Куда я попал?
PCI PIN Security v3.1
Framework
П.3-3
Для просмотра файла необходимо авторизоваться!
translation.png
Для проведения оценки соответствия по документу войдите в систему.
Список требований
-
PIN Security Requirements:
3-3 Standard PIN-block formats (i.e., ISO formats 0, 1, 2, 3, and 4) shall not be translated into non-standard PIN-block formats.
PINs enciphered using ISO format 0, ISO format 3, or ISO format 4 must not be translated into any other PIN-block format other than ISO format 0, 3, or 4 except when translated to ISO format 2 as specified in the table below. PINs enciphered using ISO format 1 may be translated into ISO format 0, 3, or 4, but must not be translated back into ISO format 1. ISO format 1 may be translated into ISO format 2 as specified in the table below.
Translations between PIN-block formats that both include the PAN shall not support a change in the PAN. The PIN-translation capability between ISO formats 0, 3, or 4 (including translations from ISO format 0 to ISO format 0, from ISO format 3 to ISO format 3, or from ISO format 4 to ISO format 4) must not allow a change of PAN. The following illustrates translations from formats 0, 1, 3 and 4:
Note: This translation restriction is not applicable to surrogate PANs used in tokenization implementations.
Translation
from: ISO Format 0, 3, 4
to: ISO Format 0, 3, 4- Permitted anywhere without change of PAN
- Change of PAN only permitted in sensitive state for card issuance
- Change of PAN token to real PAN only permitted with cryptographic binding of PAN token to real PAN
from: ISO Format 1
to: ISO Format 0, 3, 4- Permitted
from: ISO Format 2
to: ISO Format 0, 3, 4- Not permitted
from: ISO Format 0, 3, 4
to: ISO Format 1- Not permitted
from: ISO Format 1
to: ISO Format 1- Permitted
from: ISO Format 2
to: ISO Format 1- Not permitted
from: ISO Format 0, 3, 4
to: ISO Format 2- Permitted for submission to an IC card
from: ISO Format 1
to: ISO Format 2- Permitted for submission to an IC card
from: ISO Format 2
to: ISO Format 2- Permitted for submission to an IC card
Testing Procedures:
3-3.a Verify the following, using information obtained in the prior steps of Requirement 3:- ISO PIN-block formats are not translated into non-ISO formats.
- ISO PIN-block formats 0, 3, and 4 are not translated into any PIN-block formats other than 0, 3, or 4 except for submission to an IC payment card.
- If ISO format 1 is translated to ISO format 0, 3, or 4, it is not translated back to ISO format 1.
- If ISO format 1 is translated to ISO format 2, it is only for submission to an IC payment card.
- PIN-block translations from ISO format 0, 3, or 4 to any of ISO format 0, 3, or 4 do not support a change in PAN.
3-3.b Where translated to format 2, verify that the PIN block is only submitted to the IC card.
Note: For offline PIN this is verified for PCI-approved POI devices:
a) The PIN that is submitted by the ICC reader to the IC shall be contained in a PIN block conforming to ISO format 2 PIN block. This applies whether the PIN is submitted in plaintext or enciphered using an encipherment key of the IC.
b) Where the ICC reader is not integrated into the PIN entry device and PINs are enciphered only for transmission between the PIN entry device and the ICC reader, the device shall use one of the PIN-block formats specified in ISO 9564-1. Where ISO format 2 PIN blocks are used, a unique-key-per-transaction method in accordance with ISO 11568 shall be used.
| Название | Severity | IP | Integral | |
|---|---|---|---|---|
| 1111111 111 11 1111 11111111111111111 1111111 1 11111111111111111 |
-
|
1 |
-
|
|
| 11 111111111 111 1111111111111111111111111 1111 1 11111 1111111 |
-
|
1 |
-
|
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.