ASC X9 Releases New Standard for Securing and Managing Mobile Commerce
ANNAPOLIS, Md. – Sept. 11, 2018 — Today the Accredited Standards Committee X9 Inc. (X9) announced the publication of a new standard, ASC X9.112-3 “Wireless Management and Security – Part 3: Mobile,” which addresses the management and security requirements for mobile commerce implementations applicable to manufacturers, application developers and financial service providers. The standard is now available for download.
Mobile commerce presents a number of security and management challenges, such as customer isolation, the use of merchant-unattended terminals or kiosks, non-financial platforms that may not be trustworthy, and cellular, wireless and other connections that persist after an action has concluded, as well as the risks inherent in card-not-present transactions. Additionally, a mobile network infrastructure’s security may not reliably protect data in transmission. Finally, the continuing growth of the smartphone market increases the urgency of enabling better security for the mobile device population.
From a security perspective, mobile commerce has all the vulnerabilities of the internet and wireless environments combined; from a business
“I am delighted to announce the release of this standard,” said Steve Stevens, executive director of ASC X9. “Developers, implementers, service providers and assessors for the financial industry will welcome the guidance contained in the X9.112-3 requirements and recommendations, and end users will enjoy higher levels of security throughout every phase of a transaction, from initiation to completion.”
Some specific areas the new standard covers are:
Person-to-person, person-to-business and person-to-terminal mobile payments, including credit/debit cards, electronic funds transfer (EFT) transactions, gift cards, etc.
Mobile banking, including payer and payee management, bill management, portfolio management, and credit/debit card management
Mobile technologies, including mobile browsers, mobile applications (apps), and mobile channels (such as cellular, wireless, NFC, RFID, Bluetooth, SMS (text), and MMS (video))
X9.112-3 is the third piece of a multipart ANSI standard developed by X9’s Data and Information Subcommittee, which addresses different technologies and application environments using wireless communications. “Part 1: General Requirements” addresses requirements and recommendations for using radio frequency technologies within the financial services industry. “Part 2: ATM and POS,” addresses requirements for ATM and point-of-sale devices that use wireless communications. In addition, X9 members are involved in the ongoing development of an international standard for mobile financial services, ISO 12812, and its domestic adoption. In a related area, X9 is working closely with the PCI Security Standards Council on a consolidated PIN security standard and assessor program.
About the Accredited Standards Committee X9 Inc.
The Accredited Standards Committee X9 Inc. is a non-profit organization accredited by the American National Standards Institute (ANSI) to develop both national and international standards for the financial services industry. X9 has over 100 member companies and over 400 company representatives that work to develop and maintain approximately 100 domestic standards and 58 international standards.
The subjects of X9’s standards include: retail and mobile payments; printing and processing of checks; corporate treasury functions; block chain technology; processing of legal orders issued to financial institutions; tracking of financial transactions and instruments; tokenization of data; protection of financial data at rest and in motion; electronic contracts; and remittance data in business payments. X9 also performs the secretariat function and provides the committee chair for ISO TC 68, which produces international standards for the global financial services industry. For more information about X9 and its work, visit www.x9.org.
ASC X9 TR 48-2018 Card-Not-Present (CNP) Fraud Mitigation in the United States
ANSI X9.124-2-2018 Financial Services – Symmetric Key Cryptography for the Financial Services Industry – Format
Preserving Encryption- Part 2: Key Stream with Counter Mode
ANSI X9.129-2017 (Version 01) Legal Order Exchange
ANSI X9.69-2017 Framework for Key Management Extensions