Skip to content
Please enter a keyword to search

  • PD ISO/TS 12812-2:2017

    Current The latest, up-to-date edition.

    Core banking. Mobile financial services Security and data protection for mobile financial services

    Available format(s):  Hardcopy, PDF

    Language(s):  English

    Published date:  30-04-2017

    Publisher:  British Standards Institution

    Add To Cart

    Table of Contents - (Show below) - (Hide below)

    Foreword
    Introduction
    1 Scope
    2 Normative references
    3 Terms and definitions
    4 Abbreviated terms
    5 Summary of the technical nature of the clauses
    6 Security management considerations
    7 Security principles and minimum requirements for mobile
       financial services
    8 Security requirements for cryptographic components used for MFS
    9 Security evaluation and certification aspects
    10 Security requirements for mobile proximate payments
    11 Security requirements for mobile remote payments
    12 Security requirements for mobile banking
    13 Electronic money
    14 Data protection requirements
    Annex A (informative) - Risk analysis guidelines
    Annex B (informative) - Mobile financial system implementation of
            Know-Your-Customer requirements
    Annex C (informative) - Cryptographic mechanisms for mobile
            financial services
    Annex D (informative) - Vulnerabilities and attacks on mobile
            financial services
    Bibliography

    Abstract - (Show below) - (Hide below)

    Defines a framework for the management of the security of MFS.

    Scope - (Show below) - (Hide below)

    This document describes and specifies a framework for the management of the security of MFS. It includes a generic model for the design of the security policy, a minimum set of security requirements, recommended cryptographic protocols and mechanisms for mobile device authentication, financial message secure exchange and external authentication, including the following: point-to-point aspects to consider for MFS; end-to-end aspects to consider; security certification aspects; generation of mobile digital signatures; interoperability issues for the secure certification of MFS, recommendations for the protection of sensitive data, guidelines for the implementation of national laws and regulations (e.g. anti-money laundering and combating the funding of terrorism (AML/CFT), and security management considerations. In order to avoid the duplication of standardization work already performed by other organizations, this document will reference other International Standards as required. In this respect, users of this document are directed to materials developed and published by ISO/TC 68/SC 2 and ISO/IEC JTC 1/SC 27.

    General Product Information - (Show below) - (Hide below)

    Committee IST/12
    Document Type Standard
    Publisher British Standards Institution
    Status Current

    Standards Referencing This Book - (Show below) - (Hide below)

    ISO/IEC 18031:2011 Information technology Security techniques Random bit generation
    ISO/IEC 17065:2012 Conformity assessment — Requirements for bodies certifying products, processes and services
    ISO/IEC 17025:2005 General requirements for the competence of testing and calibration laboratories
    ISO 19092:2008 Financial services — Biometrics — Security framework
    ISO/IEC 9796-3:2006 Information technology — Security techniques — Digital signature schemes giving message recovery — Part 3: Discrete logarithm based mechanisms
    ISO/IEC 19790:2012 Information technology — Security techniques — Security requirements for cryptographic modules
    ISO/TS 12812-4:2017 Core banking — Mobile financial services — Part 4: Mobile payments-to-persons
    ISO 16609:2012 Financial services — Requirements for message authentication using symmetric techniques
    ISO 12812-1:2017 Core banking — Mobile financial services — Part 1: General framework
    ISO/TR 14742:2010 Financial services Recommendations on cryptographic algorithms and their use
    ISO/IEC 18092:2013 Information technology — Telecommunications and information exchange between systems — Near Field Communication — Interface and Protocol (NFCIP-1)
    ISO 22307:2008 Financial services — Privacy impact assessment
    ISO/IEC 9796-2:2010 Information technology Security techniques Digital signature schemes giving message recovery Part 2: Integer factorization based mechanisms
    ISO/IEC 24759:2017 Information technology Security techniques Test requirements for cryptographic modules
    ISO 21188:2006 Public key infrastructure for financial services Practices and policy framework
    ISO/TS 12812-3:2017 Core banking — Mobile financial services — Part 3: Financial application lifecycle management
    ISO/TS 12812-5:2017 Core banking — Mobile financial services — Part 5: Mobile payments to businesses
    ISO/IEC 29100:2011 Information technology — Security techniques — Privacy framework
    View more information

    • Access your standards online with a subscription

      Features

      • Simple online access to standards, technical information and regulations
      • Critical updates of standards and customisable alerts and notifications
      • Multi - user online standards collection: secure, flexibile and cost effective