• Shopping Cart
    There are no items in your cart

PD ISO/TS 12812-2:2017

Current

Current

The latest, up-to-date edition.

Core banking. Mobile financial services Security and data protection for mobile financial services

Available format(s)

Hardcopy , PDF

Language(s)

English

Published date

30-04-2017

€322.53
Excluding VAT

Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviated terms
5 Summary of the technical nature of the clauses
6 Security management considerations
7 Security principles and minimum requirements for mobile
   financial services
8 Security requirements for cryptographic components used for MFS
9 Security evaluation and certification aspects
10 Security requirements for mobile proximate payments
11 Security requirements for mobile remote payments
12 Security requirements for mobile banking
13 Electronic money
14 Data protection requirements
Annex A (informative) - Risk analysis guidelines
Annex B (informative) - Mobile financial system implementation of
        Know-Your-Customer requirements
Annex C (informative) - Cryptographic mechanisms for mobile
        financial services
Annex D (informative) - Vulnerabilities and attacks on mobile
        financial services
Bibliography

Defines a framework for the management of the security of MFS.

Committee
IST/12
DocumentType
Standard
Pages
68
PublisherName
British Standards Institution
Status
Current

This document describes and specifies a framework for the management of the security of MFS. It includes a generic model for the design of the security policy, a minimum set of security requirements, recommended cryptographic protocols and mechanisms for mobile device authentication, financial message secure exchange and external authentication, including the following: point-to-point aspects to consider for MFS; end-to-end aspects to consider; security certification aspects; generation of mobile digital signatures; interoperability issues for the secure certification of MFS, recommendations for the protection of sensitive data, guidelines for the implementation of national laws and regulations (e.g. anti-money laundering and combating the funding of terrorism (AML/CFT), and security management considerations. In order to avoid the duplication of standardization work already performed by other organizations, this document will reference other International Standards as required. In this respect, users of this document are directed to materials developed and published by ISO/TC 68/SC 2 and ISO/IEC JTC 1/SC 27.

Standards Relationship
ISO/TS 12812-2:2017 Identical

ISO/IEC 18031:2011 Information technology Security techniques Random bit generation
ISO/IEC 17065:2012 Conformity assessment — Requirements for bodies certifying products, processes and services
ISO/IEC 17025:2005 General requirements for the competence of testing and calibration laboratories
ISO 19092:2008 Financial services — Biometrics — Security framework
ISO/IEC 9796-3:2006 Information technology — Security techniques — Digital signature schemes giving message recovery — Part 3: Discrete logarithm based mechanisms
ISO/IEC 19790:2012 Information technology — Security techniques — Security requirements for cryptographic modules
ISO/TS 12812-4:2017 Core banking — Mobile financial services — Part 4: Mobile payments-to-persons
ISO 16609:2012 Financial services — Requirements for message authentication using symmetric techniques
ISO 12812-1:2017 Core banking — Mobile financial services — Part 1: General framework
ISO/TR 14742:2010 Financial services Recommendations on cryptographic algorithms and their use
ISO/IEC 18092:2013 Information technology — Telecommunications and information exchange between systems — Near Field Communication — Interface and Protocol (NFCIP-1)
ISO 22307:2008 Financial services — Privacy impact assessment
ISO/IEC 9796-2:2010 Information technology Security techniques Digital signature schemes giving message recovery Part 2: Integer factorization based mechanisms
ISO/IEC 24759:2017 Information technology Security techniques Test requirements for cryptographic modules
ISO 21188:2006 Public key infrastructure for financial services Practices and policy framework
ISO/TS 12812-3:2017 Core banking — Mobile financial services — Part 3: Financial application lifecycle management
ISO/TS 12812-5:2017 Core banking — Mobile financial services — Part 5: Mobile payments to businesses
ISO/IEC 29100:2011 Information technology — Security techniques — Privacy framework

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.