ISO 12812-2:2017 describes and specifies a framework for the management of the security of MFS. It includes
- a generic model for the design of the security policy,
- a minimum set of security requirements,
- recommended cryptographic protocols and mechanisms for mobile device authentication, financial message secure exchange and external authentication, including the following:
- point-to-point aspects to consider for MFS;
- end-to-end aspects to consider;
- security certification aspects;
- generation of mobile digital signatures;
- interoperability issues for the secure certification of MFS,
- recommendations for the protection of sensitive data,
- guidelines for the implementation of national laws and regulations (e.g. anti-money laundering and combating the funding of terrorism (AML/CFT), and
- security management considerations.
In order to avoid the duplication of standardization work already performed by other organizations, this document will reference other International Standards as required. In this respect, users of this document are directed to materials developed and published by ISO/TC 68/SC 2 and ISO/IEC JTC 1/SC 27.