ISO standard makes sure that PINs are secure
How many times and in how many places have you entered your bank card’s PIN (Personal Identification Number) today? To make sure that the integrity of this data is protected throughout all transactions, ISO has technically revised and updated the standard providing requirements for the management and security of PINs (ISO 9564-1).
Why an International Standard for PIN management? Take the example of just one financial institution, Visa. In 2007, Visa had 20 000 member banks with 1.59 billion cards in circulation generating 59 billion transactions per year, with peaks of more than 6 800 transactions per second. The ISO standard for PIN management helps protect the identification numbers used for cardholder verification against unauthorized disclosure, compromise and misuse everywhere in the world. It thus helps minimize the risk of fraud through electronic funds transfer systems.
Mark Sutton, Chair of the ISO subcommittee that developed the standard,explains, “A PIN’s life span may be long and involve its use in many different countries, bank machines, shops, and even online. Its secrecy needs to be assured at all times, both for online and offline transactions, from the moment it is established to its deactivation (including any issuances, storage, entries, transmissions, validations, etc.).”