The Accredited Standards Committee X9 is to upgrade the ANSI X9.112 Wireless Management and Security standard to address new and future vulnerabilities and risks to technologies – including NFC, RFID, WiFi and Bluetooth – that are used in devices supporting contactless and mobile payments such as payment cards, smartphones, point-of-sale (POS) terminals and ATMs.
X9 has launched the initiative in order to “assess the new technologies and attack methods that have evolved since the standard’s original publication” and is now inviting financial institutions, merchants, payments providers, device and SIM card manufacturers, software developers, mobile carriers and other stakeholders to participate in the project.
The X9 working group is led by Wells Fargo post-quantum cryptography researcher and architect Jeff Stapleton and will update all three existing parts of X9.112 that cover “general requirements applicable to all wireless implementations for the financial services industry”, “general requirements for ATMs and POS terminal environments” and “general requirements for mobile environments” respectively.
In particular the working group will investigate “wireless technologies including vulnerabilities and personal devices, mobile payments including payment cards and digital wallets, technologies such as communication channels (cellular, WiFi, NFC, RFID, Bluetooth) and communication media (voice, email, SMS (text) and MMS (video)”, X9 explains.
“The wireless and mobile environments are a challenging interplay among financial services, mobile manufacturers and carriers, other device manufacturers and consumers,” Stapleton says.
“All need assurance that messages can be exchanged securely and reliably with any device, independent of the hardware, operating system and software, and network environments.
“Help us define the defences against wireless fraud and data breaches: we invite you to take part in identifying the risks and defining the requirements and recommendations for using wireless technology in financial transactions.”
Details of how to participate in the initiative to upgrade the ANSI X9.112 standard are available on the X9 website.