATA ELEMENTS 53 AND 96
    ISO 9564-3:2003 Banking Personal Identification Number management and security Part 3: Requirements for offline PIN handling in ATM and POS systems
    ANSI X9.105-1 : 2009 FINANCIAL TRANSACTION CARD ORIGINATED MESSAGES - INTERCHANGE MESSAGE SPECIFICATIONS - PART 1: MESSAGES, DATA ELEMENTS AND CODE VALUES
    BS ISO 10202-5:1998 Financial transaction cards. Security architecture of financial transaction systems using integrated circuit cards Use of algorithms
    BS ISO 13491-1:2007 Banking. Secure cryptographic devices (retail) Concepts, requirements and evaluation methods
    07/30164625 DC : 0 BS EN 1332-1 - IDENTIFICATION CARD SYSTEMS - HUMAN-MACHINE INTERFACE - PART 1: DESIGN PRINCIPLES FOR THE USER INTERFACE
    S.R. CWA 16374-6:2011 EXTENSIONS FOR FINANCIAL SERVICES (XFS) INTERFACE SPECIFICATION RELEASE 3.20 - PART 6: PIN KEYPAD DEVICE CLASS INTERFACE PROGRAMMER'S REFERENCE
    CR 1750 : 1999 IDENTIFICATION CARD SYSTEMS - INTER-SECTOR MESSAGES BETWEEN DEVICES AND HOSTS - ACCEPTOR TO ACQUIRER MESSAGES
    CSA ISO/IEC 9995-8 : 2010 INFORMATION TECHNOLOGY - KEYBOARD LAYOUTS FOR TEXT AND OFFICE SYSTEMS - PART 8: ALLOCATION OF LETTERS TO THE KEYS OF A NUMERIC KEYPAD
    CSA ISO/IEC 9995-8 : 2010 : R2015 INFORMATION TECHNOLOGY - KEYBOARD LAYOUTS FOR TEXT AND OFFICE SYSTEMS - PART 8: ALLOCATION OF LETTERS TO THE KEYS OF A NUMERIC KEYPAD
    INCITS/ISO/IEC 7816-15 : 2004 IDENTIFICATION CARDS - INTEGRATED CIRCUIT CARDS WITH CONTACTS - PART 15: CRYPTOGRAPHIC INFORMATION APPLICATION
    ISO 10202-8:1998 Financial transaction cards Security architecture of financial transaction systems using integrated circuit cards Part 8: General principles and overview
    I.S. CWA 14174-3:2004 FINANCIAL TRANSACTIONAL IC CARD READER (FINREAD) - PART 3: SECURITY REQUIREMENTS
    S.R. CR 1750:1999 IDENTIFICATION CARD SYSTEMS - INTER-SECTOR MESSAGES BETWEEN DEVICES AND HOSTS - ACCEPTOR TO ACQUIRER MESSAGES
    ISO 9564-2:2014 Financial services — Personal Identification Number (PIN) management and security — Part 2: Approved algorithms for PIN encipherment
    ISO 11568-4:2007 Banking — Key management (retail) — Part 4: Asymmetric cryptosystems — Key management and life cycle
    BS EN 726-3:1996 Identification card systems. Telecommunications. Integrated circuit(s) cards and terminals Application independent card requirements

    Standards Referencing This Book - (Show below) - (Hide below)

    ISO/IEC 18031:2011 Information technology Security techniques Random bit generation
    AS ISO 13491.1:2019 Financial services - Secure cryptographic devices (retail) Concepts, requirements and evaluation methods
    ISO 13491-2:2017 Financial services — Secure cryptographic devices (retail) — Part 2: Security compliance checklists for devices used in financial transactions
    ISO/IEC 7813:2006 Information technology Identification cards Financial transaction cards
    ISO 13491-1:2016 Financial services Secure cryptographic devices (retail) Part 1: Concepts, requirements and evaluation methods
    EN 1332-3:2008 Identification card systems - Man-machine interface - Part 3: Keypads
    AS ISO 13491.2:2019 Financial services - Secure cryptographic devices (retail) Security compliance checklists for devices used in financial transactions
    ISO 16609:2012 Financial services — Requirements for message authentication using symmetric techniques
    ISO/IEC 7812-1:2017 Identification cards — Identification of issuers — Part 1: Numbering system
    ISO 9564-2:2014 Financial services — Personal Identification Number (PIN) management and security — Part 2: Approved algorithms for PIN encipherment
    ISO 9564-4:2016 Financial services — Personal Identification Number (PIN) management and security — Part 4: Requirements for PIN handling in eCommerce for Payment Transactions
    View more information

    • Access your standards online with a subscription

      Features

      • Simple online access to standards, technical information and regulations
      • Critical updates of standards and customisable alerts and notifications
      • Multi - user online standards collection: secure, flexibile and cost effective