Understanding : PIN BLOCK

Inspired by a discussion where I was asked to explain how a PIN Block works, this article sheds light on the subject. Often finding myself among bright minds, I aim to provide clarity on the topic.

In the case of magnetic stripe cards, the verification process commences when a cardholder enters their PIN on an ATM keyboard or a POS terminal. During online verification, the entered PIN is encrypted, transmitted, decrypted, and compared to a reference PIN that is exclusively available in the issuer's processing center. The minimum length for a PIN is four digits, but issuers can choose to support longer PINs, up to a maximum of 12 digits. It's important to note that ATM acquirers are not obligated to support PINs longer than six digits.

A PIN Block serves as an integral part of the PIN security process used in various financial systems, including debit card transactions. Its formation involves combining the Personal Identification Number (PIN) with additional data to enhance security during transmission. The specific method of creating a PIN Block may vary depending on the cryptographic algorithm employed. It is worth exploring ISO 9564 for a deeper understanding of different PIN Block formats and their intricacies.

The initial step involves constructing a data block, known as the Pin Block, which combines the PIN and the card PAN using a standardized method. One commonly used standard for encoding a Pin Block is ISO 9564-1 Format 0 (such as ANSI X9.8 or VISA-1). The ISO-0 Pin Block format supports a PIN length of 4 to 12 digits.

Credit : CompTIA Security+ 2008 in Depth

Clear PIN:

The Clear PIN refers to the original PIN entered by the cardholder, typically a numeric code.

For instance, let's assume the Clear PIN is "1234".

PAN:

PAN stands for Primary Account Number, representing the unique identifier of the cardholder's account.

The PAN is obtained from the debit card used in the transaction.

For example, let's assume the PAN is "5432101234567890".

Padding:

Padding ensures a consistent length for processing by adding extra digits or characters to the Clear PIN or PAN.

The specific padding method may vary depending on the cryptographic algorithm used.

For instance, if the Clear PIN is four digits and the PAN requires six digits, the Clear PIN can be padded with zeros at the end, resulting in "1234 0000".

XOR Operation:

The Clear PIN and the padded PAN are combined using an XOR (exclusive OR) operation.

The XOR operation merges corresponding bits of the Clear PIN and the padded PAN, yielding a new value.

For example, performing an XOR operation on "06123456FFFFFFFF" and "0000210123456789" would result in "06121557DCBA9876".

Steps for calculating this type of encoding by example:

• PIN Padding

Format a 16-byte PIN as follows: [0] [Length][PIN] [Padding]

[0] indicates the use of ISO-0 format.

[Length] represents a one-byte Length.

[PIN] denotes the provided PIN.

[Padding] is typically 'F'.

So, for a PIN of '123456', the padded PIN should be: '06123456FFFFFFFF'.

• PAN Padding

Format a 16-byte PAN as follows: [0000][12-digit PAN]

Retrieve the 12 rightmost digits of the PAN (excluding the check digit) and left pad the result with zeros.

So, for a PAN of '5432101234567890', the padded PAN should be: '0000210123456789'.

• XOR Operation:

Perform an XOR operation on the two values:

XOR the padded PIN and the padded PAN.

For example, XOR operation on '06123456FFFFFFFF' and '0000210123456789' would result in '06121557DCBA9876'. This is the clear PIN Block.

https://xor.pw/#

Encryption:

The resulting XOR value, the PIN Block, is then encrypted using a robust cryptographic algorithm. The encryption process ensures that the PIN Block is transformed into a secure and unreadable format.

Financial institutions typically implement their own security measures, which may include proprietary encryption algorithms, to protect PIN information.