diff --git a/internal/service/client_auth/service.go b/internal/service/client_auth/service.go
index a1c58b3..c1a3978 100644
--- a/internal/service/client_auth/service.go
+++ b/internal/service/client_auth/service.go
@@ -640,7 +640,7 @@ func (s *Service) resolveAssetBindingKey(ctx context.Context, tx *gorm.DB, asset
 			}
 			return "", errors.Wrap(errors.CodeInternalError, err, "查询卡资产失败")
 		}
-		return card.ICCID, nil
+		return card.VirtualNo, nil
 	}
 
 	if assetType == assetTypeDevice {
diff --git a/migrations/000087_fix_personal_device_card_binding_key.down.sql b/migrations/000087_fix_personal_device_card_binding_key.down.sql
new file mode 100644
index 0000000..e42333d
--- /dev/null
+++ b/migrations/000087_fix_personal_device_card_binding_key.down.sql
@@ -0,0 +1,8 @@
+-- 回滚：将已修复的 VirtualNo 还原为 ICCID
+-- 注意：只还原那些 virtual_no 能匹配到 iot_card.virtual_no 的记录
+UPDATE tb_personal_customer_device pcd
+SET virtual_no = ic.iccid
+FROM tb_iot_card ic
+WHERE pcd.virtual_no = ic.virtual_no
+  AND pcd.deleted_at IS NULL
+  AND ic.virtual_no != ic.iccid;
diff --git a/migrations/000087_fix_personal_device_card_binding_key.up.sql b/migrations/000087_fix_personal_device_card_binding_key.up.sql
new file mode 100644
index 0000000..43d2f02
--- /dev/null
+++ b/migrations/000087_fix_personal_device_card_binding_key.up.sql
@@ -0,0 +1,9 @@
+-- 修复个人客户设备绑定表中卡类型资产的绑定键
+-- 问题：resolveAssetBindingKey 对卡类型错误地使用了 card.ICCID，应使用 card.VirtualNo
+-- 影响：所有通过卡 ICCID 登录的个人客户绑定记录的 virtual_no 字段存的是 ICCID 而非资产虚拟号
+-- 导致：归属校验 isCustomerOwnAsset 比对 VirtualNo 时永远不匹配，返回 403
+UPDATE tb_personal_customer_device pcd
+SET virtual_no = ic.virtual_no
+FROM tb_iot_card ic
+WHERE pcd.virtual_no = ic.iccid
+  AND pcd.deleted_at IS NULL;