With the expanded use of Internet technologies by the financial services industry, a new International Standard to protect online transactions has a huge potential to improve security measures taken against identity theft, cyber crime and intrusion attacks.
A public key infrastructure (PKI) is an arrangement that provides for third-party vetting of, and vouching for, user identities. It enables users to be authenticated by each other, and to use the information in identity certificates (i.e., each other's public keys) to encrypt and decrypt messages travelling to and fro. This enables two (or more) communicating parties to establish confidentiality, message integrity and user authentication without having to exchange any secret information in advance.
"The use of ISO 21188:2006 ensures the privacy, authenticity and integrity of financial transactions conducted over communications network," said Mark Zalewski, Chair of the ISO technical committee that developed the new standard. "It is expected to ensure more consistent and predictable security in financial systems and confidence in electronic communications."
The new standard sets out a framework of requirements to enable the use of public key certificates and to manage a PKI through certificate policies and certification practice statements in the financial industry. It also defines control objectives and supporting procedures to manage risks.
Mark Zalewski commented: "The new standard is a significant effort to fend off the trends in cyber crime and the intrusion attacks attempted on financial transactions worldwide. To put this threat into perspective for the digital age, over USD 222 billion in losses were sustained to the global economy as a result of identity theft."
ISO 21188:2006 was developed by ISO technical committee ISO/TC 68, Financial services, subcommittee SC 2, Security management and general banking operations. The standard costs 200 Swiss francs and is available from ISO national member institutes (see the complete list with contact details) and from ISO