This article relies too much on references to primary sources. (October 2016) (Learn how and when to remove this template message)
The PIN is used to verify the identity of a customer (the user of a bank card) within an electronic funds transfer system, and (typically) to authorize the transfer or withdrawal of funds. Therefore, it is important to protect PINs against unauthorized disclosure or misuse. Modern banking systems require interoperability between a variety of PIN entry devices, smart cards, card readers, card issuers, acquiring banks and retailers – including transmission of PINs between those entities – so a common set of rules for handling and securing PINs is required, both to ensure technical compatibility and a mutually agreed level of security. ISO 9564 provides principles and techniques to meet these requirements.
ISO 9564 comprises three parts,[Note 1] under the general title of Financial services — Personal Identification Number (PIN) management and security.
ISO 9564-1:2011 specifies the basic principles and techniques of secure PIN management. It includes both general principles and specific requirements.
The basic principles of PIN management include:
The standard specifies some characteristics required or recommended of PIN entry devices (also known as PIN pads), i.e. the device into which the customer enters the PIN, including:
Additional requirements that apply to smart card readers include:
Other specific requirements include:
The standard specifies that PINs shall be from four to twelve digits long, noting that longer PINs are more secure but harder to use. It also suggests that the issuer should not assign PINs longer than six digits.
There are three accepted methods of selecting or generating a PIN:
The standard includes requirements for keeping the PIN secret while transmitting it, after generation, from the issuer to the customer. These include:
To protect the PIN during transmission from the PIN entry device to the verifier, the standard requires that the PIN be encrypted, and specifies several formats that may be used. In each case, the PIN is encoded into a PIN block, which is then encrypted by an "approved algorithm", according to part 2 of the standard).
The PIN block formats are:
The plain text PIN field is:
The account number field is:
This format should be used where no PAN is available. The PIN block is constructed by concatenating the PIN with a transaction number thus:
Format 2 is for local use with off-line systems only, e.g. smart cards. The PIN block is constructed by concatenating the PIN with a filler value thus:
(Except for the format value in the first nibble, this is identical to the plain text PIN field of format 0.)
Format 3 is the same as format 0, except that the "fill" digits are random values from 10 to 15, and the first nibble (which identifies the block format) has the value 3.
Formats 0 to 3 are all suitable for use with the Triple Data Encryption Algorithm, as they correspond to its 64-bit block size. However the standard allows for other encryption algorithms with larger block sizes, e.g. the Advanced Encryption Standard has a block size of 128 bits. In such cases the PIN must be encoding into an extended PIN block, the format of which is defined in a 2015 amendment to ISO 9564-1.
ISO 9564-2:2014 specifies which encryption algorithms may be used for encrypting PINs. The approved algorithms are: