TC68 - Banking and Related Financial Services

TC68 contains two subcommittees whose activities are security relevant:

• SC2 - Operations and procedures, and
• SC6 - Financial Transaction Cards, Related Media and Operations

Within SC2 the security work is done by WG2, Message Authentication (Security for Wholesale Banking). This Working Group has produced the following ISO standards:

ISO 8730

Requirements for Message Authentication,

ISO 8731/1

Approved algorithms for Message Authentication - Part 1 DEA-1 Algorithm.

ISO 8731/2

Approved Algorithms for Message Authentication - Part 2 Message Authentication Algorithm.

ISO 8732

Key Management.

In addition, it is presently working on the following projects:

1. Procedures for Message Encipherment - Part 1 General Principles; Part 2 Algorithms.
2. Unnumbered Secure Transmission of Personnel Authentication Information and Node Authentication.
3. Unnumbered Banking-Key Management - Multiple Centre Environment.
4. Data Security Framework for Financial Applications.

Within SC6, security standards are being developed by WG6, Security in Retail Banking, and WG7, Security Architecture of Banking Systems using the Integrated Circuit Card. WG6 is presently working on the following Standards:

• Retail Message Authentication,
• PIN Management and Security; this is a two part standard (PIN Protection Principles and Techniques and Approved Algorithms for PIN Encipherment).
• Retail Key Management Standard.

WG7 is working on a seven part standard on Financial Transaction Cards. Its parts are:

• Part 0 - (untitled);
• Part 1 - Card Life Cycle, ISO 10202;
• Part 2 - Transaction Process;
• Part 3 - Cryptographic Key Relationships;
• Part 4 - Security Application Modules;
• Part 5 - Use of Algorithms; and
• Part 6 - Cardholder Verification.