PD ISO/TS 12812-2:2017
Current
The latest, up-to-date edition.
Core banking. Mobile financial services Security and data protection for mobile financial services
Hardcopy , PDF
English
30-04-2017
Important note : Users cannot be edited or removed once added to your Multi user PDF.
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviated terms
5 Summary of the technical nature of the clauses
6 Security management considerations
7 Security principles and minimum requirements for mobile
financial services
8 Security requirements for cryptographic components used for MFS
9 Security evaluation and certification aspects
10 Security requirements for mobile proximate payments
11 Security requirements for mobile remote payments
12 Security requirements for mobile banking
13 Electronic money
14 Data protection requirements
Annex A (informative) - Risk analysis guidelines
Annex B (informative) - Mobile financial system implementation of
Know-Your-Customer requirements
Annex C (informative) - Cryptographic mechanisms for mobile
financial services
Annex D (informative) - Vulnerabilities and attacks on mobile
financial services
Bibliography
Defines a framework for the management of the security of MFS.
| Committee |
IST/12
|
| DocumentType |
Standard
|
| Pages |
68
|
| PublisherName |
British Standards Institution
|
| Status |
Current
|
This document describes and specifies a framework for the management of the security of MFS. It includes a generic model for the design of the security policy, a minimum set of security requirements, recommended cryptographic protocols and mechanisms for mobile device authentication, financial message secure exchange and external authentication, including the following: point-to-point aspects to consider for MFS; end-to-end aspects to consider; security certification aspects; generation of mobile digital signatures; interoperability issues for the secure certification of MFS, recommendations for the protection of sensitive data, guidelines for the implementation of national laws and regulations (e.g. anti-money laundering and combating the funding of terrorism (AML/CFT), and security management considerations. In order to avoid the duplication of standardization work already performed by other organizations, this document will reference other International Standards as required. In this respect, users of this document are directed to materials developed and published by ISO/TC 68/SC 2 and ISO/IEC JTC 1/SC 27.
| Standards | Relationship |
| ISO/TS 12812-2:2017 | Identical |
| ISO/IEC 18031:2011 | Information technology Security techniques Random bit generation |
| ISO/IEC 17065:2012 | Conformity assessment — Requirements for bodies certifying products, processes and services |
| ISO/IEC 17025:2005 | General requirements for the competence of testing and calibration laboratories |
| ISO 19092:2008 | Financial services — Biometrics — Security framework |
| ISO/IEC 9796-3:2006 | Information technology — Security techniques — Digital signature schemes giving message recovery — Part 3: Discrete logarithm based mechanisms |
| ISO/IEC 19790:2012 | Information technology — Security techniques — Security requirements for cryptographic modules |
| ISO/TS 12812-4:2017 | Core banking — Mobile financial services — Part 4: Mobile payments-to-persons |
| ISO 16609:2012 | Financial services — Requirements for message authentication using symmetric techniques |
| ISO 12812-1:2017 | Core banking — Mobile financial services — Part 1: General framework |
| ISO/TR 14742:2010 | Financial services Recommendations on cryptographic algorithms and their use |
| ISO/IEC 18092:2013 | Information technology — Telecommunications and information exchange between systems — Near Field Communication — Interface and Protocol (NFCIP-1) |
| ISO 22307:2008 | Financial services — Privacy impact assessment |
| ISO/IEC 9796-2:2010 | Information technology Security techniques Digital signature schemes giving message recovery Part 2: Integer factorization based mechanisms |
| ISO/IEC 24759:2017 | Information technology Security techniques Test requirements for cryptographic modules |
| ISO 21188:2006 | Public key infrastructure for financial services Practices and policy framework |
| ISO/TS 12812-3:2017 | Core banking — Mobile financial services — Part 3: Financial application lifecycle management |
| ISO/TS 12812-5:2017 | Core banking — Mobile financial services — Part 5: Mobile payments to businesses |
| ISO/IEC 29100:2011 | Information technology — Security techniques — Privacy framework |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.