OBSIDIAN PIN:
SECURE PIN MANAGEMENT

Securely managing PINs is critical to establishing consumer trust in their bank.

Financial institutions that can offer secure, remote PIN reminders or PIN resets, typically via mobile devices, give themselves a competitive advantage, as they can provide a great customer experience that enables speedy, authorized access to accounts once again.

We recognize the importance of digital PIN management, crafting solutions that enable:

• New PINs: Randomly issued PINs for new cards
• Personalization: Self-selection of a preferred PIN during the customer onboarding process
• Choice: PIN changes after the card is issued (whether managed online or offline)
• Reminders: PIN reminders delivered securely via phone, app, web or text message (such as through one-time-passcodes)
• Secure storage and verification of PINs

Obsidian PIN can be implemented as the system of record for PINs.

Storing PIN data in the Obsidian PIN Vault, rather than in a Card Management System, helps existing systems to achieve PCI compliance, while ensuring that strong encryption and aliasing techniques are used to protect stored PINs.

If customers cannot self-select a PIN when the card is issued, Obsidian PIN helps by supporting the generation of PINs individually on demand, or in bulk batches. It also allows subsequent changes of PINs.

Easy integrations and verification

Obsidian PIN integrates with existing infrastructure through web services APIs and can also support messaging and XML file-based interfaces, such as for bulk PIN import.

Depending on the implementation options selected, Obsidian PIN will interface with:

• Card management systems
• Web and mobile banking servers
• SMS gateways
• IVR servers
• Authorization systems
• Core banking systems

Our technology masters have also created a simple API that can be used for verification purposes during transaction processing or for cardholder identification.

ObsidianPIN delivers PIN Verification Values (PVVs) and/or PIN Offsets to existing authorization systems or networks, and can also interact with our ObsidianIssuance module or other data preparation systems to inject PINs into the card personalization process.

Obsidian PIN offers connectivity to an API that enables mobile banking app and website designers to implement the security protocols developed by our cryptography master craftsmen.

These ensure that PIN data is:

• Always encrypted in transmission
• Never associated with card or personal data
• Protected even within insecure browser domains.

With our API, designers can develop PIN capture and display features in web and mobile apps that maintain the issuer’s UX, while using our technologies to deliver high security.

If easy API integrations aren’t for you, we also offer a JavaScript widget that can be used in a browser-based web channel to invoke an on-screen Virtual PIN Pad™. In addition to using our end-to-end security protocol, this widget implements extra security features to prevent key logging and screen-scraping attacks.

All of our Obsidian PIN capture and display processes meet the highest security standards demanded by the Payment Card Industry Security Standards Council (PCI SSC) and card payment schemes.