ISO 10202-1-1991 PDF

Full title and description

ISO 10202-1:1991 — Financial transaction cards — Security architecture of financial transaction systems using integrated circuit cards — Part 1: Card life cycle. Defines principles and protective techniques for integrated-circuit (IC) cards throughout their manufacture, issuance, use and end-of-life, with integral Annex A and informative Annexes B and C.

Abstract

This part of ISO 10202 specifies the security principles and procedures to protect integrated circuits on financial transaction cards during the complete card life cycle (manufacture, personalisation/issuance, in-service use and termination). It describes life‑cycle characteristics that extend those in magnetic‑stripe card standards and includes guidance on risks and security controls in annexes.

General information

• Status: Withdrawn / Annulled.
• Publication date: September 1991 (Edition 1).
• Publisher: International Organization for Standardization (ISO).
• ICS / categories: 35.240.15 (Identification cards. Chip cards. Biometrics).
• Edition / version: Edition 1 (1991) — with Technical Corrigendum 1 issued 1999.
• Number of pages: 9 pages (main document).

Key bibliographic and status details taken from the ISO catalogue entry for ISO 10202-1:1991 and its corrigendum.

Scope

Specifies techniques and organisational procedures for protecting ICs on financial transaction cards across their entire life cycle (manufacture, delivery/issuance, operational use and decommissioning). Applies to organisations responsible for implementing security procedures for integrated-circuit components and the cards that contain them, and supplements requirements for magnetic‑stripe bank cards where applicable.

Key topics and requirements

• Life‑cycle security requirements for IC cards: manufacture, personalisation/issuance, use, termination.
• Principles for protection of IC hardware and associated data during transit and storage.
• Operational procedures and responsibilities for issuers, manufacturers and service providers.
• Annex A (integral) describing security audit areas and card data zones; Annexes B and C (informative) on risk measures and additional guidance.
• Technical Corrigendum 1 (1999) providing editorial/technical corrections to the original text.

These topics are drawn from the standard text and ISO catalogue summaries.

Typical use and users

Used by card manufacturers, card issuers (banks and financial institutions), personalisation bureaux, security auditors and system integrators designing, producing and operating financial transaction systems that use integrated‑circuit cards. Also referenced by standards committees and organisations defining transaction processing and key management policies.

Related standards

ISO 10202 is a multipart series addressing security architecture for IC financial cards; related parts include transaction process (Part 2), cryptographic key relationships (Part 3), secure application modules (Part 4), use of algorithms (Part 5), cardholder verification (Part 6), key management (Part 7) and general principles/overview (Part 8). Many parts in the series were published in the 1990s and the series has since been withdrawn as listed in standards catalogues.

Keywords

financial transaction cards; integrated circuit card (ICC); IC card life cycle; card security; card issuance; personalisation; key management; cardholder verification; cryptographic relationships; ISO 10202.

FAQ

Q: What is this standard?

A: ISO 10202-1:1991 is Part 1 of the ISO 10202 series, titled "Card life cycle", that sets out security architecture principles for financial transaction systems using integrated circuit cards.

Q: What does it cover?

A: It covers protective techniques and organisational procedures to safeguard ICs and IC cards from manufacture through issuance, use and termination, with an integral Annex A and informative annexes on risk and controls.

Q: Who typically uses it?

A: Card manufacturers, issuers, personalisation bureaus, security auditors, payment-system integrators and standards bodies working on card security and transaction processing.

Q: Is it current or superseded?

A: ISO 10202-1:1991 has been withdrawn (the ISO catalogue marks it as withdrawn/annulled). A Technical Corrigendum was issued in 1999; the ISO 10202 multipart series was published through the 1990s and many parts were later withdrawn or replaced by other norms and newer ISO/IEC standards and technical work in the card and payment domain. For procurement or compliance purposes, consult the current ISO catalogue or national standards body for any successor documents.

Q: Is it part of a series?

A: Yes — ISO 10202 is a multipart standard covering security architecture for financial transaction systems using integrated circuit cards (Parts 1–8), each addressing a different aspect such as life cycle, transaction process, key relationships, secure modules, algorithms, cardholder verification, key management and overview.

Q: What are the key keywords?

A: Financial transaction cards, IC cards, life cycle security, card issuance, personalisation, cryptography, key management, cardholder verification.