IS 15042-3 (2012): Banking - Personal Identification ...

Disclosure to Promote the Right To Information

Whereas the Parliament of India has set out to provide a practical regime of right to information for citizens to secure access to information under the control of public authorities, in order to promote transparency and accountability in the working of every public authority, and whereas the attached publication of the Bureau of Indian Standards is of particular interest to the public, particularly disadvantaged communities and those engaged in the pursuit of education and knowledge, the attached public safety standard is made available to promote the timely dissemination of this information in an accurate manner to the public.

इंटरनेट मानक

“!ान $ एक न' भारत का +नम-ण”Satyanarayan Gangaram Pitroda

“Invent a New India Using Knowledge”

“प0रा1 को छोड न' 5 तरफ”Jawaharlal Nehru

“Step Out From the Old to the New”

“जान1 का अ+धकार, जी1 का अ+धकार”Mazdoor Kisan Shakti Sangathan

“The Right to Information, The Right to Live”

“!ान एक ऐसा खजाना > जो कभी च0राया नहB जा सकता है”Bhartṛhari—Nītiśatakam

“Knowledge is such a treasure which cannot be stolen”

“Invent a New India Using Knowledge”

है”ह”ह

IS 15042-3 (2012): Banking - Personal IdentificationNumber (PIN) Management and Security, Part 3: Requirementsfor Offline PIN Handling in ATM and POS systems [MSD 7:Banking and Financial services]

IS 15042 (Part 3) : 2011

ISO 9564-3 : 2003

Indian Standard

BANKING — PERSONAL IDENTIFICATION NUMBER

(PIN) MANAGEMENT AND SECURITY

PART 3 REQUIREMENTS FOR OFFLINE PIN HANDLING IN ATM AND POS SYSTEMS

ICS 35.240.40

© BIS 2011

B U R E A U O F I N D I A N S T A N D A R D SMANAK BHAVAN, 9 BAHADUR SHAH ZAFAR MARG

NEW DELHI 110002

December 2011 Price Group 3

Hkkjrh; ekud

cSafdax — O;fDrxr igpku uEcj (fiu) izcaèku ,oa lqj{kkHkkx 3 ,Vh,e vkSj ihvks,l i¼fr;ksa esa vkWiQykbu fiu j[k&j[kko dh vis{kk,¡

Banking and Financial Services Sectional Committee, MSD 7

NATIONAL FOREWORD

This Indian Standard (Part 3) which is identical with ISO 9564-3 : 2003 ‘Banking — Personal IdentificationNumber (PIN) management and security — Part 3: Requirements for offline PIN handling in ATM and POSsystems’ issued by the International Organization for Standardization (ISO) was adopted by the Bureau ofIndian Standards on the recommendation of the Banking and Financial Services Sectional Committee andapproval of the Management and Systems Division Council.

This standard is published in various parts. Other parts in this series are:

Part 1 Basic principles and requirements for online PIN handling in ATM and POS systems

Part 2 Approved algorithms for PIN encipherment

Part 4 Guidelines for PIN handling in open networks

The text of ISO Standard has been approved as suitable for publication as an Indian Standard withoutdeviations. Certain conventions are, however, not identical to those used in Indian Standards. Attention isparticularly drawn to the following:

a) Wherever the words ‘International Standard’ appear referring to this standard, they should be read as‘Indian Standard’.

b) Comma (,) has been used as a decimal marker while in Indian Standards, the current practice is touse a point (.) as the decimal marker.

In this adopted standard, reference appears to certain International Standards for which Indian Standardsalso exist. The corresponding Indian Standards which are to be substituted in their respective places arelisted below along with their degree of equivalence for the editions indicated:

International Standard

ISO 7816-1 : 1998 Identification cards— Integrated circuit(s) cards withcontacts — Par t 1: Physicalcharacteristics

ISO 7816-2 : 1999 Identification cards— Integrated circuit(s) cards withcontacts — Part 2: Dimensions andlocation of the contacts

ISO/IEC 7816-3 : 1997 Identificationcards — Integrated circuit(s) cardswith contacts — Part 3: Electronicsignals and transmission protocol

ISO/IEC 7816-5 : 1994 Identificationcards — Integrated circuit(s) cardswith contacts — Part 5: Registrationsystem for applications in IC cards

Corresponding Indian Standard

IS 14202 (Part 1) : 2003 Identificationcards — Integrated circuit(s) cards withcontacts: Par t 1 Physicalcharacteristics (first revision)

IS 14202 (Part 2) : 2003 Identificationcards — Integrated circuit(s) cards withcontacts: Part 2 Dimensions andlocation of the contacts (first revision)

IS 14202 (Part 3) : 2002 Identificationcards — Integrated circuit(s) cards withcontacts: Part 3 Electronic signals andtransmission protocols

IS 14202 (Part 5) : 2003 Identificationcards — Integrated circuit(s) cards withcontacts: Part 5 Registration system forapplications in IC cards

Degree of Equivalence

Identical

do

do

do

IS 15042 (Part 3) : 2011ISO 9564-3 : 2003

i

The technical committee has reviewed the provision of the following referred publication and has decidedthat it is acceptable for use in conjunction with this standard:

Designation Title

EMV 2000 Integrated Circuit Card Specification for Payment Systems, Book 2 —Security and Key Management, Version 4.0, December, 2000

International Standard Corresponding Indian Standard Degree of Equivalence

Identical

do

do

do

ISO/IEC 7816-6 : 1997 Identificationcards — Integrated circuit(s) cardswith contacts — Part 6: Interindustrydata elements

ISO 9564-1 : 2002 Banking —Personal Identification Number (PIN)management and security — Part 1:Basic principles and requirements foronline PIN handling in ATM and POSsystems

ISO 9564-2 : 2005 Banking —Personal Identification Number (PIN)management and security — Part 2:Approved algorithms for PINencipherment

ISO 11568-2 : 2005 Banking — Keymanagement (retail) — Par t 2:Symmetric ciphers, their keymanagement and life cycle

IS 14202 (Part 6) : 2003 Identificationcards — Integrated circuit(s) cards withcontacts: Part 6 Interindustry dataelements

IS 15042 (Part 1) : 2006 Banking —Personal Identification Number (PIN)management and security: Part 1 Basicprinciples and requirements for onlinePIN handling in ATM and POS systems(first revision)

IS 15042 (Part 2) : 2007 Banking —Personal Identification Number (PIN)management and security: Part 2Approved algorithms for PINencipherment (first revision)

IS 15256 (Part 2) : 2011 Banking —Key management (retail): Par t 2Symmetric ciphers, their keymanagement and life cycle

ii

IS 15042 (Part 3) : 2011ISO 9564-3 : 2003

IS 15042 (Part 3) : 2011ISO 9564-3 : 2003

iii

Indian Standard

BANKING — PERSONAL IDENTIFICATION NUMBER(PIN) MANAGEMENT AND SECURITY

PART 3 REQUIREMENTS FOR OFFLINE PIN HANDLING IN ATM AND POS SYSTEMS

IS 15042 (Part 3) : 2011ISO 9564-3 : 2003

1

IS 15042 (Part 3) : 2011ISO 9564-3 : 2003

2

IS 15042 (Part 3) : 2011ISO 9564-3 : 2003

3

IS 15042 (Part 3) : 2011ISO 9564-3 : 2003

4

IS 15042 (Part 3) : 2011ISO 9564-3 : 2003

5

Bureau of Indian Standards

BIS is a statutory institution established under the Bureau of Indian Standards Act, 1986 to promoteharmonious development of the activities of standardization, marking and quality certification ofgoods and attending to connected matters in the country.

Copyright

BIS has the copyright of all its publications. No part of the these publications may be reproduced inany form without the prior permission in writing of BIS. This does not preclude the free use, in thecourse of implementing the standard, of necessary details, such as symbols and sizes, type or gradedesignations. Enquiries relating to copyright be addressed to the Director (Publications), BIS.

Review of Indian Standards

Amendments are issued to standards as the need arises on the basis of comments. Standards arealso reviewed periodically; a standard alongwith amendments is reaffirmed when such review indicatesthat no changes are needed; if the review indicates that changes are needed, it is taken up for revision.Users of Indian Standards should ascertain that they are in possession of the latest amendments oredition by referring to the latest issue of ‘BIS Catalogue’ and ‘Standards: Monthly Additions’.

This Indian Standard has been developed from Doc No.: MSD 7 (340).

Amendments Issued Since Publication

Amend No. Date of Issue Text Affected

BUREAU OF INDIAN STANDARDS

Headquarters:

Manak Bhavan, 9 Bahadur Shah Zafar Marg, New Delhi 110002Telephones: 2323 0131, 2323 3375, 2323 9402 Website: www.bis.org.in

Regional Offices: Telephones

Central : Manak Bhavan, 9 Bahadur Shah Zafar Marg 2323 7617NEW DELHI 110002 2323 3841

Eastern : 1/14 C.I.T. Scheme VII M, V.I.P. Road, Kankurgachi 2337 8499, 2337 8561KOLKATA 700054 2337 8626, 2337 9120

Northern : SCO 335-336, Sector 34-A, CHANDIGARH 160022 260 3843260 9285

Southern : C.I.T. Campus, IV Cross Road, CHENNAI 600113 2254 1216, 2254 14422254 2519, 2254 2315

Western : Manakalaya, E9 MIDC, Marol, Andheri (East) 2832 9295, 2832 7858MUMBAI 400093 2832 7891, 2832 7892

Branches : AHMEDABAD. BANGALORE. BHOPAL. BHUBANESHWAR. COIMBATORE. DEHRADUN.FARIDABAD. GHAZIABAD. GUWAHATI. HYDERABAD. JAIPUR. KANPUR. LUCKNOW.NAGPUR. PARWANOO. PATNA. PUNE. RAJKOT. THIRUVANANTHAPURAM.VISAKHAPATNAM.

Published by BIS, New Delhi