scope:

This document describes and specifies: - A Security Framework including an analysis of vulnerabilities, threats and countermeasures for the operation of MFSs. - Minimum requirements to secure MFSs based on secure environments. - Cryptographic protocols and mechanisms for mobile device authentication, financial message secure exchange and external authentication, including I) Point-to-Point Security requirements for MFSs; II) End-to-End Security Requirements; III) Security Certification aspects; IV) Mobile Digital Signatures and PKI related Issues. - Interoperability issues for the Secure Certification of MFSs. - Recommendations for the Protection of Sensitive Data. - Guidelines for the implementation of national laws and regulations (e.g., Anti-Money Laundering and combating the Funding of Terrorism (AML/CFT). - Security management considerations.