PRICES include / exclude VAT
Homepage>BS Standards>35 INFORMATION TECHNOLOGY. OFFICE MACHINES>35.240 Applications of information technology>35.240.40 IT applications in banking>21/30383510 DC BS ISO 9564-5. Financial services. Personal Identification Number (PIN) management and security Part 5. Methods for the generation, change, and verification of PINs and card security data using the advanced encryption standard
Sponsored link
immediate downloadReleased: 2021-04-14
21/30383510 DC BS ISO 9564-5. Financial services. Personal Identification Number (PIN) management and security Part 5. Methods for the generation, change, and verification of PINs and card security data using the advanced encryption standard

21/30383510 DC

BS ISO 9564-5. Financial services. Personal Identification Number (PIN) management and security Part 5. Methods for the generation, change, and verification of PINs and card security data using the advanced encryption standard

Format
Availability
Price and currency
English Secure PDF
Immediate download
26.00 USD
English Hardcopy
In stock
26.00 USD
Standard number:21/30383510 DC
Pages:20
Released:2021-04-14
Status:Draft for Comment
DESCRIPTION

21/30383510 DC


This standard 21/30383510 DC BS ISO 9564-5. Financial services. Personal Identification Number (PIN) management and security is classified in these ICS categories:
  • 35.240.40 IT applications in banking

This document provides requirements and guidance for methods of Issuer PIN Management using AES. It additionally defines a method for generating and verifying Card Security Codes using AES.

The processes defined in this Standard (in order as presented) are:

  1. PIN Generation

  2. PIN Change

  3. PIN Verification

  4. Generation and Verification of Card Security Code

All AES key lengths (128 bits, 192 bits and 256 bits) are acceptable for this Standard

Within this document, references to CMAC refer to algorithm 5 in ISO/IEC 9797-1 used with AES.

Assigned derived PINS, where PINs are derived from PANs and customer selection is supported by means of offsets, are not prohibited but are not recommended and so an AES-based method for this approach is not specified in this standard. One reason for not recommending this approach is that with this approach if a user PIN is discovered by a fraudster (along with non-secret PIN verification data) then to recover PIN security the card must be reissued with a new PAN.