ANNAPOLIS, Md.–(BUSINESS WIRE)–Today the Accredited Standards Committee X9 Inc. (X9)
announced the publication of a new standard, ASC X9.112-3 “Wireless
Management and Security – Part 3: Mobile,” which addresses the
management and security requirements for mobile commerce implementations
applicable to manufacturers, application developers and financial
service providers. The standard is now available
Mobile commerce presents a number of security and management challenges,
such as customer isolation, the use of merchant-unattended terminals or
kiosks, non-financial platforms that may not be trustworthy, and
cellular, wireless and other connections that persist after an action
has concluded, as well as the risks inherent in card-not-present
transactions. Additionally, a mobile network infrastructure’s security
may not reliably protect data in transmission. Finally, the continuing
growth of the smartphone market increases the urgency of enabling better
security for the mobile device population.
From a security perspective, mobile commerce has all the vulnerabilities
of the internet and wireless environments combined; from a business
perspective it encompasses three disparate industries: financial
services, mobile telecommunications, and mobile platforms manufacturing.
The new X9.112-3 standard guides all these parties toward safer and more
efficient implementations of mobile commerce. As mobile devices and
services become compliant with this standard, mobile-related risks will
decrease, consumer confidence will increase, and mobile-related identify
theft and fraud should be reduced.
“I am delighted to announce the release of this standard,” said Steve
Stevens, executive director of ASC X9. “Developers, implementers,
service providers and assessors for the financial industry will welcome
the guidance contained in the X9.112-3 requirements and recommendations,
and end users will enjoy higher levels of security throughout every
phase of a transaction, from initiation to completion.”
Some specific areas the new standard covers are:
Person-to-person, person-to-business and person-to-terminal mobile
payments, including credit/debit cards, electronic funds transfer
(EFT) transactions, gift cards, etc.
Mobile banking, including payer and payee management, bill management,
portfolio management, and credit/debit card management
Mobile technologies, including mobile browsers, mobile applications
(apps), and mobile channels (such as cellular, wireless, NFC, RFID,
Bluetooth, SMS (text), and MMS (video))
X9.112-3 is the third piece of a multipart ANSI standard developed by
X9’s Data and Information Subcommittee, which addresses different
technologies and application environments using wireless communications.
“Part 1: General Requirements” addresses requirements and
recommendations for using radio frequency technologies within the
financial services industry. “Part 2: ATM and POS,” addresses
requirements for ATM and point-of-sale devices that use wireless
communications. In addition, X9 members are involved in the ongoing
development of an international standard for mobile financial services,
ISO 12812, and its domestic adoption. In a related area, X9 is working
closely with the PCI Security Standards Council on a consolidated PIN
security standard and assessor program.
About the Accredited Standards Committee X9 Inc.
Accredited Standards Committee X9 Inc. is a non-profit organization
accredited by the American National Standards Institute (ANSI) to
develop both national and international standards for the financial
services industry. X9 has over 100 member companies and over 400 company
representatives that work to develop and maintain approximately 100
domestic standards and 58 international standards.
The subjects of X9’s standards include: retail and mobile payments;
printing and processing of checks; corporate treasury functions; block
chain technology; processing of legal orders issued to financial
institutions; tracking of financial transactions and instruments;
tokenization of data; protection of financial data at rest and in
motion; electronic contracts; and remittance data in business payments.
X9 also performs the secretariat function and provides the committee
chair for ISO TC 68, which produces international standards for the
global financial services industry. For more information about X9 and
its work, visit www.x9.org.