The Challenging Path to Adopting the ISO Format 4 PIN Block

Although the payment industry uses several methods to verify cardholder identity, the Personal Identification Number (PIN) remains the most widely used cardholder verification method, particularly for transactions involving a physical card. Therefore, protecting the PIN is critical. This protection is achieved through standardized PIN block formats - encrypted data blocks which define how PIN data is securely transmitted over the payment networks. 

In this blog, we provide an overview of the ISO Format 4 PIN block and explain the obstacles organizations face when adopting ISO Format 4 and migrating to the related AES standard.

Transitioning to Modern ISO Format 4 

The most modern PIN block used by the industry is the ISO Format 4 PIN block, a format standardized by the International Organization for Standardization (ISO) as part of ISO 9564-1 in 2015. 

A strong trend in the payment industry is to move away from the older formats and adopt ISO Format 4 as it was designed to support the state-of-the-art Advanced Encryption Standard (AES) algorithm which ensures the highest levels of security. Formats like ISO 0, 1, 2, and 3 or IBM 4704 EPP, among many others, rely on the older Triple Data Encryption Standard (TDES), which for decades has been known for vulnerabilities and has been disallowed by governing bodies like NIST. Additionally, the PCI Security Standards Council is strongly encouraging adoption of AES-based formats and algorithms. 

Even though AES was introduced more than 20 years ago, many organizations in the payment industry still rely on TDES.  Why are organizations so restrained in adopting AES-based ISO Format 4?  What is challenging in adopting this format? 

Essential Role of PIN Blocks

Because PINs are short, typically from 4 to 6 digits, it needs further protection from potential attackers. 

A PIN block is a secure, encrypted data structure used in payment systems to protect a cardholder’s PIN during electronic transactions. It is created by a secure device such as an Electronic PIN Pad (EPP) built into ATMs or POS terminals and combines the PIN with account-related data using a standardized format (for example, ISO formats 0, 3, or 4) and strong encryption. On the way through payment networks up to the responsible authorization system, PIN Block is re-encrypted inside Payment HSM. This ensures that the PIN is never exposed in plaintext while being transmitted to the authorization system. 

From TDES to AES: The Industry’s Shift to Stronger PIN Block Security

Introduced in the 1970s, TDES has been one of the primary standards used to encrypt confidential data (like PIN blocks). However, over the years, it has become increasingly vulnerable. Consequently, security and certification bodies such as NIST and FIPS have disallowed the use of TDES.

In response, the industry has been steadily transitioning toward more modern and secure cryptographic standards, most notably the Advanced Encryption Standard (AES). Introduced in 2001, AES is a widely accepted specification for encrypting electronic data and is considered significantly stronger than TDES. Reflecting this shift, the PCI Security Standards Council (PCI SSC) recommends that entities operating in PCI-regulated environments migrate to AES when symmetric encryption is required.

ISO Format 4 PIN Block for the Future

ISO 9564-1 Format 4 was introduced to support stronger cryptographic algorithms like AES, offering enhanced security for modern financial transactions. Among PIN block formats, ISO Format 4 is currently the only widely used format that supports AES encryption. By enabling the secure use of larger block ciphers and incorporating more data into the PIN block, it overcomes the limitations of older formats like TDES while maintaining compatibility. The ISO Format 4 PIN block was designed based on experience with TDES formats and on principles of modern cryptography. For example, ISO Format 4 uses randomness to ensure each generated PIN block is unique even if PIN, PAN, and the PIN encryption key do not change, helping prevent various attacks and strengthen overall transaction security.

TDES is widely recognized as an outdated algorithm not appropriate for future use, while AES is state-of-the-art algorithm considered secure even in post-quantum era.

Key Roadblocks Slowing ISO Format 4 Migration

Adopting ISO Format 4 is not without challenges. It has become evident that the reason behind the slow adoption of ISO Format 4 is not the PIN block format itself, but rather the legacy systems many organizations rely on. This means that migration often requires architectural changes rather than a simple replacement of algorithms or encoding formats.

A Complete System Change

This initiative is not entirely about adopting a new PIN block standard; it represents a broader shift away from legacy systems and toward a modernized platform. Many legacy systems were implemented using individual approaches. The systems were developed without strict standards which often did not exist.

As a result, the adoption of contemporary standards requires transitioning to new algorithms and protocols, introducing changes that extend beyond simple compliance and into fundamental system transformation.

Search for Institutional Knowledge

This transition is further complicated by the age of many payment systems. Many were designed and implemented decades ago, and detailed institutional knowledge has often been lost as the teams that originally built these systems are no longer part of the organization. 

To facilitate the transition, a highly specialized knowledge base is required, which is not always available internally. As a result, organizations often must engage with professional services teams that can analyze legacy systems and support migration.

New Auditing Regime

The long-standing software development mantra “don’t touch it if it works” can be applied to some extent to payment systems as well. Legacy systems, though limited by technologies such as TDES, demonstrated a level of reliability and compliance through regular audits, reinforcing confidence in their continued operation.

Transitioning to a standards-driven system introduces a fundamentally different auditing regime. The adoption of AES and its associated standards requires audits to be conducted under new methodologies aligned with these updated requirements. Unlike legacy environments, the new standard establishes clear, consistent expectations that are uniformly applied across the industry.
This shift represents a significant change in how organizations audit their systems and engage with auditors, requiring both technical and procedural adjustments.

Change in Key Management

System changes as discussed above adhere to state-of-the-art key management techniques. The transition is driven in part by PCI requirements mandating the use of TR-31 for key wrapping. Historically, key management relied primarily on straightforward encryption of keys, with limited structure or standardization around how those keys were exchanged between entities.

Today, when keys must be shared or stored across different parties, PCI standards require the use of TR-31 or equivalent techniques. This represents a further significant departure from legacy practices. TR-31 is not simply an alternative encryption format; it introduces a comprehensive framework for key management, including defined key attributes, usage controls, and lifecycle management.

Conclusion 

The move toward the ISO Format 4 PIN block is evident and inevitable. Together with the AES algorithm, it provides stronger security and supports future compliance.

However, it is also clear that the adoption of ISO Format 4 represents a significant change for organizations. The right cybersecurity solutions and the selection of experienced technology partners are important factors for a successful transition.

Role of UTIMACO’S Payment HSMs 

Utimaco’s Atalla AT1000 and CryptoSec Payment HSMs and Utimaco’s cloud offering – Payment HSM as a Service support both AES and TDES, enabling organizations to leverage the full capabilities of our Payment HSMs to transition smoothly to AES while still accommodating limited TDES usage, such as for legacy terminals deployed in the field.
Utimaco’s Payment HSMs support the formats of PIN management and security ANSI X9.8/ISO 9564 PIN blocks 0 to 4, and other legacy techniques. 

For symmetric key management, Atalla AT1000 and CryptoSec Payment HSMs cover: TR-31, X9.24 (incl. AES and TDES DUKPT), X9.17, APACS 40/70, GBIC/DK. 

Utimaco’s Professional Services Our team of solution specialists and architects is regularly tasked with analyzing legacy systems. Our role is to help clients map and assess their existing systems, laying the groundwork for a successful migration. We provide support throughout the migration process, starting with an in-depth analysis of the current environment to ensure a seamless transition.  

About the Author

Peter Czempas

Product Marketing Manager, Utimaco