ISO 9564-4:2016规定了电子商务中个人识别码（PIN）的使用要求。范围内的PIN与在基于卡的金融交易中用作持卡人验证手段的持卡人PIN相同；值得注意的是，自动柜员机（ATM）系统、销售点（POS）终端、自动加油机和自动售货机。 它适用于需要验证PIN的金融卡交易，以及负责在电子商务中实施PIN管理技术的组织。 ISO 9564本部分的规定不包括 -用于在线银行、电话银行、数字钱包、移动支付等客户身份验证的密码、密码、密码短语和其他共享秘密。， -在零售银行系统（尤其是自动取款机（ATM）系统）中，作为持卡人验证手段的持卡人PIN的管理，point- ISO 9564-1中涵盖的销售（POS）终端、自动加油机、自动售货机、银行亭和PIN选择/更改系统， -卡代理，如手机或遥控钥匙， -ISO 9564-2中涵盖的经批准的PIN加密算法， -防止客户或发卡机构授权员工丢失或故意滥用PIN， -非PIN交易数据的隐私， -保护交易信息免受更改或替换，例如在线授权响应， -防止交易重播， -用于PIN输入的设备功能与发卡机构功能（PIN输入除外）相关， -具体的关键管理技术，以及 -通过钱包等应用程序访问和存储除PIN以外的卡数据。

ISO 9564-4:2016 provides requirements for the use of personal identification numbers (PIN) in eCommerce. The PINs in scope are the same cardholder PINs used as a means of cardholder verification in card-based financial transactions; notably, automated teller machine (ATM) systems, point-of-sale (POS) terminals, automated fuel dispensers, and vending machines. It is applicable to financial card-originated transactions requiring verification of the PIN and to those organizations responsible for implementing techniques for the management of the PIN in eCommerce. The provisions of this part of ISO 9564 are not intended to cover - passwords, passcodes, pass phrases and other shared secrets used for customer authentication in online banking, telephone banking, digital wallets, mobile payment, etc., - management of cardholder PINs for use as a means of cardholder verification in retail banking systems in, notably, automated teller machine (ATM) systems, point-of-sale (POS) terminals, automated fuel dispensers, vending machines, banking kiosks and PIN selection/change systems, which are covered in ISO 9564？1, - card proxies such as mobile phones or key fobs, - approved algorithms for PIN encipherment, which are covered in ISO 9564？2, - the protection of the PIN against loss or intentional misuse by the customer or authorized employees of the issuer, - privacy of non-PIN transaction data, - protection of transaction messages against alteration or substitution, e.g. an online authorization response, - protection against replay of the transaction, - functionality of devices used for PIN entry which is related to issuer functions other than PIN entry, - specific key management techniques, and - access to, and storage of, card data other than the PIN by applications such as wallets.