This document defines a common terminology to be used in the context of third-party payment (TPP). Next, it establishes two logical structural models in which the assets to be protected are clarified. Finally, it specifies security objectives based on the analysis of the logical structural models and the interaction of the assets affected by threats, organizational security policies and assumptions. These security objectives are set out in order to counter the threats resulting from the intermediary nature of TPPSPs offering payment services compared with simpler payment models where the payer and the payee directly interact with their respective account servicing payment service provider (ASPSP). This document assumes that TPP-centric payments rely on the use of TPPSP credentials and the corresponding certified processes for issuance, distribution and renewal purposes. However, security objectives for such processes are out of the scope of this document. NOTEÂ Â Â Â Â Â This document is based on the methodology specified in the ISO/IEC 15408 series. Therefore, the security matters that do not belong to the TOE are dealt with as assumptions, such as the security required by an information system that provides TPP services and the security of communication channels between the entities participating in a TPP business.

  • Standard
    40 pages
    English language
    sale 15% off
  • Draft
    40 pages
    English language
    sale 15% off

This document defines and describes the structure for the codes for an internationally valid system to classify financial instruments. The classification system applies to financial instruments negotiated internationally as well as to domestic instruments. The term “financial instruments” refers not only to classical securities and derivatives but also covers the innovative financial products that have emerged in different markets (a trend that is expected to continue in the future). This document is intended for use in any application in the trading and administration of financial instruments in the international securities business. Insofar as the trading and administration of securities do not affect other countries, the application of this document remains at the discretion of the responsible national bodies, such as stock exchanges, banks, brokers, regulatory bodies and other institutions active in the securities field. In principle, the CFI code reflects characteristics that are defined when a financial instrument is issued and that remain unchanged during its entire lifetime. However, a few events that can lead to a new CFI code for the same instrument are anticipated, such as the changing of voting rights or ownership restrictions by a stockholders' meeting.

  • Standard
    9 pages
    English language
    sale 15% off
  • Standard
    9 pages
    English language
    sale 15% off
  • Draft
    9 pages
    English language
    sale 15% off

This document provides a uniform structure for the identification of financial instruments as well as referential instruments (see Annex A) using a unique identification code and associated minimum descriptive data (see Annex B).

  • Standard
    15 pages
    English language
    sale 15% off
  • Standard
    15 pages
    English language
    sale 15% off
  • Draft
    15 pages
    English language
    sale 15% off

This document describes the Registration Authority (RA) responsible for the registry of IBAN formats that conform with ISO 13616-1, the procedures for registering IBAN formats that conform with the ISO 13616 series and the structure of the registry.

  • Standard
    3 pages
    English language
    sale 15% off
  • Draft
    3 pages
    English language
    sale 15% off

This document specifies the elements of an international bank account number (IBAN) used to facilitate the processing of data internationally in data interchange, in financial environments as well as within and between other industries. The IBAN is designed for automated processing but can also be used conveniently in other media interchange when appropriate (e.g. paper document exchange). This document does not specify internal procedures, file organization techniques, storage media or languages to be used in its implementation, nor is it designed to facilitate the routing of messages within a network. It is applicable to the textual data which might be conveyed through a system (network).

  • Standard
    8 pages
    English language
    sale 15% off
  • Draft
    8 pages
    English language
    sale 15% off

This document specifies how to describe the characteristics of banking products or services (BPoS) from a customer's perspective. Characteristics of a BPoS can be observed from different facets, called key elements, which are divided into three groups: required, optional or voluntary elements. This document elaborates on the purpose, content and description approach for the required and optional key elements. Six levels of conformity are described in this document which are intended to allow a customer to assess the coverage of key elements in a BPoS. The logical and physical formats to express key elements are also defined. This document excludes requirements of a BPoS itself and specific value ranges of any key element are out of the scope. This document guides the provider of BPoS in describing their products or services with the intent to help customers understand or compare specific BPoS. It is not applicable to describing securities or insurance-related products or services. BPoS can be issued by banks and other institutions.

  • Standard
    51 pages
    English language
    sale 15% off

This document specifies the minimum elements of an unambiguous legal entity identifier (LEI) scheme to identify the legal entities relevant to any financial transaction. It is applicable to "legal entities", which include, but are not limited to, unique parties that are legally or financially responsible for the performance of financial transactions or have the legal right in their jurisdiction to enter independently into legal contracts, regardless of whether they are incorporated or constituted in some other way (e.g. trust, partnership, contractual). It includes governmental organizations, supranationals and individuals when acting in a business capacity[1], but excludes natural persons. It also includes international branches as defined in 3.5. The LEI is designed for automated processing. It can also be conveniently used in other media interchange when appropriate (e.g. paper document exchange). NOTE Examples of eligible legal entities include, without limitation: — all financial intermediaries; — banks and finance companies; — international branches; — all entities that issue equity, debt or other securities for other capital structures; — all entities listed on an exchange; — all entities that trade financial instruments or are otherwise parties to financial transactions, including business entities, pension funds and investment vehicles such as collective investment funds (at umbrella and sub-fund level) and other special purpose vehicles that have a legal form; — all entities under the purview of a financial regulator and their affiliates, subsidiaries and holding companies; — sole traders (as an example of individuals acting in a business capacity); — counterparties to financial transactions. [1] As stated by the LEI Regulatory Oversight Committee on 30 September 2015.

  • Standard
    8 pages
    English language
    sale 15% off

This document specifies a standardised way of embedding the legal entity identifier (LEI) code, as represented in ISO 17442-1, in digital certificates, represented by the International Telecommunications Union (ITU) Recommendation X.509 and its ISO equivalent standard, ISO/IEC 9594-8. This document specifies the structure of a public key certificate conforming with ISO/IEC 9594-8 in which the LEI is embedded.

  • Standard
    5 pages
    English language
    sale 15% off

This document specifies the elements of an unambiguous scheme to identify a financial transaction uniquely whenever useful and agreed by the parties or community involved in the transaction. It does not specify the timing of assignment of who should be responsible for its generation, so as not to limit its usage or relevance, nor does it consider a need to establish a data record for the unique transaction identifier (UTI) itself.

  • Standard
    3 pages
    English language
    sale 15% off

This document defines the framework, function and protocols for an API ecosystem that will enable online synchronised interaction. Specifically, the document: — defines a logical and technical layered approach for developing APIs, including transformational rules. Specific logical models (such as ISO 20022 models) are not included, but they will be referenced in the context of specific scenarios for guidance purposes; — will primarily be thought about from a RESTful design point of view, but will consider alternative architectural styles (such as WebSocket and Webhook) where other blueprints or scenarios are offered; — defines for the API ecosystem design principles of an API, rules of a Web-service-based API, the data payload and version control; — sets out considerations relevant to security, identity and registration of an API ecosystem. Specific technical solutions will not be defined, but they will be referenced in the context of specific scenarios for guidance purposes; — defines architectural usage beyond query/response asynchronous messaging towards publish/subscribe to support advanced and existing business models. This document does not include: — a specific technical specification of an API implementation in financial services; — the development of JSON APIs based on the ISO 20022 specific message formats, such as PAIN, CAMT and PACS; — a technical specification that is defined or determined by specific legal frameworks.

  • Technical specification
    52 pages
    English language
    sale 15% off

This document describes a data element related to key management which can be transmitted either in transaction messages to convey information about cryptographic keys used to secure the current transaction, or in cryptographic service messages to convey information about cryptographic keys to be used to secure future transactions. This document addresses the requirements for the use of the data element related to key management within ISO 8583-1, using the following two ISO 8583-1 data elements for DEA and TDEA: — security related control information (data element 53); — key management data (data element 96). The data element related to key management for DEA and TDEA is constructed from the concatenation of two ISO 8583-1 message elements, data element 53 — security related control information, and data element 96 — key management data. It conveys information about the associated transaction's cryptographic key(s) and is divided into subfields including a control field, a key-set identifier and additional optional information. For AES implementations, the data elements are summarized in one field. This document is applicable to either symmetric or asymmetric cipher systems.

  • Standard
    14 pages
    English language
    sale 15% off

This document defines and describes codes for an internationally valid system to classify financial instruments. The classification system applies to financial instruments negotiated internationally as well as to domestic instruments. The term "financial instruments" refers not only to classical securities, but also covers the innovative financial products that have emerged in different markets (a trend that is expected to continue in the future). This document is intended for use in any application in the trading and administration of securities in the international securities business. In so far as the trading and the administration of securities do not affect other countries, the application of this document remains at the discretion of the responsible national bodies, such as stock exchanges, banks, brokers, regulatory bodies and other institutions active in the securities field. In principle, the CFI code reflects characteristics that are defined when a financial instrument is issued and that remain unchanged during its entire lifetime. However, a few events that can lead to a new CFI code for the same instrument are anticipated, such as the changing of voting rights or ownership restrictions by a stockholders' meeting.

  • Standard
    71 pages
    English language
    sale 15% off
  • Standard
    71 pages
    English language
    sale 15% off

This document gives an overview of existing and currently used financial instrument identifiers. It shows which instrument identifiers, ticker symbols and proprietary codes are assigned via a standardized scheme to instruments of all asset classes. It focuses on providing an overview of the landscape and not on evaluating the schemes. Several aspects of the detailed trade cycle (a few examples being book building/primary, order entry management, execution management and trade confirmation matching) are excluded as their complexity would reduce the readability of the overview. Similarly, the level of complexity involved in properly representing the shifting perspectives of what is considered a financial instrument, based on a particular function being performed, is excluded.

  • Technical report
    4 pages
    English language
    sale 15% off

ISO 21188:2018 sets out a framework of requirements to manage a PKI through certificate policies and certification practice statements and to enable the use of public key certificates in the financial services industry. It also defines control objectives and supporting procedures to manage risks. While this document addresses the generation of public key certificates that might be used for digital signatures or key establishment, it does not address authentication methods, non-repudiation requirements or key management protocols. ISO 21188:2018 draws a distinction between PKI systems used in closed, open and contractual environments. It further defines the operational practices relative to financial-services-industry-accepted information systems control objectives. This document is intended to help implementers to define PKI practices that can support multiple certificate policies that include the use of digital signature, remote authentication, key exchange and data encryption. ISO 21188:2018 facilitates the implementation of operational, baseline PKI control practices that satisfy the requirements for the financial services industry in a contractual environment. While the focus of this document is on the contractual environment, application of this document to other environments is not specifically precluded. For the purposes of this document, the term "certificate" refers to public key certificates. Attribute certificates are outside the scope of this document ISO 21188:2018 is targeted for several audiences with different needs and therefore the use of this document will have a different focus for each. Business managers and analysts are those who require information regarding using PKI technology in their evolving businesses (e.g. electronic commerce); see Clauses 1 to 6. Technical designers and implementers are those who are writing their certificate policies and certification practice statement(s); see Clauses 6 to 7 and Annexes A to G. Operational management and auditors are those who are responsible for day-to-day operations of the PKI and validating compliance to this document; see Clauses 6 to 7.

  • Standard
    108 pages
    English language
    sale 15% off

ISO 20038:2017 defines a method for packaging cryptographic keys for transport. This method can also be used for the storage of keys under an AES key. The method uses the block cipher AES as the wrapping cipher algorithm. Other methods for wrapping keys are outside the scope of this document but can use the authenticated encryption algorithms specified in ISO/IEC 19772.

  • Standard
    22 pages
    English language
    sale 15% off

ISO 9564-1:2017 specifies the basic principles and techniques which provide the minimum security measures required for effective international PIN management. These measures are applicable to those institutions responsible for implementing techniques for the management and protection of PINs during their creation, issuance, usage and deactivation. ISO 9564-1:2017 is applicable to the management of cardholder PINs for use as a means of cardholder verification in retail banking systems in, notably, automated teller machine (ATM) systems, point-of-sale (POS) terminals, automated fuel dispensers, vending machines, banking kiosks and PIN selection/change systems. It is applicable to issuer and interchange environments. The provisions of ISO 9564-1:2017 are not intended to cover: a) PIN management and security in environments where no persistent cryptographic relationship exists between the transaction-origination device and the acquirer, e.g. use of a browser for online shopping (for these environments, see ISO 9564-4); b) protection of the PIN against loss or intentional misuse by the customer; c) privacy of non-PIN transaction data; d) protection of transaction messages against alteration or substitution; e) protection against replay of the PIN or transaction; f) specific key management techniques; g) offline PIN verification used in contactless devices; h) requirements specifically associated with PIN management as it relates to multi-application functionality in an ICC.

  • Standard
    32 pages
    English language
    sale 15% off

ISO/TR 21941:2017 reports the findings of research into the interface between third-party payment service providers (TPPs) and account servicing payment service providers (ASPSPs).

  • Technical report
    19 pages
    English language
    sale 15% off

ISO 20275:2017 specifies the elements of an unambiguous scheme to identify the distinct entity legal forms in a jurisdiction. Its aim is to enable legal forms within jurisdictions to be codified and thus facilitate the classification of legal entities according to their legal form. It is not the purpose of the document to give the comparison or alignment of entity legal forms across different jurisdictions, so as not to limit its usage and relevance.

  • Standard
    4 pages
    English language
    sale 15% off

ISO/TS 12812-3:2017 specifies the interoperable lifecycle management of applications used in mobile financial services. As defined in ISO 12812‑1, an application is a set of software modules and/or data needed to provide functionality for a mobile financial service. This document deals with different types of applications which is the term used to cover authentication, banking and payment applications, as well as credentials. Clause 5 describes the basic principles required, or to be considered, for the application lifecycle management. Because several implementations are possible with impacts on the lifecycle, this document describes the different architectures for the location of the application and the impacts of the different scenarios regarding the issuance of the secure element when present (see Clause 6), the different roles for the management of the application lifecycle and the domains of responsibilities (see Clause 7). It also specifies functions and processes in the application lifecycle management (see Clause 8) and describes scenarios of service models and roles of actors (see Clause 9).

  • Technical specification
    12 pages
    English language
    sale 15% off

ISO 12812-1:2017 defines the general framework of mobile financial services (payment and banking services involving a mobile device), with a focus on: a) a set of definitions commonly agreed by the international financial industry; b) the opportunities offered by mobile devices for the development of such services; c) the promotion of an environment that reduces or minimizes obstacles for mobile financial service providers who wish to provide a sustainable and reliable service to a wide range of customers (persons and businesses), while ensuring that customers' interests are protected; d) the different types of mobile financial services accessed through a mobile device including mobile proximate payments, mobile remote payments and mobile banking, which are detailed in other parts of ISO 12812; e) the mobile financial services supporting technologies; f) the stakeholders involved in the mobile payment ecosystems. ISO 12812-1:2017 includes the following informative annexes: - an overview of other standardization initiatives in mobile financial services (Annex A); - a description of possible mobile payment business models (Annex B); - a description of typical payment instruments which may be used (Annex C).

  • Standard
    33 pages
    English language
    sale 15% off

ISO/TS 12812-5:2017 focuses on mechanisms by which a person ("consumer", "payer" or "business") uses a mobile device to initiate a payment to a business entity ("merchant" or "payee"). Such a payment may use the traditional merchant point of interaction (POI) system, where the manner of settling the payment follows well-established merchant services paradigms. Additionally, there are other ways for a consumer to make a payment to a merchant, using the mobile device to initiate, authorize and process transactions outside of traditional payment networks using secure payment instruments. Accordingly, this document supports both "push" and "pull" payments (i.e. transactions that are pushed or transmitted from a mobile device into a POI or pulled or received into a mobile device or POI), which are initiated and/or confirmed by a consumer to purchase goods and or services, including proximate payments, remote secure server payments, as well as mobile payments that leverage other technologies [e.g. cloud computing, quick response ("QR") codes, biometrics, geo-location and other methods to authenticate and authorize the transaction]. One of the most important aspects of the MFS environment is mobile payments to businesses. There are many ways a consumer, or a business as a consumer, can make a payment to a merchant. ISO 12812 provides a comprehensive standard for using the mechanisms involved in mobilizing the transfer of funds regardless of who is involved in the process. This document is intended to be used by potential implementers of mobile retail payment solutions, while ISO 12812-4 is intended for potential implementers of solutions for mobile payments to persons. NOTE ISO 12812‑1:2017, 5.4 explains the differences in the use of these terms. As such, the ISO 12812 (all parts) seeks to support all possible technologies and is not designed to highlight or endorse specific technologies in the competitive marketplace. Although this document deals with mobile payments made by a consumer or a business acting as a consumer, which transactions are subject to a variety of consumer protection requirements, in terms of the relationship to the MFSP, the consumer (or business) is the customer of the MFSP. Nevertheless, this document will use the term "consumer."

  • Technical specification
    55 pages
    English language
    sale 15% off

ISO/TS 12812-4:2017 provides comprehensive requirements and recommendations, as well as specific use cases for implementation of interoperable mobile payments-to-persons. The emphasis is placed on the principles governing the operational functioning of mobile payments-to-persons systems and processes, as well as the presentation of the underlying technical, organizational, business, legal and policy issues, leveraging legacy infrastructures of existing payment instruments (see ISO 12812‑1:2017, Annex C). ISO/TS 12812-4:2017 includes the following items: a) requirements applicable to mobile payments-to-persons; b) recommendations regarding mechanisms involved in the operation of interoperable mobile payments-to-persons; c) a description of the different use cases for mobile payments-to-persons; d) a generic interoperability model for the provision of different mobile payments-to-persons; e) recommendations for the technical implementation of the generic architectures for the mobile payments-to-persons program; f) recommendations for mobile remittances; g) use cases with the corresponding transaction flows; h) discussion of the financial inclusion of unbanked and underbanked persons (Annex A); i) some legal aspects to consider for mobile payments-to-persons (Annex B). ISO/TS 12812-4:2017 is structured as follows: - Clause 6 sets forth the requirements that a mobile payments-to-persons program must comply with. - Clauses 7, 8 and 9 provide the different levels of implementation for the interoperability of mobile payments-to-persons. - Clause 7 describes the interoperability principles for mobiles payments-to-persons. - Clause 8 describes: a three-layer high-level architecture for mobile payments-to-persons programs; payments instruments sustained by these programs; processing details for a series of significant use cases of mobile payments-to-persons using these payment instruments. - Clause 9 provides a step-by-step data flow description for different mobile payments-to-persons implementations: bank-centric, non-bank centric and card-centric. They can be mapped into the processing use cases of Clause 8, where abstraction is made in the nature of the payment service providers.

  • Technical specification
    36 pages
    English language
    sale 15% off

ISO 12812-2:2017 describes and specifies a framework for the management of the security of MFS. It includes - a generic model for the design of the security policy, - a minimum set of security requirements, - recommended cryptographic protocols and mechanisms for mobile device authentication, financial message secure exchange and external authentication, including the following: point-to-point aspects to consider for MFS; end-to-end aspects to consider; security certification aspects; generation of mobile digital signatures; - interoperability issues for the secure certification of MFS, - recommendations for the protection of sensitive data, - guidelines for the implementation of national laws and regulations (e.g. anti-money laundering and combating the funding of terrorism (AML/CFT), and - security management considerations. In order to avoid the duplication of standardization work already performed by other organizations, this document will reference other International Standards as required. In this respect, users of this document are directed to materials developed and published by ISO/TC 68/SC 2 and ISO/IEC JTC 1/SC 27.

  • Technical specification
    56 pages
    English language
    sale 15% off

ISO 13491-2:2017 specifies checklists to be used to evaluate secure cryptographic devices (SCDs) incorporating cryptographic processes as specified in ISO 9564‑1, ISO 9564‑2, ISO 16609, ISO 11568‑1, ISO 11568‑2, and ISO 11568‑4 in the financial services environment. Integrated circuit (IC) payment cards are subject to the requirements identified in this document up until the time of issue after which they are to be regarded as a "personal" device and outside of the scope of this document. ISO 13491-2:2017 does not address issues arising from the denial of service of an SCD. In the checklists given in Annex A to Annex H, the term "not feasible" is intended to convey the notion that although a particular attack might be technically possible, it would not be economically viable since carrying out the attack would cost more than any benefits obtained from a successful attack. In addition to attacks for purely economic gain, malicious attacks directed toward loss of reputation need to be considered.

  • Standard
    39 pages
    English language
    sale 15% off

ISO 13491-1:2016 specifies the security characteristics for secure cryptographic devices (SCDs) based on the cryptographic processes defined in ISO 9564, ISO 16609, and ISO 11568. ISO 13491-1:2016 has two primary purposes: - to state the security characteristics concerning both the operational characteristics of SCDs and the management of such devices throughout all stages of their life cycle; ? to provide guidance for methodologies to verify compliance with those requirements. This information is contained in Annex A. ISO 13491-2 specifies checklists to be used to evaluate secure cryptographic devices (SCDs) incorporating cryptographic processes as specified in ISO 9564-1, ISO 9564-2, ISO 16609, ISO 11568-1, ISO 11568-2, ISO 11568-3, ISO 11568-4, ISO 11568-5, and ISO 11568-6 in the financial services environment. Annex A provides an informative illustration of the concepts of security levels described in this part of ISO 13491 as being applicable to SCDs. ISO 13491-1:2016 does not address issues arising from the denial of service of an SCD. Specific requirements for the security characteristics and management of specific types of SCD functionality used in the retail financial services environment are contained in ISO 13491‑2.

  • Standard
    33 pages
    English language
    sale 15% off

ISO 9564-4:2016 provides requirements for the use of personal identification numbers (PIN) in eCommerce. The PINs in scope are the same cardholder PINs used as a means of cardholder verification in card-based financial transactions; notably, automated teller machine (ATM) systems, point-of-sale (POS) terminals, automated fuel dispensers, and vending machines. It is applicable to financial card-originated transactions requiring verification of the PIN and to those organizations responsible for implementing techniques for the management of the PIN in eCommerce. The provisions of this part of ISO 9564 are not intended to cover - passwords, passcodes, pass phrases and other shared secrets used for customer authentication in online banking, telephone banking, digital wallets, mobile payment, etc., - management of cardholder PINs for use as a means of cardholder verification in retail banking systems in, notably, automated teller machine (ATM) systems, point-of-sale (POS) terminals, automated fuel dispensers, vending machines, banking kiosks and PIN selection/change systems, which are covered in ISO 9564‑1, - card proxies such as mobile phones or key fobs, - approved algorithms for PIN encipherment, which are covered in ISO 9564‑2, - the protection of the PIN against loss or intentional misuse by the customer or authorized employees of the issuer, - privacy of non-PIN transaction data, - protection of transaction messages against alteration or substitution, e.g. an online authorization response, - protection against replay of the transaction, - functionality of devices used for PIN entry which is related to issuer functions other than PIN entry, - specific key management techniques, and - access to, and storage of, card data other than the PIN by applications such as wallets.

  • Standard
    14 pages
    English language
    sale 15% off

ISO 18774:2015 defines and describes rules for an internationally valid system for building short names of any kind of financial instrument within a defined structure. This International Standard is intended for use in any application in the trading and administration of securities globally. The FISN has been developed after taking into account the need of human-readability as well as interoperability with existing standards and systems.

  • Standard
    12 pages
    English language
    sale 15% off

ISO 4217:2015 specifies the structure for a three-letter alphabetic code and an equivalent three-digit numeric code for the representation of currencies. For those currencies having minor units, it also shows the decimal relationship between such units and the currency itself. The scope of this International Standard also includes funds and precious metals. ISO 4217:2015 also includes basic guidelines for its maintenance. ISO 4217:2015 is intended for use in any application of trade, commerce and banking, where currencies and, where appropriate, funds are required to be described. It is designed to be equally suitable for manual users and for those employing automated systems.

  • Standard
    5 pages
    English language
    sale 15% off

ISO 9362:2014 specifies the elements and structure of a universal identifier code, the business identifier code (BIC), for financial and non-financial institutions, for which such an international identifier is required to facilitate automated processing of information for financial services. The BIC is used for addressing messages, routing business transactions and identifying business parties. This International Standard applies to organizations and excludes individual persons.

  • Standard
    6 pages
    English language
    sale 15% off
  • Standard
    9 pages
    English language
    sale 10% off
    e-Library read for
    1 day

ISO 9564-2:2014 specifies approved algorithms for the encipherment of Personal Identification Numbers (PINs).

  • Standard
    2 pages
    English language
    sale 15% off

ISO 6166:2013 provides a uniform structure for the identification of fungible and non-fungible securities and financial instruments using a unique identification number and associated minimum descriptive data.

  • Standard
    11 pages
    English language
    sale 15% off
  • Standard
    16 pages
    English language
    sale 10% off
    e-Library read for
    1 day

ISO 1004-1:2013 specifies the shape, dimensions, magnetic signal level, and tolerances for the E-13B characters which include 10 numerals and four special symbols printed in magnetic ink and used for the purpose of character recognition. It describes the various known types of printing defects and other printing considerations, together with the tolerances permitted.

  • Standard
    45 pages
    English language
    sale 15% off

ISO 1004-2:2013 specifies the shapes, dimensions and tolerances for the 10 digits 0 to 9, five symbols, and 26 letters, to be printed with magnetic ink for the purpose of character recognition. It describes the various types of printing defects and other printing considerations, together with the tolerances permitted, and also contains specifications to signal level measurement.

  • Standard
    32 pages
    English language
    sale 15% off

ISO 20022-8:2013 describes the transformation rules to generate ASN.1 abstract syntax from an ISO 20022 compliant MessageDefinition. The generated abstract syntax is for the description and validation of Messages. The transformation rules are a transformation from Level 3 to Level 4. It is a deterministic transformation, meaning that the resulting ASN.1 is completely predictable for a given MessageDefinition. There is neither manual input to the transformation itself nor manual adjustment to the result of the transformation. ISO 20022-8:2013 is the ASN.1 equivalent of ISO 20022-4:2013. In ISO 20022-4:2013 the abstract syntax generated is XML Schema; in ISO 20022-8:2013 it is ASN.1. In ISO 20022-4:2013 the only encoding supported is UTF-8 XML; in ISO 20022-8:2013 there are multiple encodings supported for ASN.1. These include all the standard encodings, but in addition the ability to register custom encodings in ECN.

  • Standard
    25 pages
    English language
    sale 15% off

ISO 20022-2:2013 defines the UML Profile for ISO 20022. In essence, it defines how to use UML to create models that conform to the ISO 20022 Metamodel, which is defined in ISO 20022-1:2013. In so doing, it defines a UML-based concrete syntax for the Metamodel. It does not preclude the specification of additional concrete syntaxes for the Metamodel, such as a textual concrete syntax. The Profile defines how to represent in UML each of the Metamodel's Scope Level Elements (Level 1), Business Level Elements (Level 2) and Message Level Elements (Level 3), as well as Metamodel Elements that are scoped across the levels. Therefore, the Profile covers all of the Metamodel's Packages, except for the following: · ISO20022::Metamodel::ConceptualLevel::MessageTransport · ISO20022::Metamodel::LogicalLevel::Reversing · ISO20022::Metamodel::LogicalToPhysicalTransformation · ISO20022::Metamodel::PhysicalLevel The Profile also covers the ISO20022::TypeLibrary Package, upon which the Metamodel has some dependencies. ISO 20022-2:2013 is only applicable when UML is used.

  • Standard
    71 pages
    English language
    sale 15% off

ISO 20022-7:2013 specifies the responsibilities of the following bodies, which are involved in the registration and maintenance of the ISO 20022 Repository. The Registration Authority (RA) is the operating authority responsible for the registration and maintenance of the ISO 20022 Repository and for providing access to the information described in ISO 20022-1:2013. The RA is assisted by different Standards Evaluation Groups (SEG), i.e. groups of industry experts responsible for specific Business Areas of the Repository. A Technical Support Group (TSG) advises the SEGs, the RA, developers and communities of users on the technical implementation of ISO 20022. The Registration Management Group (RMG) is the governing body of the overall registration process and the appeal body for the communities of users, Submitting Organisations, the RA, the SEGs and the TSG. It monitors the registration process performance.

  • Standard
    5 pages
    English language
    sale 15% off

ISO 20022-1:2013 consists of: the overall description of the modelling approach; the overall description of the ISO 20022 Repository contents; a high-level description of the input to be accepted by the Registration Authority to feed/modify the Repository's DataDictionary and BusinessProcessCatalogue; a high-level description of the Repository output to be made publicly available by the Registration Authority. BusinessTransactions and Message Sets complying with ISO 20022 can be used for electronic data interchange among any industry participants (financial and others), independently of any specific communication network. Network-dependent rules, such as message acknowledgement and message protection, are outside the scope of ISO 20022.

  • Standard
    152 pages
    English language
    sale 15% off

ISO 20022-6:2013 specifies the characteristics of the MessageTransportSystem required for an ISO 20022 BusinessTransaction and MessageDefinition. Changes to the value of the MessageTransport Characteristics can affect the BusinessTransaction and MessageDefinition. Each BusinessTransaction in the ISO 20022 Repository is associated with a MessageTransportMode. The MessageTransportMode specifies the values for the MessageTransportCharacteristics.

  • Standard
    7 pages
    English language
    sale 15% off

ISO 20022-3:2013 describes the modelling workflow, complementing ISO 20022-1:2013 and ISO 20022-2:2013. The modelling workflow describes the required steps a modeller follows in order to develop and maintain standardized BusinessTransactions and MessageSets. ISO 20022-3:2013 is not intended to describe what will be the permissible artefacts and/or documents to be submitted to the Registration Authority (this information is contained in ISO 20022-7). Examples are provided only to illustrate the modelling methodology and are not normative.

  • Standard
    24 pages
    English language
    sale 15% off

ISO 20022-5:2013 was prepared to complement ISO 20022-1:2013. The reverse engineering guidelines explain how to extract relevant information from existing IndustryMessageSets in order to prepare the submission to the ISO 20022 Registration Authority of equivalent, ISO 20022 compliant BusinessTransactions and MessageSets. The ISO 20022 Repository will contain all ISO 20022 compliant BusinessTransactions and MessageSets, as outlined in ISO 20022-1:2013.

  • Standard
    36 pages
    English language
    sale 15% off

ISO 20022-4:2013 was prepared to complement the ISO 20022 Metamodel, as specified in ISO 20022-1:2013, with the XML syntax transformation rules to be applied by the ISO 20022 Registration Authority in order to translate an ISO 20022 compliant MessageDefinition into an XML Schema for the description and validation of XML Messages. It specifies the transformation rules from level 3 to level 4. It is a deterministic transformation, meaning that the resulting XML Schema is completely predictable for a given MessageDefinition. There is neither manual input to the transformation itself nor manual adjustment to the result of the transformation.

  • Standard
    22 pages
    English language
    sale 15% off

ISO 10383:2012 specifies a universal method of identifying exchanges, trading platforms, regulated or non-regulated markets and trade reporting facilities as sources of prices and related information in order to facilitate automated processing. It is intended for use in any application and communication for identification of places where a financial instrument is listed (place of official listing), where a related trade is executed (place of trade), and where trade details are reported (trade reporting facility).

  • Standard
    5 pages
    English language
    sale 15% off

1 Scope This part of ISO 11568 specifies techniques for the protection of symmetric and asymmetric cryptographic keys in a retail banking environment using symmetric ciphers and the life-cycle management of the associated symmetric keys. The techniques described enable compliance with the principles described in ISO 11568-1. The techniques described are applicable to any symmetric key management operation. The notation used in this part of ISO 11568 is given in Annex A. Algorithms approved for use with the techniques described in this part of ISO 11568 are given in Annex B.

  • Standard
    29 pages
    English language
    sale 15% off

ISO/TR 14742:2010 provides a list of recommended cryptographic algorithms for use within applicable financial services standards prepared by ISO/TC 68. It also provides strategic guidance on key lengths and associated parameters and usage dates. The focus is on algorithms rather than protocols, and protocols are in general not included in ISO/TR 14742:2010. ISO/TR 14742:2010 deals primarily with recommendations regarding algorithms and key lengths. The categories of algorithms covered in ISO/TR 14742:2010 are: block ciphers; stream ciphers; hash functions; message authentication codes (MACs); asymmetric algorithms; digital signature schemes giving message recovery, digital signatures with appendix, asymmetric ciphers; authentication mechanisms; key establishment and agreement mechanisms; key transport mechanisms. ISO/TR 14742:2010 does not define any cryptographic algorithms; however, the standards to which ISO/TR 14742:2010 refers may contain necessary implementation information as well as more detailed guidance regarding choice of security parameters, security analysis, and other implementation considerations.

  • Technical report
    31 pages
    English language
    sale 15% off

ISO 11649:2009 specifies the elements of a structured creditor reference (RF Creditor Reference) used to facilitate the processing of data in data interchange and in the financial services, as well as between other business domains. The RF Creditor Reference is designed for use in an automated processing environment, but can also be implemented in other media interchanges (e.g. paper document exchange). ISO 11649:2009 does not specify internal procedures, file organization techniques, storage media, languages, etc. to be used in its implementation. It is applicable only to the textual data that can be conveyed through a system or network.

  • Standard
    7 pages
    English language
    sale 15% off

ISO 22307:2008 recognizes that a privacy impact assessment (PIA) is an important financial services and banking management tool to be used within an organization, or by “contracted” third parties, to identify and mitigate privacy issues and risks associated with processing consumer data using automated, networked information systems. ISO 22307:2008 describes the privacy impact assessment activity in general, defines the common and required components of a privacy impact assessment, regardless of business systems affecting financial institutions, and provides informative guidance to educate the reader on privacy impact assessments. A privacy compliance audit differs from a privacy impact assessment in that the compliance audit determines an institution's current level of compliance with the law and identifies steps to avoid future non-compliance with the law. While there are similarities between privacy impact assessments and privacy compliance audits in that they use some of the same skills and that they are tools used to avoid breaches of privacy, the primary concern of a compliance audit is simply to meet the requirements of the law, whereas a privacy impact assessment is intended to investigate further in order to identify ways to safeguard privacy optimally. ISO 22307:2008 recognizes that the choices of financial and banking system development and risk management procedures are business decisions and, as such, the business decision makers need to be informed in order to be able to make informed decisions for their financial institutions. ISO 22307:2008 provides a privacy impact assessment structure (common PIA components, definitions and informative annexes) for institutions handling financial information that wish to use a privacy impact assessment as a tool to plan for, and manage, privacy issues within business systems that they consider to be vulnerable.

  • Standard
    28 pages
    English language
    sale 15% off

ISO 19092:2008 describes the security framework for using biometrics for authentication of individuals in financial services. It introduces the types of biometric technologies and addresses issues concerning their application. ISO 19092:2008 also describes the architectures for implementation, specifies the minimum security requirements for effective management, and provides control objectives and recommendations suitable for use by a professional practitioner. The following are within the scope of ISO 19092:2008: usage of biometrics for the authentication of employees and persons seeking financial services by: verification of a claimed identity; identification of an individual; validation of credentials presented at enrolment to support authentication as required by risk management; management of biometric information across its life cycle comprised of the enrolment, transmission and storage, verification, identification and termination processes; security of biometric information during its life cycle, encompassing data integrity, origin authentication and confidentiality; application of biometrics for logical and physical access control; surveillance to protect the financial institution and its customers; security of the physical hardware used throughout the biometric information life cycle. ISO 19092:2008 provides the mandatory means whereby biometric information may be encrypted for data confidentiality or other reasons.

  • Standard
    77 pages
    English language
    sale 15% off

ISO 11568-4:2007 specifies techniques for the protection of symmetric and asymmetric cryptographic keys in a retail financial services environment using asymmetric cryptosystems and the life-cycle management of the associated asymmetric keys. The techniques described in this part of ISO 11568 enable compliance with the principles described in ISO 11568-1. For the purposes of this document, the retail financial services environment is restricted to the interface between: a card-accepting device and an acquirer; an acquirer and a card issuer; an ICC and a card-accepting device.

  • Standard
    22 pages
    English language
    sale 15% off