• Shopping Cart
    There are no items in your cart

ISO 9564-4:2016

Current

Current

The latest, up-to-date edition.

Financial services — Personal Identification Number (PIN) management and security — Part 4: Requirements for PIN handling in eCommerce for Payment Transactions

Available format(s)

Hardcopy , PDF , PDF 3 Users , PDF 5 Users , PDF 9 Users

Language(s)

English

Published date

09-03-2016

€92.00
Excluding VAT

ISO 9564-4:2016 provides requirements for the use of personal identification numbers (PIN) in eCommerce. The PINs in scope are the same cardholder PINs used as a means of cardholder verification in card-based financial transactions; notably, automated teller machine (ATM) systems, point-of-sale (POS) terminals, automated fuel dispensers, and vending machines.

It is applicable to financial card-originated transactions requiring verification of the PIN and to those organizations responsible for implementing techniques for the management of the PIN in eCommerce.

The provisions of this part of ISO 9564 are not intended to cover

- passwords, passcodes, pass phrases and other shared secrets used for customer authentication in online banking, telephone banking, digital wallets, mobile payment, etc.,

- management of cardholder PINs for use as a means of cardholder verification in retail banking systems in, notably, automated teller machine (ATM) systems, point-of-sale (POS) terminals, automated fuel dispensers, vending machines, banking kiosks and PIN selection/change systems, which are covered in ISO 9564‑1,

- card proxies such as mobile phones or key fobs,

- approved algorithms for PIN encipherment, which are covered in ISO 9564‑2,

- the protection of the PIN against loss or intentional misuse by the customer or authorized employees of the issuer,

- privacy of non-PIN transaction data,

- protection of transaction messages against alteration or substitution, e.g. an online authorization response,

- protection against replay of the transaction,

- functionality of devices used for PIN entry which is related to issuer functions other than PIN entry,

- specific key management techniques, and

- access to, and storage of, card data other than the PIN by applications such as wallets.

DevelopmentNote
Supersedes ISO/DIS 9564-4 & ISO TR 9564-4. (03/2016)
DocumentType
Standard
Pages
14
PublisherName
International Organization for Standardization
Status
Current
Supersedes

Standards Relationship
BS ISO 9564-4:2016 Identical
NEN ISO 9564-4 : 2016 Identical
BIS IS 15042 Part 4:2019 Identical

BS ISO 9564-1:2017 Financial services. Personal Identification Number (PIN) management and security Basic principles and requirements for PINs in card-based systems
ISO 9564-1:2017 Financial services — Personal Identification Number (PIN) management and security — Part 1: Basic principles and requirements for PINs in card-based systems

ISO/IEC 7812-2:2017 Identification cards — Identification of issuers — Part 2: Application and registration procedures
ISO/IEC 7816-1:2011 Identification cards — Integrated circuit cards — Part 1: Cards with contacts — Physical characteristics
ISO/IEC 7813:2006 Information technology Identification cards Financial transaction cards
ISO 13491-1:2016 Financial services — Secure cryptographic devices (retail) — Part 1: Concepts, requirements and evaluation methods
ISO/IEC 18328-2:2015 Identification cards ICC-managed devices Part 2: Physical characteristics and test methods for cards with devices
ISO 9564-1:2017 Financial services — Personal Identification Number (PIN) management and security — Part 1: Basic principles and requirements for PINs in card-based systems
ISO/IEC 18328-1:2015 Identification cards ICC-managed devices Part 1: General framework
ISO/IEC 7812-1:2017 Identification cards — Identification of issuers — Part 1: Numbering system
ISO/IEC 7810:2003 Identification cards Physical characteristics
ISO/IEC 18328-3:2016 Identification cards — ICC-managed devices — Part 3: Organization, security and commands for interchange

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.