ISO/TC 68/SC 2 - Financial Services, security

This document defines a common terminology to be used in the context of third-party payment (TPP). Next, it establishes two logical structural models in which the assets to be protected are clarified. Finally, it specifies security objectives based on the analysis of the logical structural models and the interaction of the assets affected by threats, organizational security policies and assumptions. These security objectives are set out in order to counter the threats resulting from the intermediary nature of TPPSPs offering payment services compared with simpler payment models where the payer and the payee directly interact with their respective account servicing payment service provider (ASPSP). This document assumes that TPP-centric payments rely on the use of TPPSP credentials and the corresponding certified processes for issuance, distribution and renewal purposes. However, security objectives for such processes are out of the scope of this document. NOTE This document is based on the methodology specified in the ISO/IEC 15408 series. Therefore, the security matters that do not belong to the TOE are dealt with as assumptions, such as the security required by an information system that provides TPP services and the security of communication channels between the entities participating in a TPP business.

This document describes a data element related to key management which can be transmitted either in transaction messages to convey information about cryptographic keys used to secure the current transaction, or in cryptographic service messages to convey information about cryptographic keys to be used to secure future transactions. This document addresses the requirements for the use of the data element related to key management within ISO 8583-1, using the following two ISO 8583-1 data elements for DEA and TDEA: — security related control information (data element 53); — key management data (data element 96). The data element related to key management for DEA and TDEA is constructed from the concatenation of two ISO 8583-1 message elements, data element 53 — security related control information, and data element 96 — key management data. It conveys information about the associated transaction's cryptographic key(s) and is divided into subfields including a control field, a key-set identifier and additional optional information. For AES implementations, the data elements are summarized in one field. This document is applicable to either symmetric or asymmetric cipher systems.

ISO 21188:2018 sets out a framework of requirements to manage a PKI through certificate policies and certification practice statements and to enable the use of public key certificates in the financial services industry. It also defines control objectives and supporting procedures to manage risks. While this document addresses the generation of public key certificates that might be used for digital signatures or key establishment, it does not address authentication methods, non-repudiation requirements or key management protocols. ISO 21188:2018 draws a distinction between PKI systems used in closed, open and contractual environments. It further defines the operational practices relative to financial-services-industry-accepted information systems control objectives. This document is intended to help implementers to define PKI practices that can support multiple certificate policies that include the use of digital signature, remote authentication, key exchange and data encryption. ISO 21188:2018 facilitates the implementation of operational, baseline PKI control practices that satisfy the requirements for the financial services industry in a contractual environment. While the focus of this document is on the contractual environment, application of this document to other environments is not specifically precluded. For the purposes of this document, the term "certificate" refers to public key certificates. Attribute certificates are outside the scope of this document ISO 21188:2018 is targeted for several audiences with different needs and therefore the use of this document will have a different focus for each. Business managers and analysts are those who require information regarding using PKI technology in their evolving businesses (e.g. electronic commerce); see Clauses 1 to 6. Technical designers and implementers are those who are writing their certificate policies and certification practice statement(s); see Clauses 6 to 7 and Annexes A to G. Operational management and auditors are those who are responsible for day-to-day operations of the PKI and validating compliance to this document; see Clauses 6 to 7.

ISO 20038:2017 defines a method for packaging cryptographic keys for transport. This method can also be used for the storage of keys under an AES key. The method uses the block cipher AES as the wrapping cipher algorithm. Other methods for wrapping keys are outside the scope of this document but can use the authenticated encryption algorithms specified in ISO/IEC 19772.

ISO 9564-1:2017 specifies the basic principles and techniques which provide the minimum security measures required for effective international PIN management. These measures are applicable to those institutions responsible for implementing techniques for the management and protection of PINs during their creation, issuance, usage and deactivation. ISO 9564-1:2017 is applicable to the management of cardholder PINs for use as a means of cardholder verification in retail banking systems in, notably, automated teller machine (ATM) systems, point-of-sale (POS) terminals, automated fuel dispensers, vending machines, banking kiosks and PIN selection/change systems. It is applicable to issuer and interchange environments. The provisions of ISO 9564-1:2017 are not intended to cover: a) PIN management and security in environments where no persistent cryptographic relationship exists between the transaction-origination device and the acquirer, e.g. use of a browser for online shopping (for these environments, see ISO 9564-4); b) protection of the PIN against loss or intentional misuse by the customer; c) privacy of non-PIN transaction data; d) protection of transaction messages against alteration or substitution; e) protection against replay of the PIN or transaction; f) specific key management techniques; g) offline PIN verification used in contactless devices; h) requirements specifically associated with PIN management as it relates to multi-application functionality in an ICC.

ISO/TR 21941:2017 reports the findings of research into the interface between third-party payment service providers (TPPs) and account servicing payment service providers (ASPSPs).

ISO 13491-2:2017 specifies checklists to be used to evaluate secure cryptographic devices (SCDs) incorporating cryptographic processes as specified in ISO 9564‑1, ISO 9564‑2, ISO 16609, ISO 11568‑1, ISO 11568‑2, and ISO 11568‑4 in the financial services environment. Integrated circuit (IC) payment cards are subject to the requirements identified in this document up until the time of issue after which they are to be regarded as a "personal" device and outside of the scope of this document. ISO 13491-2:2017 does not address issues arising from the denial of service of an SCD. In the checklists given in Annex A to Annex H, the term "not feasible" is intended to convey the notion that although a particular attack might be technically possible, it would not be economically viable since carrying out the attack would cost more than any benefits obtained from a successful attack. In addition to attacks for purely economic gain, malicious attacks directed toward loss of reputation need to be considered.

ISO 13491-1:2016 specifies the security characteristics for secure cryptographic devices (SCDs) based on the cryptographic processes defined in ISO 9564, ISO 16609, and ISO 11568. ISO 13491-1:2016 has two primary purposes: - to state the security characteristics concerning both the operational characteristics of SCDs and the management of such devices throughout all stages of their life cycle; ? to provide guidance for methodologies to verify compliance with those requirements. This information is contained in Annex A. ISO 13491-2 specifies checklists to be used to evaluate secure cryptographic devices (SCDs) incorporating cryptographic processes as specified in ISO 9564-1, ISO 9564-2, ISO 16609, ISO 11568-1, ISO 11568-2, ISO 11568-3, ISO 11568-4, ISO 11568-5, and ISO 11568-6 in the financial services environment. Annex A provides an informative illustration of the concepts of security levels described in this part of ISO 13491 as being applicable to SCDs. ISO 13491-1:2016 does not address issues arising from the denial of service of an SCD. Specific requirements for the security characteristics and management of specific types of SCD functionality used in the retail financial services environment are contained in ISO 13491‑2.

ISO 9564-4:2016 provides requirements for the use of personal identification numbers (PIN) in eCommerce. The PINs in scope are the same cardholder PINs used as a means of cardholder verification in card-based financial transactions; notably, automated teller machine (ATM) systems, point-of-sale (POS) terminals, automated fuel dispensers, and vending machines. It is applicable to financial card-originated transactions requiring verification of the PIN and to those organizations responsible for implementing techniques for the management of the PIN in eCommerce. The provisions of this part of ISO 9564 are not intended to cover - passwords, passcodes, pass phrases and other shared secrets used for customer authentication in online banking, telephone banking, digital wallets, mobile payment, etc., - management of cardholder PINs for use as a means of cardholder verification in retail banking systems in, notably, automated teller machine (ATM) systems, point-of-sale (POS) terminals, automated fuel dispensers, vending machines, banking kiosks and PIN selection/change systems, which are covered in ISO 9564‑1, - card proxies such as mobile phones or key fobs, - approved algorithms for PIN encipherment, which are covered in ISO 9564‑2, - the protection of the PIN against loss or intentional misuse by the customer or authorized employees of the issuer, - privacy of non-PIN transaction data, - protection of transaction messages against alteration or substitution, e.g. an online authorization response, - protection against replay of the transaction, - functionality of devices used for PIN entry which is related to issuer functions other than PIN entry, - specific key management techniques, and - access to, and storage of, card data other than the PIN by applications such as wallets.

ISO 9564-2:2014 specifies approved algorithms for the encipherment of Personal Identification Numbers (PINs).

1 Scope This part of ISO 11568 specifies techniques for the protection of symmetric and asymmetric cryptographic keys in a retail banking environment using symmetric ciphers and the life-cycle management of the associated symmetric keys. The techniques described enable compliance with the principles described in ISO 11568-1. The techniques described are applicable to any symmetric key management operation. The notation used in this part of ISO 11568 is given in Annex A. Algorithms approved for use with the techniques described in this part of ISO 11568 are given in Annex B.

ISO/TR 14742:2010 provides a list of recommended cryptographic algorithms for use within applicable financial services standards prepared by ISO/TC 68. It also provides strategic guidance on key lengths and associated parameters and usage dates. The focus is on algorithms rather than protocols, and protocols are in general not included in ISO/TR 14742:2010. ISO/TR 14742:2010 deals primarily with recommendations regarding algorithms and key lengths. The categories of algorithms covered in ISO/TR 14742:2010 are: block ciphers; stream ciphers; hash functions; message authentication codes (MACs); asymmetric algorithms; digital signature schemes giving message recovery, digital signatures with appendix, asymmetric ciphers; authentication mechanisms; key establishment and agreement mechanisms; key transport mechanisms. ISO/TR 14742:2010 does not define any cryptographic algorithms; however, the standards to which ISO/TR 14742:2010 refers may contain necessary implementation information as well as more detailed guidance regarding choice of security parameters, security analysis, and other implementation considerations.

ISO 19092:2008 describes the security framework for using biometrics for authentication of individuals in financial services. It introduces the types of biometric technologies and addresses issues concerning their application. ISO 19092:2008 also describes the architectures for implementation, specifies the minimum security requirements for effective management, and provides control objectives and recommendations suitable for use by a professional practitioner. The following are within the scope of ISO 19092:2008: usage of biometrics for the authentication of employees and persons seeking financial services by: verification of a claimed identity; identification of an individual; validation of credentials presented at enrolment to support authentication as required by risk management; management of biometric information across its life cycle comprised of the enrolment, transmission and storage, verification, identification and termination processes; security of biometric information during its life cycle, encompassing data integrity, origin authentication and confidentiality; application of biometrics for logical and physical access control; surveillance to protect the financial institution and its customers; security of the physical hardware used throughout the biometric information life cycle. ISO 19092:2008 provides the mandatory means whereby biometric information may be encrypted for data confidentiality or other reasons.

ISO 11568-4:2007 specifies techniques for the protection of symmetric and asymmetric cryptographic keys in a retail financial services environment using asymmetric cryptosystems and the life-cycle management of the associated asymmetric keys. The techniques described in this part of ISO 11568 enable compliance with the principles described in ISO 11568-1. For the purposes of this document, the retail financial services environment is restricted to the interface between: a card-accepting device and an acquirer; an acquirer and a card issuer; an ICC and a card-accepting device.

ISO 11568-1:2005 specifies the principles for the management of keys used in cryptosystems implemented within the retail-banking environment. The retail-banking environment includes the interface between a card accepting device and an acquirer, an acquirer and a card issuer, an ICC and a card-accepting device. An example of this environment and threats associated with the implementation of ISO 11568-1:2005 in the retail-banking environment are also described. ISO 11568-1:2005 is applicable both to the keys of symmetric cipher systems, where both originator and recipient use the same secret key(s), and to the private and public keys of asymmetric cryptosystems, unless otherwise stated. The procedure for the approval of cryptographic algorithms used for key management is specified. The use of ciphers often involves control information other than keys, e.g. initialization vectors and key identifiers. This other information is collectively called "keying material". Although ISO 11568-1:2005 specifically addresses the management of keys, the principles, services, and techniques applicable to keys may also be applicable to keying material. ISO 11568-1:2005 is appropriate for use by financial institutions and other organizations engaged in the area of retail financial services, where the interchange of information requires confidentiality, integrity, or authentication. Retail financial services include but are not limited to such processes as POS debit and credit authorizations, automated dispensing machine and ATM transactions, etc. ISO 9564 and ISO 16609 specify the use of cryptographic operations within retail financial transactions for personal identification number (PIN) encipherment and message authentication, respectively. The ISO 11568 series of standards is applicable to the management of the keys introduced by those standards. Additionally, the key management procedures may themselves require the introduction of further keys, e.g. key encipherment keys. The key management procedures are equally applicable to those keys.

ISO/TR 19038:2005 provides the user with technical support and details for the safe and efficient implementation of the Triple Data Encryption Algorithm (TDEA) modes of operation for the enhanced cryptographic protection of digital data. The modes of operation described therein are specified for both enciphering and deciphering operations. The modes described in this Technical Report are implementations of the block cipher modes of operation specified in ISO/IEC 10116 using the Triple DEA algorithm (TDEA) specified in ISO/IEC 18033-3. The TDEA modes of operation may be used in both wholesale and retail financial applications. The use of ISO/TR 19038:2005 provides the basis for the interoperability of products and facilitates the development of application standards that use the TDEA modes of operation. This Technical Report is intended for use with other ISO standards using DEA.

ISO 13491-2:2016 specifies checklists to be used to evaluate secure cryptographic devices (SCDs) incorporating cryptographic processes as specified in H.5, ISO 9564‑2, ISO 16609, ISO 11568‑1, ISO 11568‑2, and ISO 11568‑4 in the financial services environment. IC payment cards are subject to the requirements identified in this part of ISO 13491 up until the time of issue after which they are to be regarded as a "personal" device and outside of the scope of this part of ISO 13491. ISO 13491-2:2016 does not address issues arising from the denial of service of an SCD. In the checklists given in Annexes A to H, the term "not feasible" is intended to convey the notion that although a particular attack might be technically possible, it would not be economically viable since carrying out the attack would cost more than any benefits obtained from a successful attack. In addition to attacks for purely economic gain, malicious attacks directed toward loss of reputation need to be considered.

ISO 9564-1:2011 specifies the basic principles and techniques which provide the minimum security measures required for effective international personal identification number (PIN) management. These measures are applicable to those institutions responsible for implementing techniques for the management and protection of PINs during their creation, issuance, usage and deactivation. ISO 9564-1:2011 is applicable to the management of cardholder PINs for use as a means of cardholder verification in retail banking systems in, notably, automated teller machine (ATM) systems, point-of-sale (POS) terminals, automated fuel dispensers, vending machines, banking kiosks and PIN selection/change systems. It is applicable to issuer and interchange environments. The provisions of ISO 9564-1:2011 are not intended to cover: a) PIN management and security in environments where no persistent cryptographic relationship exists between the transaction-origination device and the acquirer, e.g. use of a browser for online shopping; b) protection of the PIN against loss or intentional misuse by the customer; c) privacy of non-PIN transaction data; d) protection of transaction messages against alteration or substitution; e) protection against replay of the PIN or transaction; f) specific key management techniques; g) offline PIN verification used in contactless devices; h) requirements specifically associated with PIN management as it relates to multi-application functionality in integrated circuit (IC) cards.

ISO 15782-1:2009 defines a certificate management system for financial industry use for legal and natural persons that includes credentials and certificate contents, Certification Authority systems, including certificates for digital signatures and for encryption key management, certificate generation, distribution, validation and renewal, authentication structure and certification paths, and revocation and recovery procedures. ISO 15782-1:2009 also recommends some useful operational procedures (e.g. distribution mechanisms, acceptance criteria for submitted credentials). Implementation of ISO 15782-1:2009 will also be based on business risks and legal requirements. ISO 15782-1:2009 does not include the protocol messages used between the participants in the certificate management process, requirements for notary and time stamping, Certificate Policy and Certification Practices requirements, or Attribute Certificates. While ISO 15782-1:2009 provides for the generation of certificates that could include a public key used for encryption key management, it does not address the generation or transport of keys used for encryption.

ISO 13492:2007 describes a key management related data element that can be transmitted either in transaction messages to convey information about cryptographic keys used to secure the current transaction, or in cryptographic service messages to convey information about cryptographic keys to be used to secure future transactions. ISO 13492:2007 addresses the requirements for the use of the key management related data element within ISO 8583, using the following two ISO 8583 data elements: security related control information (data element 53), or key management data (data element 96). However, these data elements can be usefully employed in other messaging formats, given that the transportation of key management related data is not limited to ISO 8583. ISO 13492:2007 is applicable to either symmetric or asymmetric cipher systems. Key management procedures for the secure management of the cryptographic keys within the financial services environment are described in ISO 11568. Security related data, such as PIN data and MACs, are described in ISO 9564 and ISO 16609, respectively.

ISO 13491-1:2007 specifies the requirements for secure cryptographic devices (SCDs) based on the cryptographic processes defined in ISO 9564, ISO 16609 and ISO 11568. ISO 13491-1:2007 has two primary purposes: to state the requirements concerning both the operational characteristics of SCDs and the management of such devices throughout all stages of their life cycle, and to standardize the methodology for verifying compliance with those requirements. Appropriate device characteristics are necessary to ensure that the device has the proper operational capabilities and provides adequate protection for the data it contains. Appropriate device management is necessary to ensure that the device is legitimate, that it has not been modified in an unauthorized manner (e.g. by “bugging”) and that any sensitive data placed within the device (e.g. cryptographic keys) has not been subject to disclosure or change. Absolute security is not achievable in practical terms. Cryptographic security depends upon each life cycle phase of the SCD and the complementary combination of appropriate management procedures and secure cryptographic characteristics. These management procedures implement preventive measures to reduce the opportunity for a breach of SCD security. These aim for a high probability of detection of any unauthorized access to sensitive or confidential data, should device characteristics fail to prevent or detect the security compromise. Annex A provides an informative illustration of the concepts of security levels described in ISO 13491-1:2007 as being applicable to SCDs.

ISO 19092-1:2006 describes the security framework for using biometrics for authentication of individuals in financial services. It introduces the types of biometric technologies and addresses issues concerning their application. ISO 19092-1:2006 also describes the architectures for implementation, specifies the minimum security requirements for effective management, and provides control objectives and recommendations suitable for use by a professional practitioner. The following are within the scope of ISO 19092-1:2006: usage of biometrics for the authentication of employees and persons seeking financial services by: verification of a claimed identity; identification of an individual; validation of credentials presented at enrolment to support authentication as required by risk management; management of biometric information across its life cycle comprised of the enrolment, transmission and storage, verification, identification and termination processes; security of biometric information during its life cycle, encompassing data integrity, origin authentication and confidentiality; application of biometrics for logical and physical access control; surveillance to protect the financial institution and its customers; security of the physical hardware used throughout the biometric information life cycle. ISO 19092-1:2006 provides the mandatory means whereby biometric information may be encrypted for data confidentiality or other reasons.

ISO 21188:2006 sets out a framework of requirements to manage a PKI through certificate policies and certification practice statements and to enable the use of public key certificates in the financial services industry. It also defines control objectives and supporting procedures to manage risks. ISO 21188:2006 draws a distinction between PKI systems used in open, closed and contractual environments. It further defines the operational practices relative to financial services industry accepted information systems control objectives. ISO 21188:2006 is intended to help implementers to define PKI practices that can support multiple certificate policies that include the use of digital signature, remote authentication and data encryption. ISO 21188:2006 facilitates the implementation of operational, baseline PKI control practices that satisfy the requirements for the financial services industry in a contractual environment. While the focus of ISO 21188:2006 is on the contractual environment, application of this document to other environments is not specifically precluded. For the purposes of this document, the term "certificate" refers to public key certificates. Attribute certificates are outside the scope of ISO 21188:2006.

ISO TR 13569:2005 provides guidelines on the development of an information security programme for institutions in the financial services industry. It includes discussion of the policies, organization and the structural, legal and regulatory components of such a programme. Considerations for the selection and implementation of security controls, and the elements required to manage information security risk within a modern financial services institution are discussed. Recommendations are given that are based on consideration of the institutions' business environment, practices and procedures. Included in this guidance is a discussion of legal and regulatory compliance issues, which should be considered in the design and implementation of the programme.

ISO 11568-2:2005 specifies techniques for the protection of symmetric and asymmetric cryptographic keys in a retail banking environment using symmetric ciphers and the life-cycle management of the associated symmetric keys. The techniques described enable compliance with the principles described in ISO 11568-1. The techniques described are applicable to any symmetric key management operation.

ISO 13491-2:2005 specifies checklists to be used to evaluate secure cryptographic devices (SCDs) incorporating cryptographic processes, as specified in parts 1 and 2 of ISO 9564, ISO 16609 and parts 1 to 6 of ISO 11568, in the financial services environment. IC payment cards are subject to the requirements identified in this part of ISO 13491 up until the time of issue, after which they are to be regarded as a "personal" device and outside of the scope of this document. ISO 13491-2:2005 does not address issues arising from the denial of service of an SCD.

ISO 9564-2:2005 specifies algorithms for the encipherment of Personal Identification Numbers (PINs). Based on the approval processes established in ISO 9564-1, these are the data encryption algorithm (DEA) and the RSA encryption algorithm.

ISO/TR 9564-4:2004 provides guidelines for personal identification number PIN handling in open networks, presenting finance industry best-practice security measures for PIN management and the handling of financial card originated transactions in environments where issuers and acquirers have no direct control over management, or where no relationship exists between the PIN entry device and the acquirer prior to the transaction.

ISO 16609:2004 specifies procedures, independent of the transmission process, for protecting the integrity of transmitted banking messages and for verifying that a message has originated from an authorized source. It also specifies a method by which block ciphers can be approved for use in the authentication of banking messages. In addition, because of the necessity for both members in a communicating pair to use the same means for data representation, it defines some methods for data representation. A list of block ciphers approved for the calculation of a message authentication code (MAC), as well as the method to be used to approve additional block ciphers, is also provided. The authentication methods it defines are applicable to messages formatted and transmitted both as coded character sets and as binary data. ISO 16609:2004 is designed for use with symmetric algorithms where both sender and receiver use the same key. It does not specify methods for establishing the shared key, nor does it provide for encipherment for the protection of messages against unauthorized disclosure. Its application will not protect the user against internal fraud by sender or receiver, or forgery of a MAC by the receiver.

ISO 9564-3:2003 specifies the minimum security measures required for offline PIN handling and a standard means of interchanging PIN data in an offline environment. It is applicable to financial transaction card-originated transactions requiring offline PIN verification and to those institutions responsible for implementing techniques for the management and protection of the PIN at Automated Teller Machines (ATMs) and acquirer sponsored Point-of-Sale (POS) terminals.

ISO 15782-1:2003 defines a certificate management system for financial industry use for legal and natural persons that includes credentials and certificate contents, certification authority systems (including certificates for digital signatures and encryption key management), certificate generation, distribution, validation and renewal, authentication structure and certification paths, revocation and recovery procedures, and extensions to the definitions of public-key certificates and certificate revocation lists. It also recommends some useful operational procedures (e.g. distribution mechanisms, acceptance criteria for submitted credentials). While providing for the generation of certificates that could include a public key used for encryption key management, it does not address the generation or transport of keys used for encryption.

ISO/TR 17944:2002 provides a framework for standards dealing with security that are deemed necessary for the financial industry. It consists of an inventory of the key security issues which arise in the financial industry and, for each of these issues, the titles of the relevant existing standards are given.

This part of ISO 9564 specifies the basic principles and techniques which provide the minimum security measures required for effective international PIN management. These measures are applicable to those institutions responsible for implementing techniques for the management and protection of PINs. This part of ISO 9564 also specifies PIN protection techniques applicable to financial transaction-card-originated transactions in an online environment and a standard means of interchanging PIN data. These techniques are applicable to those institutions responsible for implementing techniques for the management and protection of the PIN at Automated Teller Machines (ATM) and acquirer sponsored Point-of-Sale (POS) terminals. The provisions of this part of ISO 9564 are not intended to cover: PIN management and security in the offline PIN environment, which is covered in ISO 9564-3; PIN management and security in the electronic commerce environments, which is to be covered in a subsequent part of ISO 9564; the protection of the PIN against loss or intentional misuse by the customer or authorized employees of the issuer; privacy of non-PIN transaction data; protection of transaction messages against alteration or substitution, e.g. an authorization response to a PIN verification; protection against replay of the PIN or transaction; specific key management techniques.