【国外标准】 TG-3 Retail Financial Services Compliance Guideline - Part 1: PIN Security and Key Management

This guideline applies to all organizations using the Triple Data Encryption Algorithm - TDEA (Reference 7) for the encryption of PINs used for retail financial services such as POS and ATM transactions, messages among retailers and financial institutions, and interchange messages among acquirers, switches and card issuers. The guideline should be completed by all organizations acquiring or processing transactions containing PINs, from the terminal driving system to the authorizing entity. The guideline Control Objectives address security controls from the PIN entry device to the interface delivering the transaction to the authorizing entity. When this guideline is completed by a device manufacturer, the Control Objectives are intended to evaluate the manufacturing environment and the device's ability to be implemented in a manner compliant with X9.8 and X9.24 (all parts).