Issuer PIN Security Guidelines - Visa
Issuer PIN Security Guidelines - Visa
Issuer PIN Security Guidelines - Visa
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
• Any cryptographic algorithm used for protecting transmitted <strong>PIN</strong>s, either for<br />
purposes of secrecy or integrity, should have a level of security appropriate<br />
to the task . This should be assessed according to the relevant international<br />
and industry standards (See ISO 11568) and to the current industry best<br />
practice .<br />
• Unenciphered <strong>PIN</strong> transmissions should not contain any information that<br />
can be directly connected with the cardholder or the account . For example<br />
the transmitted <strong>PIN</strong> should be linked to the PAN of the cardholder account<br />
by use of an encrypted reference or control number . . The control number<br />
should only be generated by the issuer .<br />
• Unenciphered <strong>PIN</strong> transmission should provide <strong>PIN</strong> integrity, for example<br />
use of a secure <strong>PIN</strong> mailer for <strong>PIN</strong> advice by post .<br />
<strong>Issuer</strong> <strong>PIN</strong> <strong>Security</strong> <strong>Guidelines</strong> 2 7<br />
<strong>Visa</strong> Public © 2010 <strong>Visa</strong>. All Rights Reserved.