ISO 9564 is an international standard for personal identification number (PIN) management and security in financial services.
Modern banking systems require interoperability between a variety of PIN entry devices, smart cards, card readers, card issuers, acquiring banks and retailers – including transmission of PINs between those entities – so a common set of rules for handling and securing PINs is required, to ensure both technical compatibility and a mutually agreed level of security.
ISO 9564 comprises three parts,[Note 1] under the general title of Financial services — Personal Identification Number (PIN) management and security.
Additional requirements that apply to smart card readers include: Other specific requirements include: The standard specifies that PINs shall be from four to twelve digits long, noting that longer PINs are more secure but harder to use.
Formats 0 to 3 are all suitable for use with the Triple Data Encryption Algorithm, as they correspond to its 64-bit block size.