UNLIMITED FREE
ACCESS
TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

- Trained on our vast library of engineering resources.

ANSI - X9.112-3

Wireless Management and Security Part 3: Mobile

active, Most Current
Organization: ANSI
Publication Date: 10 July 2018
Status: active
Page Count: 55
scope:

The mobile environment cumulates numerous risk factors consisting of (a) unattended terminals, (b) card-notpresent transactions, (c) untrustworthy platforms, and (d) persistent wireless connections. Further the mobile network operator (MNO) infrastructure may not provide sufficient security that can be relied upon to protect data in transmission. From a security perspective mobile commerce has all of the same vulnerabilities as the Internet and wireless environments combined; and from a business perspective it encompasses three disparate industries: the financial services, mobile telecommunications, and manufacturing mobile platforms.

Areas within scope of this standard include, but are not limited to the following:

Mobile transactions include sending and receiving messages for payments, and banking

• Key management transactions / protocol / scheme / procedures / process

• Authentication transactions: logon, confirmation, persistency, risk based authorization

• Transaction confirmations

• Transaction recovery, session management

• Transaction: one or more related messages

Mobile payments for person-to-person (P2P), person-to-business (P2B), and person-to-terminal (P2T) including credit/debit card, and electronic funds transfer (EFT) transactions.

• New business relationship with financial institutions (FI)

• Gift cards, pre-paid debit, payroll cards, virtual "software" card, electronic cash, micro-payments, electronic benefit and transfer (EBT), one-time-credit-card

Mobile banking includes payer management, payee management, bill management, portfolio management, credit/debit card management

Mobile technologies including mobile browsers, mobile applications (app), and mobile channels (e.g., cellular (e.g., 3G, 4G), wireless, NFC, RFID, Bluetooth, SMS (text), MMS (video).

Requirements for mobile proximity (e.g. NFC, RFIC, Bluetooth) payments and mobile remote (e.g. cellular, WiFi, SMS) payments are the same despite the differences in communication channels.

Areas not in scope of this standard include, but are not limited to, the following:

PIN Management and Security, which is addressed by other ANSI or ISO standards

• X9.8 PIN Management and Security

• ISO 9564 PIN Management and Security

Biometric Information Security is addressed by other ANSI or ISO standards

• X9.84 Biometric Information Management and Security

• ISO 19092 Financial services -- Biometrics -- Security framework

Key Management and Security is addressed by other ANSI or ISO standards

• X9.24 Retail Financial Services Symmetric Key Management

- Part 1: Using Symmetric Techniques

- Part 2: Using Asymmetric Techniques

• X9.79 Public Key Infrastructure (PKI)

- Part 4: Asymmetric Key Management

Pre-existing business relationship with the FI is assumed to be in place.

• Mobile marketing, e.g., advertisements, coupons, loyalty programs, and catalogs.

Voice communications, including Interactive Voice Response (IVR), Voice Response Units (VRU), Voice Extended Markup Language (VXML), and live agent services such as call centers or help desks.

Other technologies such as smart cards and electronic money are likewise out of scope.

This standard is part of a multiple part wireless management and security standard addressing the use of mobile devices for financial services.

X9.112 Wireless Management and Security

- Part 1: General Requirements

- Part 2: ATM and POS

- Part 3: Mobile Banking and Payments

Developers and manufacturers can use this standard to design and implement security controls for mobile devices, mobile applications, mobile networks, and mobile financial services. Financial institutions and mobile service providers can use this standard to deploy security controls for mobile applications and mobile financial services. Auditors and other security professionals can use this standard as the evaluation criteria for performing a security assessment of mobile financial services.

Document History

X9.112-3
July 10, 2018
Wireless Management and Security Part 3: Mobile
The mobile environment cumulates numerous risk factors consisting of (a) unattended terminals, (b) card-notpresent transactions, (c) untrustworthy platforms, and (d) persistent wireless connections....

References

Advertisement