Welcome to our new developer portal! Use the "Ask" button to chat with our AI Agent.
For the complete documentation index, see llms.txt. This page is also available as Markdown.

Change a PIN

To limit the exposure of the PIN in a physical card, the issuer application delegates the task of changing the PIN to D1 SDK.

These are the PIN formats (from issuer backend) that are currently supported:

  • PIN ISO0

  • PIN 3DES Seccos

User Experience

Sample PIN change screen in the Issuer Application

Flow

High-level flow to change a PIN
  1. The user authenticates on the banking app and request to change the PIN

  2. An internal call is made to the SDK

  3. Capture securely the PIN

  4. D1 BackEnd API

  5. D1 transciphers the PIN from device key to Issuer key

  6. Set the PIN to Issuer backend

Sequence Diagram

Pre-requisites

  • Consumer, account and card already registered in D1

  • SDK is properly initialized

  • Issuer App called D1 SDK login API.

Sequence diagram for PIN change

Required APIs

API
Inbound/Outbound
Description

Issuer <- Thales D1

Get an OAuth 2.0 access token to call the Issuer backend.

Issuer <- Thales D1

Set the PIN from mobile app to the Issuer backend.

Conditional APIs

API
Inbound/Outbound
Description

Issuer <- Thales D1

In case of PIN Seccos. Used to retreive the PIN Change Counter needed for PIN Computation

SDK

Note

For enhanced security, the Change PIN API has a stricter default last login timeout period than the other APIs. To ensure successful PIN change, you have to manage the login/re-login flow to complete the login within the allocated time before submitting the PIN change.

Last updated

Was this helpful?