ADOPTED_FROM:ISO 9564-1:1991
This part of IS0 9564 specifies the minimum security measures required for effective international PIN man-
agement. A standard means of interchanging PIN data is provided. This part of IS0 9564 also specifies the rules related to the approval of PIN encipherment algorithms. This part of IS0 9564 is applicable to institutions responsible for implementing techniques for the management and protection of the PIN for bank card originated transactions. The provisions of this part of IS0 9564 are not intended to cover
- the protection of the PIN against loss or intentional misuse by the customer or authorized employees of the
issuer;
- privacy of non-PIN transaction data;
- protection of transaction messages against alteration or substitution, e.g. an authorization response to a
PIN verification;
- protection against replay of the PIN or transaction;
- specific key management techniques;
- PIN management and security for transactions conducted using Integrated Circuit Cards (ICC);
- the use of asymmetric encipherment algorithms for PIN management.
