UNLIMITED FREE ACCESS TO THE WORLD'S BEST IDEAS

close
Already an Engineering360 user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your Engineering360 Experience

close
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

ANSI - X9.84

Biometric Information Management and Security for the Financial Services Industry

active, Most Current
Organization: ANSI
Publication Date: 1 January 2018
Status: active
Page Count: 148
scope:

This standard describes the security framework for using biometrics for authentication of individuals in financial services. It introduces the types of biometric technologies and addresses issues concerning their application. This standard also describes the architectures for implementation, specifies the minimum security requirements for effective management, and provides control objectives and recommendations suitable for use by a professional practitioner. Within the scope of this standard the following topics are addressed:

  • Security for the collection, distribution, and processing, of biometric data, encompassing data integrity, data confidentiality, origin authenticity, and non-repudiation.
  • Management of biometric data across its life cycle comprised of the enrollment, transmission and storage, verification, identification, and termination processes.
  • Usage of biometric technology, including one-to-one and one-to-many matching, for the identification and authentication of banking customers and employees.
  • Application of biometric technology for internal and external, as well as logical and physical access control.
  • Encapsulation and cryptographic protection of biometric information for security, interoperability, and data confidentiality.
  • Encryption, signcryption, tokenization methods, and biometric policy for privacy
  • Secure transmission and storage of biometric information during its life cycle.
  • Security of the physical hardware used throughout the biometric data life cycle.
  • Cryptographic techniques for data integrity, origin authenticity, and data confidentiality of biometric information.
  • Validation of credentials presented at enrollment to support authentication as required by risk management;
  • Surveillance to protect the financial institution and its customers;
  • Items considered out of scope and not addressed in this standard include the following:
  • Privacy laws and legal interpretations regarding the collection, processing, or storage of biometric information preceding or during enrollment or authentication.
  • Specific techniques for data collection, signal processing, and matching of biometric data, and the biometric matching decision-making process;
  • Usage of biometric technology for non-authentication convenience applications such as speech recognition, user interaction, and anonymous access control.

Although this standard does not address specific requirements and limitations of business applications employing biometric technology, other standards may address these topics.

A biometric authentication system may claim compliance to this standard if the implementation satisfies the management and security requirements identified in §8 Management and Security Requirements. A biometric authentication system that utilizes the methods recommended in §9 Techniques and has implemented appropriate policies, practices and operational procedures should comply with this

Document History

X9.84
January 1, 2018
Biometric Information Management and Security for the Financial Services Industry
This standard describes the security framework for using biometrics for authentication of individuals in financial services. It introduces the types of biometric technologies and addresses issues...
March 31, 2010
Biometric Information Management and Security for the Financial Services Industry
This Standard describes the security framework for using biometrics for authentication of individuals in financial services. It introduces the types of biometric technologies and addresses issues...
July 29, 2003
Biometric Information Management and Security for the Financial Services Industry
This Standard specifies the minimum security requirements for effective management of biometric data. Within the scope of this Standard the following topics are addressed: Security for the...
January 1, 2001
Biometric Information Management and Security
A description is not available for this item.

References

Advertisement