A personal identification number is an anti-fraud measure that helps authenticate the cardholder at physical points of sale and ATMs. At the time customers activate their cards they also set a PIN. Customers may also want to set a new PIN at a later time.
You have four options for setting a PIN for a card, either as part of the card-activation procedure or to reset a PIN:
- Galileo IVR (automated phone system) — The cardholder calls a number that is on a sticker on the new card and inputs the card and PIN information using the phone keypad. You do not need to be PCI compliant to use this method. Contact Galileo for implementation instructions.
- Direct render — The cardholder goes to your web page or mobile app and enters the new PIN through a form that Galileo hosts. You do not need to be PCI compliant to use this method. See Direct Render PIN-Set Procedure.
- Direct POST — The cardholder goes to a web page or mobile app and enters the new PIN through a web page that you host. You must complete PCI-DSSPCI-DSS - Payment Card Industry Data Security Standards. A set of standards that business entities must fulfill before handling sensitive customer data such as credit-card numbers, CVVs, and expiry dates. Self-Assessment Questionnaire A-EP (191 of 250 PCI requirements) to use this procedure. See Direct POST PIN-Set Procedure.
- API — You must have your own hardware security module (HSM) and be fully PCI compliant to use this method. Contact Galileo for implementation instructions.
Updated about 1 year ago