BS ISO 9564-4:2016 pdf download – Financial services — Personal Identification Number (PIN) management and security Part 4: Requirements for PIN handling in eCommerce for Payment Transactions
5 PIN handling requirements
5.1 General A PIN shall not be entered into a network access device (NAD), including, but not limited to, personal computers, mobile phones, etc. Personal devices used for PIN entry in eCommerce shall be for the exclusive use of the cardholder. The use of public (shared) PIN entry devices is restricted to PEDs defined in 5.4 and 5.5. 5.2 Functionally secure PIN entry devices (FSPED) Functionally secure PIN entry devices (FSPED) are limited functionality PIN entry devices that shall be approved by the issuer for use in conjunction with any of that issuer’s IC cards for offline OTT generation. FSPEDs that support software updates shall have a cryptographic relationship with the card issuer but the associated cryptographic keys shall not be used for PIN encipherment. The device shall only apply software updates that it has cryptographically authenticated and shall ensure that the software updates are applied in the correct order (an older update cannot be applied after a newer one has already been applied). An FSPED shall contain a contact IC reader for communication with an IC card. The device shall also contain a keypad for PIN entry and a display screen. Following entry of a PIN (which may be verified by the IC card), the FSPED interacts with the IC card to produce an OTT for subsequent verification by the issuer.
The IC card generates a cryptographic value. This value may be used directly as the OTT or the FSPED may format this value to an OTT (e.g. by decimalization and/or truncation) that is convenient for a user to enter manually.
The OTT is then either entered into or transferred to the NAD as part of the eCommerce transaction and sent to the issuer for verification. In addition to the PIN, solutions may require the entry of other transaction related data into the FSPED before an OTT can be generated. Such transaction related data may be manually entered or transmitted from the NAD to the FSPED. Such transaction details (e.g. amount) should be displayed on the FSPED for the cardholder to verify. The FSPED shall make no cryptographic contribution to the value of the OTT. However, for example, the FSPED may encipher the PIN with an IC card public key for transport to the IC card. Magnetic stripe-only cards have no processing capability (e.g. for PIN verification) and therefore cannot be used for OTT generation.
The cardholder should be instructed by the issuer to
— not use any FSPED from an untrusted source such as an Internet cafe, hotel business centre, etc.,
— remove the card from the FSPED after each use,
— physically protect the FSPED from unauthorized replacement or alteration, and
— cease to use the FSPED if it appears to be damaged.
NOTE The requirements in this subclause do not preclude the use of an ISO 9564-1 compliant PED for OTT generation. Whenever the term PED is used as a stand-alone term in this part of ISO 9564, an ISO 9564-1 compliant PED is understood.
FSPEDs shall comply with the following requirements:
a) unauthorized modifications to the device’s functional characteristics cannot be made without physical penetration of the device;
b) the device has characteristics that make it likely that physical penetration results in visible damage detectable by the end-user;
c) the device shall not disclose the value of the PIN in any form except to the IC card. For example, it shall not provide visual or auditory signals that divulge the value of entered PIN digits;
d) the device shall only perform its designed functions; e) the functionality implemented in the device shall have been approved by the issuer whose cardholder will use the device;
f) the device shall be a single device that includes the contact IC reader, processor, keypad, display, and memory;
g) the device shall immediately erase the entered PIN from all device memory once the PIN has been submitted to the IC card or enciphered for the transmission to the IC card;