PIN-Set Procedures

A personal identification number is an anti-fraud measure that helps authenticate the cardholder at physical points of sale and ATMs. At the time customers activate their cards they also set a PIN. Customers may also want to set a new PIN at a later time.



When you reissue or replace a card with a new PANPAN - Primary account number. The 16-digit number that is printed on a card, beginning with the BIN. This number is not the same as the account identifier, which is the PRN, or the card identifier, which is the CAD., you must also set a new PIN. Reissued cards with the same PAN but new expiry do not need a new PIN.

You can set a PIN for a physical card or for a virtual card that is provisioned to a mobile wallet, in the event that the wallet is presented at a physical NFCNFC - Near-field communication. A wireless transmission specification for two devices at a distance of 4 cm or less. Used for mobile wallet payments at physical points of sale. device that accepts PINs. For virtual-only cards that are not in mobile wallets you do not set a PIN.

At account creation, you can set a default PIN by setting the product parameter CASPO to one of these options:

  • Last 4 digits of home phone
  • Last 4 digits of mobile phone
  • Last 4 digits of PRNPRN - Payment reference number (pmt_ref_no). The 12-digit Galileo-generated account identifier, which exists independently of the PAN or other identifiers.
  • Four zeros: 0000 (default)

For other use cases you have these options for setting a PIN for a card, either as part of the card-activation procedure or to reset a PIN.

  • Galileo IVR (automated phone system) — The cardholder calls a number that is on a sticker on the new card and inputs the card and PIN information using the phone keypad. You do not need to be PCI compliant to use this method. Contact Galileo for implementation instructions.
  • Direct render — The cardholder goes to your web page or mobile app and enters the new PIN through a form that Galileo hosts. You do not need to be PCI compliant to use this method. See Direct Render PIN-Set Procedure.
  • Direct POST — The cardholder goes to a web page or mobile app and enters the new PIN through a web page that you host. You must complete PCI-DSSPCI-DSS - Payment Card Industry Data Security Standards. A set of standards that business entities must fulfill before handling sensitive customer data such as credit-card numbers, CVVs, and expiry dates. Self-Assessment Questionnaire A-EP (191 of 250 PCI requirements) to use this procedure. See Direct POST PIN-Set Procedure.

Did this page help you?