X9 Seeks Participants to Update Wireless Financial Services Standards

The Accredited Standards Committee X9 Inc. (X9) today announced that it has embarked on an effort to update ANSI X9.112, Wireless Management and Security, a multi-part standard that covers wireless service implementations for the financial services industry. Updates are now needed because wireless technologies and protocols have changed, and new vulnerabilities have been discovered.

Wireless technology offers easy access to private and public networks anywhere, at any time, using personal or corporate devices. However, this ease of access to both infrastructure and networks significantly affects privacy and data protection, and it allows an avenue for continual attacks. Newer and faster wireless technologies (such as 5G) and expanding use of wireless-enabled devices only make the gap more difficult to close.

The updates to X9.112 will assess the new technologies and attack modes that have evolved since the standard’s original publication, in order to define requirements and recommendations for securely using wireless technologies in financial services today. Stakeholders include financial institutions, merchants, payment providers, device and SIM card manufacturers, software developers and mobile carriers. Interested parties may contact X9 to learn how to join this initiative.

All three parts of X9.112 will be updated:

• Part 1 provides an overview of wireless radio frequency (RF) technology risks and general requirements applicable to all wireless implementations for the financial services industry.
• Part 2 provides general requirements for automated teller machines (ATM) and point of sale (POS) terminal environments.
• Part 3 offers general requirements for mobile environments.

The working group will investigate these areas:

• Wireless technologies including vulnerabilities and personal devices
• Mobile payments including payment cards and digital wallets
• Technologies such as communication channels (cellular, Wi-Fi, NFC, RFID, Bluetooth) and communication media (voice, email, SMS (text) and MMS (video))

“The wireless and mobile environments are a challenging interplay among financial services, mobile manufacturers and carriers, other device manufacturers and consumers. All need assurance that messages can be exchanged securely and reliably with any device, independent of the hardware, operating system and software, and network environments,” said Jeff Stapleton of Wells Fargo, chair of the X9 working group that will update the standards. “Help us define the defenses against wireless fraud and data breaches: we invite you to take part in identifying the risks and defining the requirements and recommendations for using wireless technology in financial transactions.” 

About the Accredited Standards Committee X9 Inc.

The Accredited Standards Committee X9 Inc. is a non-profit organization accredited by the American National Standards Institute (ANSI) to develop and maintain national and – through ISO — international standards for the financial services industry. The subjects of X9’s standards include: retail, mobile and business payments; corporate treasury functions; block chain technology; processing of electronic legal orders issued to financial institutions; tracking of financial transactions and instruments; financial transaction messaging (ISO 8583 and 20022); quantum computing; AI, PKI; checks; cloud; data breach notification and more.

X9 acts as the U.S. Technical Advisory Group (TAG) for ISO TC68 (Financial) and TC321 (E-Commerce) and performs the secretariat functions for ISO TC68. Please visit our website (www.x9.org) for more information.