• There are no items in your cart
We noticed you’re not on the correct regional site. Switch to our AMERICAS site for the best experience.
Dismiss alert

ISO 13491-2:2017

Withdrawn

Withdrawn

A Withdrawn Standard is one, which is removed from sale, and its unique number can no longer be used. The Standard can be withdrawn and not replaced, or it can be withdrawn and replaced by a Standard with a different number.

View Superseded by

Financial services — Secure cryptographic devices (retail) — Part 2: Security compliance checklists for devices used in financial transactions

Available format(s)

Hardcopy , PDF , PDF 3 Users , PDF 5 Users , PDF 9 Users

Withdrawn date

11-01-2023

Superseded by

ISO 13491-2:2023

Language(s)

English

Published date

23-03-2017

£58.00
Excluding VAT

ISO 13491-2:2017 specifies checklists to be used to evaluate secure cryptographic devices (SCDs) incorporating cryptographic processes as specified in ISO 9564‑1, ISO 9564‑2, ISO 16609, ISO 11568‑1, ISO 11568‑2, and ISO 11568‑4 in the financial services environment. Integrated circuit (IC) payment cards are subject to the requirements identified in this document up until the time of issue after which they are to be regarded as a "personal" device and outside of the scope of this document.

ISO 13491-2:2017 does not address issues arising from the denial of service of an SCD.

In the checklists given in Annex A to Annex H, the term "not feasible" is intended to convey the notion that although a particular attack might be technically possible, it would not be economically viable since carrying out the attack would cost more than any benefits obtained from a successful attack. In addition to attacks for purely economic gain, malicious attacks directed toward loss of reputation need to be considered.

DevelopmentNote
Supersedes ISO/DIS 13491-2. (03/2017)
DocumentType
Standard
Pages
39
PublisherName
International Organization for Standardization
Status
Withdrawn
SupersededBy
Supersedes

Standards Relationship
DS ISO 13491-2 : 2017 Identical
BS ISO 13491-2:2017 Identical
NEN ISO 13491-2 : 2017 Identical
AS ISO 13491.2:2019 Identical
UNI ISO 13491-2 : 2003 Identical
ANSI X9.97-2 : 2009(R2017) Identical
BIS IS 16005-2 : 2013 Identical

11/30231373 DC : 0 BS ISO 11568-2 - FINANCIAL SERVICES - KEY MANAGEMENT (RETAIL) - PART 2: SYMMETRIC CIPHERS, THEIR KEY MANAGEMENT AND LIFE CYCLE
BS ISO 11568-4:2007 Banking. Key management (retail) Asymmetric cryptosystems. Key management and life cycle
05/30144069 DC : DRAFT DEC 2005 ISO 13491-1 - BANKING - SECURE CRYPTOGRAPHIC DEVICES (RETAIL) - PART 1: CONCEPTS, REQUIREMENTS AND EVALUATION METHODS
BIS IS 15256-4 : 2013 BANKING - KEY MANAGEMENT (RETAIL) - PART 4: ASYMMETRIC CRYPTOSYSTEMS - KEY MANAGEMENT AND LIFE CYCLE
ISO 11568-4:2007 Banking — Key management (retail) — Part 4: Asymmetric cryptosystems — Key management and life cycle
BS ISO 11568-1:2005 Banking. Key management (retail) Principles
ISO 13491-1:2016 Financial services — Secure cryptographic devices (retail) — Part 1: Concepts, requirements and evaluation methods
ANSI X9 TR 39 : 2009 TG-3 RETAIL FINANCIAL SERVICES COMPLIANCE GUIDELINE - PART 1: PIN SECURITY AND KEY MANAGEMENT
BS ISO 9564-1:2017 Financial services. Personal Identification Number (PIN) management and security Basic principles and requirements for PINs in card-based systems
NF ISO 13491-1 : 1999 BANKING - SECURE CRYPTOGRAPHIC DEVICES (RETAIL) - CONCEPTS, REQUIREMENTS AND EVALUATION METHODS
ISO 11568-2:2012 Financial services — Key management (retail) — Part 2: Symmetric ciphers, their key management and life cycle
14/30265615 DC : 0 BS ISO 13491-1 - BANKING - SECURE CRYPTOGRAPHIC DEVICES (RETAIL) - PART 1: CONCEPTS, REQUIREMENTS AND EVALUATION METHODS
13/30275456 DC : 0 BS ISO 9564-1:2011/AMD 1 - FINANCIAL SERVICES - PERSONAL IDENTIFICATION NUMBER (PIN) MANAGEMENT AND SECURITY - PART 1: BASIC PRINCIPLES AND REQUIREMENTS FOR PINS IN CARD-BASED SYSTEMS
15/30323818 DC : 0 BS ISO 9564-1 - FINANCIAL SERVICES - PERSONAL IDENTIFICATION NUMBER (PIN) MANAGEMENT AND SECURITY - PART 1: BASIC PRINCIPLES AND REQUIREMENTS FOR PINS IN CARD-BASED SYSTEMS
09/30201974 DC : 0 BS ISO 9564-1 - FINANCIAL SERVICES - PERSONAL IDENTIFICATION NUMBER (PIN) MANAGEMENT AND SECURITY - PART 1: BASIC PRINCIPLES AND REQUIREMENTS FOR PINS IN CARD BASE SYSTEMS
BS ISO 13491-1:2007 Banking. Secure cryptographic devices (retail) Concepts, requirements and evaluation methods
ISO 11568-1:2005 Banking — Key management (retail) — Part 1: Principles
BS ISO 11568-2:2012 Financial services. Key management (retail) Symmetric ciphers, their key management and life cycle
ISO 9564-1:2017 Financial services — Personal Identification Number (PIN) management and security — Part 1: Basic principles and requirements for PINs in card-based systems
ANSI X9.8-1 : 2015 FINANCIAL SERVICES - PERSONAL IDENTIFICATION NUMBER (PIN) MANAGEMENT AND SECURITY - PART 1: BASIC PRINCIPLES AND REQUIREMENTS FOR PINS IN CARD-BASED SYSTEMS
ANSI X9/TG-3 : 2006 RETAIL FINANCIAL SERVICES COMPLIANCE GUIDELINE - ONLINE PIN SECURITY AND KEY MANAGEMENT
I.S. CWA 14174-3:2004 FINANCIAL TRANSACTIONAL IC CARD READER (FINREAD) - PART 3: SECURITY REQUIREMENTS

ISO/IEC 18031:2011 Information technology Security techniques Random bit generation
ISO/IEC 15408-2:2008 Information technology — Security techniques — Evaluation criteria for IT security — Part 2: Security functional components
ISO 11568-2:2012 Financial services — Key management (retail) — Part 2: Symmetric ciphers, their key management and life cycle
ISO/IEC 15408-3:2008 Information technology — Security techniques — Evaluation criteria for IT security — Part 3: Security assurance components
ISO 13491-1:2016 Financial services — Secure cryptographic devices (retail) — Part 1: Concepts, requirements and evaluation methods
ISO/IEC 19790:2012 Information technology — Security techniques — Security requirements for cryptographic modules
ISO 16609:2012 Financial services — Requirements for message authentication using symmetric techniques
ISO 9564-1:2017 Financial services — Personal Identification Number (PIN) management and security — Part 1: Basic principles and requirements for PINs in card-based systems
ISO 11568-1:2005 Banking — Key management (retail) — Part 1: Principles
ISO/IEC 15408-1:2009 Information technology — Security techniques — Evaluation criteria for IT security — Part 1: Introduction and general model
ISO 9564-2:2014 Financial services — Personal Identification Number (PIN) management and security — Part 2: Approved algorithms for PIN encipherment
ISO 11568-4:2007 Banking — Key management (retail) — Part 4: Asymmetric cryptosystems — Key management and life cycle

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.