ISO/TS 12812-2:2017
(Main)Core banking — Mobile financial services — Part 2: Security and data protection for mobile financial services
Core banking — Mobile financial services — Part 2: Security and data protection for mobile financial services
ISO 12812-2:2017 describes and specifies a framework for the management of the security of MFS. It includes - a generic model for the design of the security policy, - a minimum set of security requirements, - recommended cryptographic protocols and mechanisms for mobile device authentication, financial message secure exchange and external authentication, including the following: point-to-point aspects to consider for MFS; end-to-end aspects to consider; security certification aspects; generation of mobile digital signatures; - interoperability issues for the secure certification of MFS, - recommendations for the protection of sensitive data, - guidelines for the implementation of national laws and regulations (e.g. anti-money laundering and combating the funding of terrorism (AML/CFT), and - security management considerations. In order to avoid the duplication of standardization work already performed by other organizations, this document will reference other International Standards as required. In this respect, users of this document are directed to materials developed and published by ISO/TC 68/SC 2 and ISO/IEC JTC 1/SC 27.
Opérations bancaires de base — Services financiers mobiles — Partie 2: Sécurité et protection des données pour les services financiers mobiles
General Information
Standards Content (Sample)
TECHNICAL ISO/TS
SPECIFICATION 12812-2
First edition
2017-03
Core banking — Mobile financial
services —
Part 2:
Security and data protection for
mobile financial services
Opérations bancaires de base — Services financiers mobiles —
Partie 2: Sécurité et protection des données pour les services
financiers mobiles
Reference number
ISO/TS 12812-2:2017(E)
©
ISO 2017
---------------------- Page: 1 ----------------------
ISO/TS 12812-2:2017(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2017, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO 2017 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/TS 12812-2:2017(E)
Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 2
4 Abbreviated terms . 4
5 Summary of the technical nature of the clauses . 5
6 Security management considerations . 7
6.1 General . 7
6.2 Three-layer model to manage security for mobile financial services. 8
6.2.1 Process layer . 9
6.2.2 Application layer .10
6.2.3 Infrastructure layer .10
7 Security principles and minimum requirements for mobile financial services .11
7.1 Security architecture aspects to be considered .11
7.2 Mobile financial services hardening techniques overview .13
7.2.1 General.13
7.2.2 Mobile device hardening techniques overview .13
7.2.3 Wireless networks hardening techniques overview .13
7.2.4 Secure remote management of mobile device components using OTA .14
7.2.5 Mobile financial applications hardening techniques .14
7.2.6 Platform security services .
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.