ISO 9564

ISO 9564 is an international standard for personal identification number (PIN) management and security in financial services.

The PIN is used to verify the identity of a customer (the user of a bank card) within an electronic funds transfer system, and (typically) to authorize the transfer or withdrawal of funds. Therefore, it is important to protect PINs against unauthorized disclosure or misuse. Modern banking systems require interoperability between a variety of PIN entry devices, smart cards, card readers, card issuers, acquiring banks and retailers – including transmission of PINs between those entities – so a common set of rules for handling and securing PINs is required, both to ensure technical compatibility and a mutually agreed level of security. ISO 9564 provides principles and techniques to meet these requirements.

ISO 9564 comprises three parts, under the general title of Financial services — Personal Identification Number (PIN) management and security.

ISO 9564-1:2011 specifies the basic principles and techniques of secure PIN management. It includes both general principles and specific requirements.

The basic principles of PIN management include:

The standard specifies some characteristics required or recommended of PIN entry devices (also known as PIN pads), i.e. the device into which the customer enters the PIN, including:

A PIN may be stored in a secure smart card, and verified offline by that card. The PIN entry device and the reader used for the card that will verify the PIN may be integrated into a single physically secure unit, but they do not need to be.

Additional requirements that apply to smart card readers include:

Other specific requirements include:

...
Wikipedia