DK PIN Change (CSNBDPC)

Edit online

Use the DK PIN Change verb to update the personal identification number (PIN) reference value or word (PRW) for a specified account when a cardholder uses a bank or credit card at an ATM or point-of-sale (POS) terminal to update a card with a new PIN, in other words, to change the current PIN to a customer-selected PIN.

When cardholders use a terminal to update a card with a new PIN, they enter the current PIN and the new PIN. At the terminal, the current PIN is formatted into an ISO-0, ISO-1, ISO-2, ISO-3 or, beginning with Release 5.4, ISO-4 PIN-block and enciphered using a PIN encrypting key for the current PIN. Likewise, the new PIN is formatted into an ISO-0, ISO-1, ISO-2, ISO-3 or, beginning with Release 5.4, ISO-4 PINblock and enciphered using a PIN encrypting key for the new PIN.

The account of a cardholder is uniquely identified by a 10 - 19 digit primary account number (PAN) of the bank or credit card. Additional information normally available on the card is a time-sensitive card expiry date and a time-invariant (permanent) card sequence number. The verb verifies the current PIN by deciphering the current ISO-1 PIN block and uses the recovered PIN and other additional information to verify the current PIN. If the current PIN does not verify, the process is aborted and an error is returned. If it does verify, the new PIN is recovered from the new ISO-1 PIN block and is reformatted into a DK-defined PIN block that is used with a new PRW random value and other information to calculate a new PRW. The new PRW and associated new PRW random value are returned to be used as input later by other PIN processes for PIN verification.

A card script can be created and encrypted for use later to update a customer smart (chip) card. To create a TDES-encrypted card script, specify either the TDES-CBC or TDES-ECB script selection keyword in the rule array. Beginning with Release 4.4, to create an AES-encrypted card script, specify AES-CBC.

If validation of the PIN is desired to personalize a smart card, specify the EPB PIN block output selection rule-array keyword. This keyword causes an output encrypted PIN block to be returned along with a PIN block MAC. The MAC is calculated over the output PIN block and additional card data using the block cipher-based MAC algorithm, called CMAC (refer to NIST SP 800-38B).

Notes:

  1. If the PIN recovered from the new_ISO1_PIN_block variable is found in the weak PIN table, it is rejected and an error is returned indicating that the selected PIN was in the weak PIN table.
  2. This verb supports PCI-HSM 2016 compliant-tagged key tokens.

This verb does not need to document any Usage notes.