AS 2805.3.2-2008
AS 2805.3.2-2008
Electronic funds transfer - Requirements for interfaces PIN management and security - Offline
Standards Australia
Table of Contents
<toc>
<bookmarktable>
<bookmark index='0'>
<pageno>1</pageno>
<text>AS 2805.3.2-2008 ELECTRONIC FUNDS TRANSFER-REQUIREMENTS FOR INTERFACES - PIN MANAGEMENT AND SECURITY-OFFLINE</text>
<bookmark index='1'>
<pageno>4</pageno>
<text>PREFACE</text>
</bookmark>
<bookmark index='2'>
<pageno>6</pageno>
<text>CONTENTS</text>
</bookmark>
<bookmark index='3'>
<pageno>7</pageno>
<text>FOREWORD</text>
</bookmark>
<bookmark index='4'>
<pageno>8</pageno>
<text>1 SCOPE</text>
</bookmark>
<bookmark index='5'>
<pageno>8</pageno>
<text>2 APPLICATION</text>
</bookmark>
<bookmark index='6'>
<pageno>9</pageno>
<text>3 REFERENCED DOCUMENTS</text>
</bookmark>
<bookmark index='7'>
<pageno>9</pageno>
<text>4 DEFINITIONS</text>
<bookmark index='8'>
<pageno>9</pageno>
<text>4.1 Acquirer</text>
</bookmark>
<bookmark index='9'>
<pageno>9</pageno>
<text>4.2 Cipher text</text>
</bookmark>
<bookmark index='10'>
<pageno>9</pageno>
<text>4.3 Encipherment</text>
</bookmark>
<bookmark index='11'>
<pageno>9</pageno>
<text>4.4 Encryption algorithm</text>
</bookmark>
<bookmark index='12'>
<pageno>9</pageno>
<text>4.5 Integrated Circuit Card (ICC)</text>
</bookmark>
<bookmark index='13'>
<pageno>9</pageno>
<text>4.6 Personal identification number (PIN)</text>
</bookmark>
<bookmark index='14'>
<pageno>9</pageno>
<text>4.7 PIN block</text>
</bookmark>
<bookmark index='15'>
<pageno>9</pageno>
<text>4.8 Plain text</text>
</bookmark>
</bookmark>
<bookmark index='16'>
<pageno>10</pageno>
<text>5 BASIC PRINCIPLES OF PIN MANAGEMENT</text>
</bookmark>
<bookmark index='17'>
<pageno>10</pageno>
<text>6 PIN PROTECTION DURING TRANSMISSION BETWEEN PED AND ICC READER</text>
</bookmark>
<bookmark index='18'>
<pageno>11</pageno>
<text>7 SECURITY REQUIREMENTS</text>
</bookmark>
<bookmark index='19'>
<pageno>12</pageno>
<text>8 PIN BLOCK FORMAT</text>
<bookmark index='20'>
<pageno>12</pageno>
<text>8.1 General</text>
</bookmark>
<bookmark index='21'>
<pageno>12</pageno>
<text>8.2 Format 2 PIN block</text>
</bookmark>
</bookmark>
<bookmark index='22'>
<pageno>12</pageno>
<text>9 PHYSICAL SECURITY</text>
<bookmark index='23'>
<pageno>12</pageno>
<text>9.1 Physical security for PIN entry devices</text>
</bookmark>
<bookmark index='24'>
<pageno>12</pageno>
<text>9.2 Physically secure device</text>
</bookmark>
<bookmark index='25'>
<pageno>13</pageno>
<text>9.3 Physically secure environment</text>
</bookmark>
<bookmark index='26'>
<pageno>13</pageno>
<text>9.4 PIN entry device requirements</text>
</bookmark>
</bookmark>
</bookmark>
</bookmarktable>
</toc>
Abstract
Specifies requirements for addressing offline PIN management using IC cards.
Scope
This Standard specifies the minimum security measures required for PIN management in an off-line environment.
It is applicable to financial transaction card originated transactions requiring offline PIN verification by an IC card and to those institutions responsible for implementing techniques for the management and protection of the PIN at Automated Teller Machines (ATM) and Point-of-Sale (POS) terminals.
The provisions of this part of AS 2805.3 are not intended to cover:
(a) PIN management and security in the online PIN environment, which is covered in AS 2805.3.1.
(b) The protection of the PIN against loss or intentional misuse by the customer or authorized employees of the issuer or their agents.
(c) Privacy of non-PIN transaction data.
(d) Protection of transaction messages against alteration or substitution, e.g. an online authorisation response.
(e) Protection against replay of the PIN or transaction.
(f) Specific key management techniques.
(g) The decision as to whether the IC card is to receive the PIN enciphered.
(h) Contactless IC cards.
Requirements associated with multi-application IC cards are considered to be the responsibility of the issuer and are not included in this Standard. This Standard is described in terms applicable to IC card technology, however this language is not meant to restrict the applicability of this part to IC card technology.
General Product Information
| Document Type | Standard |
| Status | Current |
| Publisher | Standards Australia |
| Committee | IT-005 |
| Supersedes |
|
Cart
(empty)
New products
- IEC 62908-12-10 Ed. 2.0 en:2023
- IEC 62471-7 Ed. 1.0 b:2023
- IEC 62087-3 Ed. 2.0 b:2023
- IEC 61970-SER Ed. 1.0 b:2023
- IEC 60332-SER Ed. 1.0 b:2023
- IEC 61158-5-4 Ed. 4.0 b:2023
- IEC 61784-1-3 Ed. 1.0 b:2023
- IEC 61784-1-0 Ed. 1.0 b:2023
- IEC 62769-150-1 Ed. 2.0 b:2023
- IEC 61784-2-21 Ed. 1.0 b:2023
- IEC 63171-7 Ed. 1.0 en:2023
- IEC 63474 Ed. 1.0 b:2023
- IEC 60534-1 Ed. 4.0 b:2023
- IEC 62106-6 Ed. 2.0 en:2023
- IEC 60071-2 Ed. 5.0 b:2023
- IEC 60601-2-46 Ed. 4.0 b:2023
- IEC 61156-11 Ed. 2.0 en:2023
- IEC 61189-2-801 Ed. 1.0 b:2023
- IEC 61189-2-803 Ed. 1.0 b:2023
- IEC 61340-2-3 Ed. 2.0 b Cor.1:2023
Specials
-
-
SAE AMS4452D
$78.00 (-58%) $32.76