A personal identification number is an anti-fraud measure that helps authenticate the cardholder at physical points of sale and ATMs. At the time customers activate their cards they also set a PIN. Customers may also want to set a new PIN at a later time.
Note
When you reissue or replace a card with a new <<glossary:PAN>>, you must also set a new PIN. Reissued cards with the same PAN but new expiry do not need a new PIN.
You can set a PIN for a physical card or for a virtual card that is provisioned to a mobile wallet, in the event that the wallet is presented at a physical <<glossary:NFC>> device that accepts PINs. For virtual-only cards that are not in mobile wallets you do not set a PIN.
At account creation, you can set a default PIN by setting the product parameter CASPO to one of these options:
Last 4 digits of home phone
Last 4 digits of mobile phone
Last 4 digits of <<glossary:PRN>>
No PIN
For other use cases you have these options for setting a PIN for a card, either as part of the <a href="doc:activate-card-procedure" target="_blank">card-activation procedure</a> or to reset a PIN.
**Direct render** — The cardholder goes to your web page or mobile app and enters the new PIN through a form that Galileo hosts. You do not need to be PCI compliant to use this method. See [Direct Render PIN-Set Procedure](🔗).
**Direct POST** — The cardholder goes to a web page or mobile app and enters the new PIN through a web page that you host. You must complete <<glossary:PCI-DSS>> Self-Assessment Questionnaire A-EP (191 of 250 PCI requirements) to use this procedure. See [Direct POST PIN-Set Procedure](🔗).
**Offline PIN** — Some non-U.S. jurisdictions require offline PIN validation, where the PIN is written to the <<glossary:EMV>> chip and the card reader validates the typed PIN against the PIN on the chip. See [Offline PIN](🔗) for directions.
**Galileo IVR (automated phone system)** — The cardholder calls a number that is on a sticker on the new card and inputs the card and PIN information using the phone keypad. You do not need to be PCI compliant to use this method.
<!--]-->