🔥🔥 Don’t Miss Out on Our End of Autumn Sale. If you have any questions, feel free to click the bottom right corner to contact our customer service..

Concat us[email protected]
Shopping Cart

No products in the cart.

🔍
BS ISO 5201:2024

BS ISO 5201:2024

$167.15

Financial services. Code-scanning payment security

Published By Publication Date Number of Pages
BSI 2024 40
PDF Format Searchable Printable Preview Now
Guaranteed Safe Checkout
Category:

If you have any questions, feel free to reach out to our online customer service team by clicking on the bottom right corner. We’re here to assist you 24/7.
Email:[email protected]

PDF Catalog

PDF Pages PDF Title
2 undefined
7 Foreword
8 Introduction
9 1 Scope
2 Normative references
3 Terms and definitions
12 4 Abbreviated terms
5 Overview of code-scanning payment
5.1 Basic framework of code-scanning payment
14 5.2 Mandatory steps and implementation modes of code-scanning payment
5.2.1 Mandatory steps
5.2.2 Payer-presented mode
5.2.3 Payee-presented mode
15 6 Security target objectives and assumptions
7 Risk assessment of code-scanning payment
7.1 General
7.2 Common risks to both modes as defined in Clause 5
7.2.1 Com_Risk_1: unauthorized user
16 7.2.2 Com_Risk_2: illegitimate code content
7.2.3 Com_Risk_3: tampered code image
7.2.4 Com_Risk_4: insecure message transmission
7.2.5 Com_Risk_5: payer sensitive information leakage
7.2.6 Com_Risk_6: payee sensitive information leakage
7.2.7 Com_Risk_7: routing conflict
7.3 Risk assessment of payer-presented mode
7.3.1 PrP_Risk_1: stolen code value
17 7.3.2 PrP_Risk_2: stolen code-generation parameters
7.3.3 PrP_Risk_3: breached encoding and decoding processes
7.3.4 PrP_Risk_4: captured code image
7.3.5 PrP_Risk_5: tempered transaction parameters
7.4 Risk assessment of payee-presented mode
7.4.1 PeP_Risk_1: code abuse
7.4.2 PeP_Risk_2: sensitive information in clear
7.4.3 PeP_Risk_3: unintentional repeated payments
7.4.4 PeP_Risk_4: attack on decoding process
18 7.4.5 PeP_Risk_5: forged payment notification
8 Security measures to mitigate the risks in Clause 7
8.1 General
8.2 Security measures to mitigate the risks in 7.2
8.2.1 Com_Measure_1: risk communication
8.2.2 Com_Measure_2: payment application security
19 8.2.3 Com_Measure_3: payer authentication
8.2.4 Com_Measure_4: security protocols
8.2.5 Com_Measure_5: anti cyber attacks
8.2.6 Com_Measure_6: risk control
20 8.2.7 Com_Measure_7: server-side sensitive information protection
8.2.8 Com_Measure_8: avoid mis-routing
8.2.9 Com_Measure_9: protect printed code images
8.2.10 Com_Measure_10: reject illegitimate payment code
21 8.2.11 Com_Measure_11: unique transaction ID
8.2.12 Com_Measure_12: payment result notification
8.3 Additional security measures to mitigate the risks in 7.2 and 7.3
8.3.1 PrP_Measure_1: code content
8.3.2 PrP_Measure_2: code generation and resolution requests
8.3.3 PrP_Measure_3: encoding and decoding processes
22 8.3.4 PrP_Measure_4: pre-generated code
8.3.5 PrP_Measure_5: prefetched code storage
8.3.6 PrP_Measure_6: prefetched code TTL
8.3.7 PrP_Measure_7: secure code presentation
23 8.3.8 PrP_Measure_8: payee side sensitive information protection
8.3.9 PrP_Measure_9: payee side tamper-proofing
8.3.10 PrP_Measure_10: anti-replay
8.4 Additional security measures to mitigate the risks in 7.2 and 7.4
8.4.1 PeP_Measure_1: code data set
24 8.4.2 PeP_Measure_2: encryption in the code
8.4.3 PeP_Measure_3: code presentation
8.4.4 PeP_Measure_4: CSP data set
8.4.5 PeP_Measure_5: dynamic code
8.4.6 PeP_Measure_6: payer side sensitive information protection
8.4.7 PeP_Measure_7: payer verification
8.4.8 PeP_Measure_8: avoid repeated payments
25 8.4.9 PeP_Measure_9: payee code management
26 Annex A (informative) Implementation modes of code-scanning payment
35 Annex B (informative) Case study to support the risk assessment
37 Annex C (normative) Requirements on cryptography
38 Bibliography

Related products

BS ISO 5201:2024
$167.15