🔥🔥 Don’t Miss Out on Our End of Autumn Sale. If you have any questions, feel free to click the bottom right corner to contact our customer service..

Concat us[email protected]
Shopping Cart

No products in the cart.

🔍
BSI PD ISO/TS 12812-2:2017

BSI PD ISO/TS 12812-2:2017

$198.66

Core banking. Mobile financial services – Security and data protection for mobile financial services

Published By Publication Date Number of Pages
BSI 2017 68
PDF Format Searchable Printable Preview Now
Guaranteed Safe Checkout
Category:

If you have any questions, feel free to reach out to our online customer service team by clicking on the bottom right corner. We’re here to assist you 24/7.
Email:[email protected]

This document describes and specifies a framework for the management of the security of MFS. It includes

  • a generic model for the design of the security policy,

  • a minimum set of security requirements,

  • recommended cryptographic protocols and mechanisms for mobile device authentication, financial message secure exchange and external authentication, including the following:

    1. point-to-point aspects to consider for MFS;

    2. end-to-end aspects to consider;

    3. security certification aspects;

    4. generation of mobile digital signatures;

  • interoperability issues for the secure certification of MFS,

  • recommendations for the protection of sensitive data,

  • guidelines for the implementation of national laws and regulations (e.g. anti-money laundering and combating the funding of terrorism (AML/CFT), and

  • security management considerations.

In order to avoid the duplication of standardization work already performed by other organizations, this document will reference other International Standards as required. In this respect, users of this document are directed to materials developed and published by ISO/TC 68/SC 2 and ISO/IEC JTC 1/SC 27.

PDF Catalog

PDF Pages PDF Title
7 Foreword
8 Introduction
11 1 Scope
2 Normative references
12 3 Terms and definitions
14 4 Abbreviated terms
15 5 Summary of the technical nature of the clauses
17 6 Security management considerations
6.1 General
18 6.2 Three-layer model to manage security for mobile financial services
19 6.2.1 Process layer
20 6.2.2 Application layer
6.2.3 Infrastructure layer
21 7 Security principles and minimum requirements for mobile financial services
7.1 Security architecture aspects to be considered
23 7.2 Mobile financial services hardening techniques overview
7.2.1 General
7.2.2 Mobile device hardening techniques overview
7.2.3 Wireless networks hardening techniques overview
24 7.2.4 Secure remote management of mobile device components using OTA
7.2.5 Mobile financial applications hardening techniques
25 7.2.6 Platform security services
26 7.2.7 Application level security services for mobile financial applications
27 7.2.8 Application management security services
7.3 Minimum set of security requirements for mobile financial services
7.3.1 General
7.3.2 Remote MFS access requirements
28 7.3.3 Transaction processing requirements
29 7.3.4 Protection of sensitive data
30 7.3.5 Mobile device requirements
7.3.6 Customer education
31 7.4 Minimum set of security requirements for mobile application management
7.4.1 Customer enrolment and provisioning requirements
7.4.2 Key management
32 7.4.3 Mobile financial service provider and trusted service manager exchanges
7.4.4 Application downloading
7.4.5 Application deactivation
7.5 Summary: Requirements for security services for mobile financial services
33 8 Security requirements for cryptographic components used for MFS
8.1 Mobile device secure environments
8.1.1 Mobile Device requirements for MFS
34 8.1.2 Software-based secure environment
8.1.3 Trusted execution environment (TEE)
36 8.1.4 Secure element requirements
38 8.1.5 Secure element requirements for digital signature services
40 8.2 Security requirements for cryptographic modules used for MFS
8.2.1 General
8.2.2 List of requirements for cryptographic hardware modules
41 8.2.3 Requirements for cryptographic software modules
9 Security evaluation and certification aspects
9.1 General recommendation
9.2 Cryptographic modules
42 9.3 Software modules
9.4 Interoperability of security certifications
43 9.5 Guidance for TEE security evaluation and certification
10 Security requirements for mobile proximate payments
10.1 General
44 10.2 Common security requirements
10.2.1 Integrity of sensitive data and applications at rest
10.2.2 Authentication
10.2.3 Data protection in transit
11 Security requirements for mobile remote payments
11.1 General
45 11.2 Security requirements
11.2.1 Authentication
11.2.2 Proof of consent
11.2.3 Payment gateway processing requirements
12 Security requirements for mobile banking
12.1 General
46 12.2 Authentication considerations
47 12.3 Security requirements
13 Electronic money
13.1 General
13.2 Anonymity requirements
13.3 Security requirements
48 14 Data protection requirements
14.1 General considerations and legal framework for compliance
49 14.2 Requirements and recommendations for data protection
14.2.1 Requirements
14.2.2 Recommendations for data protection
14.3 Privacy assessment
50 Annex A (informative) Risk analysis guidelines
55 Annex B (informative) Mobile financial system implementation of Know-Your-Customer requirements
56 Annex C (informative) Cryptographic mechanisms for mobile financial services
61 Annex D (informative) Vulnerabilities and attacks on mobile financial services
65 Bibliography

Related products

BSI PD ISO/TS 12812-2:2017
$198.66