When a card holder enters his PIN, the information is first encoded into a plain text PIN-block, derived from the PIN length, the PIN digits, a portion of the PAN (primay account number) and padding. The plain text PIN-block is then encrypted using a standard algorithm.
PIN numbers are entered on a PIN entry device (PED), which provides a trusted and secure environment. Such devices are tamper resistant and responsive, which means that they can detect and respond to attempts to retrieve sensitive data.
Security measures include encapsulating membranes, potting, physical sensors, secure micro-controllers and software countermeasures. The tamper response is erasure of protected data and the disabling of the device.
|ISO-0 PIN-block format||
The ISO-0 PIN-block format consists of the PIN length, PIN digits, and 'F' character padding, exclusive-ORed with the rightmost 12 PAN digits, excluding the check digit.
For example, for PIN 1234 and PAN 4987654321098765, we need to work out 04.1234.FFFFFFFFFF XOR 0000.765432109876 which gives us 0412.42AB.CDEF.6789.
|PIN-block encryption standards||