The security of retail electronic banking is largely dependent upon the security of cryptographic devices (e.g. PIN pads, ATMs, etc.), which are generally situated in non-secure environments. There is a risk that the devices may be tampered with or otherwise compromised to disclose or modify data. It is essential that the risk of financial loss is reduced through the appropriate use of cryptographic devices that have proper physical and logical security characteristics and are properly managed.
BSI’s International standards specify the characteristics and the management of the secure cryptographic devices used to protect messages, cryptographic keys, electronic payments and other sensitive information used in a retail banking environment.
This part of ISO 11568 specifies the principles for the management of keys used in cryptosystems implemented within the retail banking environment.
BS ISO 11568-1 is appropriate for use by financial institutions and other organizations engaged in the area of retail financial services, where the interchange of information requires confidentiality, integrity, or authentication. Retail financial services include but are not limited to such processes as POS debit and credit authorizations, automated dispensing machine and ATM transactions, etc.
 BS ISO 21188:2006
Public key infrastructure for financial services. Practices and policy framework |
 PAS 76:2006
Accounting software. Valued Added Tax in the UK. Specification |
|
|
BS ISO 11568-2:2005
Banking. Key management (retail) Symmetric ciphers, their key management and life cycle |
BS ISO 13491-2:2005
Banking. Secure cryptographic devices (retail) Security compliance checklists for devices used in financial transactions |
|
|
