feature story

Pin Block Formats

David Tushie – Consultant, Prime Factors, Inc.

T
The U.S. electronic payments industry sits on the edge of The white papers directly related to PIN processing are
a tidal change in technology. Issuers and merchants are available at:
incented to migrate from magnetic stripe cards to integrated
• PIN Technology and Management: http://tinyurl.com/
chip smart cards compliant with the international EMV
PrimeFactors-PINs1
standard. EMV, an acronym for Europay, MasterCard, and
Visa, established the requirements for managing electronic • PIN Block Formats: http://tinyurl.com/PrimeFactors-PINs2

payment transactions, authorizations, and cardholder • PIN Transaction Security in Payment Networks: http://
verification in new ways to reduce point-of-sale (POS) tinyurl.com/PrimeFactors-PINs3
counterfeit fraud. The standard has been in wide use
PIN Block Formats
outside the U.S. for several years, demonstrating dramatic
reductions in issuers’ costs resulting from this type of Separate from any discussion about PIN or PVV generation

fraud. Starting in October 2015, point-of-sale counterfeit and verification is the way PINs are transferred and

card losses will shift from issuers to merchants for those transported between locations and processes.

transactions where the card presented is EMV-compliant Obviously, transferring secrets (PINs are examples of shared
and the merchant POS terminal is not. secrets) requires encryption. But simply using a block cipher

One of the EMV keys to implementation, among others, has its challenges. What padding should be used for PINs
deals with verifying that the person presenting the card at less that the smallest block size? How do you know how
the point-of-sale is, indeed, the rightful cardholder. This many digits belong to the PIN? These are just a couple

verification can, in some situations, occur entirely within the of the challenges that the different standardized PIN block

scope of an EMV-compliant card reader, the EMV-compliant formats address.

card presented, and the personal identification number (PIN) The two most common PIN Block formats come from the
entered by the cardholder. This increases the importance of International Standards Organization (ISO) but it should be
PIN processing for payment card transactions since it is one noted that industry players have also developed standards
of the cardholder verification methods available to Issuers. for transporting encrypted PINs.

As part of the EMV Keys to Implementation series, Prime All the PIN blocks share the trait that they are eight bytes in
Factors presents three papers that provide insight into the length (representing 16 characters in hex format (four bits
mechanics of PIN processing for EMV. This paper, “PINs: PIN (nibble) per character)). In the case of the ISO PIN Blocks,
Block Formats” provides an introduction to the way PIN’s they also share a similar layout. One of the advantages of
are transferred and transported between various locations. the ISO formats is that there is some inherent check data
along with the actual PIN that can be used as a sanity check
on the receiving end of the encrypted PIN block.

34 CARD MANUFACTURING | SPECIAL EVENTS ONE 2015

ISO 9564 – Format 0 P: PIN
P/X: PIN or FILL (random digits as needed)
The ISO-0 PIN Block format is probably the most used PIN
block in the world. Its significant characteristic is that it ties The addition of random fill, as opposed to contiguous
the PIN to a specific PAN as part of the block data. In order repeated fill, produces a unique encrypted PIN block even
to extract the correct PIN from the block, the PAN must be for identical PINs.
known (transferred with the PIN block). ISO 9564 – Format 2
The data in an ISO PIN Block 0 is the XOR of two data items, The ISO-2 PIN Block format is used for smart card offline
the PIN and the PAN. authentication. It is similar to an ISO-1 PIN Block in that
The meanings of the PIN digits are as follows: there is no PAN to associate with the PIN. It differs in that
the fill is 0xF instead of random digits.

The meanings of the PIN digits are as follows:

Format: indicates block format (ISO-0 = 0)
Cnt: number of PIN digits (4-12 (hex ‘C’))
P: PIN Format: indicates block format (ISO-2 = 2)
P/X: PIN or FILL (hex ‘F’) as needed Cnt: number of PIN digits (4-12 (hex ‘C’))
The meanings of the PAN digits are as follows: P: PIN
P/X: PIN or FILL (0xF digits as needed)

ISO 9564 – Format 3

N: Null (0) The ISO-3 PIN Block format is an ISO-0 PIN Block with
P: Right most 12 PAN digits excluding the check digit random fill instead of 0xF. It ties the PIN to a specific PAN as
Example: part of the block data and hides those PAN digits that would
show up as inverted digits in the ISO-0 PIN Block. In order
to extract the correct PIN from the block, the PAN must be
known. Some of the card brands recommend the ISO-3
format for PIN transmissions.

A receiver of an ISO-0 PIN block, once it has been decrypted The data in an ISO PIN Block 3 is the XOR of two data items,
should make sure that the format is “0” and the count is the PIN and the PAN.
between 4 and 12 (“C”). If not, there is a good chance that The meanings of the PIN digits are as follows:
the transmission has been corrupted. If the XOR of the PAN
doesn’t produce the correct padding, again the transmission
has been corrupted. Format: indicates block format (ISO-3 = 3)
ISO 9564 – Format 1 Cnt: number of PIN digits (4-12 (hex ‘C’))
P: PIN
When the ISO-1 PIN Block format is used there is no PAN to
P/X: PIN or FILL
associate with the PIN. This could be, in the case of a VISA
(random hex digits (0x0-0xF) as needed)
PVV implementation, where the PINs are generated in one
location ahead of the PVV calculation (association to a PAN) The meanings of the PAN digits are as follows:
and needs to be transmitted to the PVV calculator.
The meanings of the PIN digits are as follows:
N: Null (0)
P: Right most 12 PAN digits excluding the check digit

Format: indicates block format (ISO-1 = 1)

Cnt: number of PIN digits (4-12 (hex ‘C’))
continued on page 36

www.icma.com 35
 feature story

Pin Block Formats, continued from page 35

Example: The meanings of the PIN digits are as follows:

Format: indicates block format (PLUS = 0)

Cnt: number of PIN digits (4-12 (hex ‘C’))
P: PIN
A receiver of an ISO-3 PIN block, once it has been decrypted, P/X: PIN or FILL (hex ‘F’) as needed
should make sure that the format is “3” and the count is
The meanings of the PAN digits are as follows:
between 4 and 12 (“C”). If not, there is a good chance that
the transmission has been corrupted.

Docutel / Diebold N: Null (0)

A Docutel / Diebold PIN Block consists of PIN digits and fill P: Left most 12 PAN digits
only. The requirement is that the fill is not a digit found in
Example:
the PIN digits.

The meanings of the PIN digits are as follows:

P: PIN
P/X: PIN or FILL (not PIN digits, as needed) Conclusion
The difference in the two formats is the typical fill character. Card issuers have strong financial incentives to provide their
For Docutel, the fill value is 0xF and for Diebold, the value cardholders EMV-compliant credit cards prior to the liability
is 0. shift date in October, 2015. Many things change with the
adoption of EMV, perhaps most significantly in the option
Plus
to use PINs to verify cardholders at the point-of-sale. This
The PLUS PIN Block is the ISO-0 format with the left most is something that the U.S. credit card payment network has
digits in the PAN being used in the XOR operation. not fully supported in the past. Understanding PIN technol-
The data in a PLUS PIN Block is the XOR of two data items, ogy and processing will assist in implementing this form of
the PIN and the PAN. cardholder verification.

36 CARD MANUFACTURING | SPECIAL EVENTS ONE 2015