X9 Launches Two Initiatives: New Mobile Payments Standard and Zero Trust Technical Report
ANNAPOLIS, MD. – Oct. 2, 2019
Subject Matter Experts Sought for Both Projects
The Accredited Standards Committee X9 Inc. (X9) today announced the launch of two new projects, for which it seeks additional expert participants. A new Mobile Financial Services standard, the second part of a suite of standards for mobile banking and payments, will adapt and augment ISO technical specification 12812-2 for use in the U.S., focusing on security considerations. A new Technical Report will establish a codified, open and objective approach to Zero Trust (ZT) security architectures and strategies for information systems, with a capabilities model for successful application of a ZT strategy and a plan for future standards.
Mobile Financial Services Standard X9.134 – Part 2
Availability and use of mobile banking and payment apps continue to increase; however, without a specific American National Standard to provide requirements and guidelines, especially in the critical area of security, this expansion is market driven and lacks focus on the need for security and data protection. Adoption of standards would benefit all stakeholders – such as financial institutions, app developers, card issuers, acquirers, merchants — and the marketplace in general. X9 offers more information about this on its website.
The new standard will include specific requirements applicable to all mobile financial service providers, detailing what an app is required to do to protect personal data and ensure security for transactions. The standard will also address certain areas not covered in the ISO specification, resulting in a comprehensive framework for mobile payment security that is harmonized with Part 3 of the X9.112 Wireless standard.
Zero Trust Technical Report
Zero Trust is a security approach that does not assume that actors, systems or services operating from inside or outside an organization’s security perimeter can be automatically trusted, but instead must be held to a standard and verified before any level of trust can be established. ZT architectures are becoming a necessary capability for addressing cyber threats, as well as a design foundation for many software developers and product vendors, which collectively require standards to enable interoperability and end-to-end control and monitoring. The application of a ZT approach will have implications across multiple industries, including those most highly regulated, as in the financial sector.
Augmenting existing national and international standards and guidelines, this technical report will provide a risk and controls framework for the successful adoption of ZT and will help end users understand what is needed for sustaining ZT strategies over the long term. Product developers, software engineers and information security executives will be able to use this report to understand proper zero trust strategies, implementations and monitoring capabilities to improve the resiliency, serviceability and availability of critical business services and information systems.
“The new mobile payment standard and the Zero Trust technical report are good examples of X9’s highly important work on critical, cross-industry issues, ” said X9 Executive Director Steve Stevens. “Enhancing the safety of mobile payments and ensuring the security of information systems through innovative strategies are goals our members take very seriously, and their work on these projects will benefit the global community.”
Interested parties and subject matter experts are invited to learn more and join the work.
About the Accredited Standards Committee X9 Inc.
The Accredited Standards Committee X9 Inc. is a non-profit organization accredited by the American National Standards Institute (ANSI) to develop both national and international standards for the financial services industry. X9 has over 100 member companies and over 400 company representatives that work to develop and maintain approximately 100 domestic standards and 58 international standards.
The subjects of X9’s standards include: retail and mobile payments; printing and processing of checks; corporate treasury functions; block chain technology; processing of legal orders issued to financial institutions; tracking of financial transactions and instruments; tokenization of data at rest; quantum computing risk; data breach; electronic contracts; and remittance data in business payments. X9 performs the secretariat function, acts as the U.S. Technical Advisory Group, and provides the committee chair for ISO TC68, which produces international standards for the global financial services industry. X9 also acts as the U.S. Technical Advisory Group for ISO TC322. For more information about X9 and its work, visit www.x9.org.
ASC X9 TR 48-2018 Card-Not-Present (CNP) Fraud Mitigation in the United States
ANSI X9.124-2-2018 Financial Services – Symmetric Key Cryptography for the Financial Services Industry – Format
Preserving Encryption- Part 2: Key Stream with Counter Mode
ANSI X9.129-2017 (Version 01) Legal Order Exchange
ANSI X9.69-2017 Framework for Key Management Extensions