M00020019
New product
ISO FDIS 9564-4 2015 Edition, November 23, 2015 Financial services - Personal Identification Number (PIN) management and security - Part 4: Requirements for PIN handling in eCommerce for Payment Transactions
In stock
Warning: Last items in stock!
Availability date: 07/14/2021
Description / Abstract:
This part of ISO 9564 provides requirements for the use of
personal identification numbers (PIN) in eCommerce. The PINs in
scope are the same cardholder PINs used as a means of cardholder
verification in card-based financial transactions; notably,
automated teller machine (ATM) systems, point-of-sale (POS)
terminals, automated fuel dispensers, and vending machines.
It is applicable to financial card-originated transactions
requiring verification of the PIN and to those organizations
responsible for implementing techniques for the management of the
PIN in eCommerce.
The provisions of this part of ISO 9564 are not intended to
cover:
- Passwords, passcodes, pass phrases and other shared secrets
used for customer authentication in online banking, telephone
banking, digital wallets, mobile payment etc.
- Management of cardholder PINs for use as a means of cardholder
verification in retail banking systems in, notably, automated
teller machine (ATM) systems, point-of-sale (POS) terminals,
automated fuel dispensers, vending machines, banking kiosks and PIN
selection/change systems, which are covered in ISO 9564-1,  PIN
selection and change, which are covered in ISO 9564-1,
- card proxies such as mobile phones or key fobs,
- approved algorithms for PIN encipherment, which are covered in
ISO 9564-2,
- the protection of the PIN against loss or intentional misuse
by the customer or authorised employees of the issuer or their
agents,
- privacy of non-PIN transaction data,
- protection of transaction messages against alteration or
substitution, e.g. an online authorisation response,
- protection against replay of the transaction, 
functionality of devices used for PIN entry which is related to
issuer functions other than PIN entry
- specific key management techniques,
- access to, and storage of, card data other than the PIN by
applications such as wallets.