Issuer PIN Security Guidelines - Visa

More documents

Recommendations

Info

PIN Change Objective Plaintext PIN values and associated account details should only be visible to the associated cardholders . Threats • Customer may select a PIN value that is easy to guess . • See also PIN Advice threats Guidelines • Cardholder PIN change can be performed using any issuer approved device and functionality . • PIN change should follow principles of ISO-9564 . • PIN change should not be performed by email • PIN change should not be performed using an intermediate human interface to update the PIN • PIN change events should be recorded for future dispute resolution . • PIN change event logs should not include any plaintext PIN values . (See PIN Logging section) • A PIN change should be handled differently from a forgotten PIN . Proof that the current PIN is known is an indicator that the request to change the PIN is from the genuine cardholder . PIN change at Issuer Location • At a card issuer’s location, on-line PIN change should be supported through an ATM, or a secure unattended device . See Cryptographic Device management for guidance on providing a secure unattended device . • The procedure should require the current PIN to be entered and verified before selection and activation of the new PIN otherwise the cardholder should be directed to the ‘forgotten PIN’ procedure . • The new PIN should be entered twice and the terminal should confirm that the two entries are identical . • The terminal should have a user interface that is easy for a cardholder to use, for example clearly displayed, unambiguous instructions . • The terminal should be functionally secure so that: – displayed messages cannot be modified in an unauthorized way (For example “Enter PIN” message cannot be displayed when data is output in clear) . 4 6 Issuer PIN Security Guidelines Visa Public © 2010 Visa. All Rights Reserved.
– The keyboard is controlled by secure logic . • The terminal should be designed to ensure that PIN management data, cannot be accessed by an application that has been loaded in an unauthorised way . • The terminal should provide a “clear” key to correct single digit errors during PIN entry . • The terminal should be equipped with a privacy shield . • If CCTV is used within the issuer location it should not be able to observe PIN entry . • The terminal and the operational environment should provide protection against exhaustive PIN searches, e .g . by the terminal blocking itself or being blocked after a suspiciously high proportion of incorrect PINs attempts . PIN change by mail • Cardholder PIN change by mail should use the same process as cardholder selected PIN by mail . IVR PIN change • See section on IVR PIN advice . PIN change using the internet • See section on PIN advice using the internet Offline PIN change • The PIN change protocol should support synchronisation of the off-line and on-line PIN (when an on-line PIN exists) by recognizing exception conditions such as time-outs . • Unless the protocol demonstrates that both the on-line and the off-line PINs have been changed successfully, the offline PIN value should roll back (where possible) to the original PIN value . • Transaction protocols at ATMs should ensure that the on-line and off-line PINs are always aligned . Thus, any failures, such as “time-outs” will result in a “roll-back” to the original PIN . • If an on-line PIN update has been completed, but the off-line PIN update has not been completed for any reason there is the risk that the on-line and offline PIN values are not synchronised . Issuers should implement procedures to identify such a condition when it occurs and to display appropriate instructions to the cardholder . Issuer PIN Security Guidelines 4 7 Visa Public © 2010 Visa. All Rights Reserved.
Page 1: Issuer PIN Security Guidelines Nove
Page 5 and 6: Table of Contents Using This Docume
Page 7 and 8: Using This Document Purpose This ma
Page 9 and 10: Issuer Approved PIN Entry • Offli
Page 11 and 12: General PIN Management Guidelines T
Page 13 and 14: PIN Fraud Mitigations Abbreviations
Page 15 and 16: Abbreviation Description PSTN Publi
Page 17 and 18: Term Definition Issuer Approved dev
Page 19 and 20: Term Definition POS Device Any devi
Page 21 and 22: 10 . ISO/IEC 13491: Banking—Secur
Page 23 and 24: Guidelines for Issuer Approved Devi
Page 25 and 26: Personal PIN Entry Devices Provided
Page 27 and 28: Offline PIN Generation Issuer Assig
Page 29 and 30: • The PIN selection system should
Page 31 and 32: PIN Verification Values General Gui
Page 33 and 34: • Any cryptographic algorithm use
Page 35 and 36: issuers PIN storage processes, incl
Page 37 and 38: See the PIN handling device managem
Page 39 and 40: • Transported clear text key comp
Page 41 and 42: PIN Handling Device Management Obje
Page 43 and 44: Cardholder Authentication to PIN Ma
Page 45 and 46: PIN Advice Objective Plaintext PINs
Page 47 and 48: PIN Advice by SMS • The issuer sh
Page 49 and 50: • The control number should be ge
Page 51: Call Center Use Generation of the C
Page 55 and 56: • Cardholders should be informed

Issuer PIN Security Guidelines - Visa

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?