AS 2805.3.2-2008 pdf free download

AS 2805.3.2-2008 pdf free download.Electronic funds transfer Requirements for interfaces
Part 3.2: PIN management and security Offline.
(d) The plain text PIN shall never exist in the facility of the acquirer except within a physically secure device.
(e) A plain text PIN may exist in the general-purpose computer facility of the issuer for the purposes of PIN generation and printing, if the facility is a secure enironrnent (see AS 2805.I4.I)at the time.
(f) Only ihe customer and/or personnel authori,ed by the issuer shall be involved with PIN selection, PIN issuance or any PIN entry process in which the PIN can be related to account identity information. Such personnel shall operate only under strictly enforced procedures (e.g. under dual control).
(g) A stored enciphered PIN shall be protected from substitution.
(h) Compromise of the PIN (or suspected compromise) shall result in the ending of the PIN life cycle.
(I) Responsibility for PIN verification shall rest with the issuer, although the verification function may be delegated to another institution.
(j) Different encipherment keys shall be used for protection of PIN storage and transmission.
6 PIN PROTECTION DURIN(; TRANSN1ISSION BETWEEN PEI) ANI) ICC RFAI)ER
The ICC reader and PIN entry device (PI[)) can either he integrated into a single device or
he two separate devices. (See Table I.)
When the ICC reader and PED are integrated sithin a de ice meeting the requirements of Clause 9 and he PIN is to he submitted to the IC in plain text form, then the PEt) need not encipher the PIN.
When the PIN is to he submitted to the IC in plain text form and is transmitted to the ICC reader through an unprotected environment then the PIN shall be enciphered in accordance with AS 2805.3.1 The ICC reader shall then decipher the PIN for submission in plain text to the IC. The PIN shall be enciphered and deciphered in a device meeting the requirements of Clause 9.
For both integrated and non-integrated devices, when the PIN is to be submitted to the IC in enciphered form, then the PIN shall he enciphered within a de ice meeting the requirements of Clause 9 using an authenticated encipherment key of the IC.
If the PIN is transmitted outside of a device meeting the requirements of Clause 9 then it shall he enciphered in accordance with AS 2805.3.1 or it shall be enciphered using an aLit hem icated encipherment key of the IC.AS 2805.3.2-2008 pdf free download.