New ISO standard aims to ensure the security of financial transactions on the Internet

With the expanded use of Internet technologies by the financial services industry, a new international standard to protect online transactions has a huge potential to improve security measures taken against identity theft, cyber crime and intrusion attacks. ISO 21188:2006, ‘Public Key Infrastructure for financial services – practices and policy framework’, offers a set of guidelines to assist risk managers, business managers and analysts, technical designers and implementers and operational management and auditors in the financial services industry.

"The use of ISO 21188:2006 ensures the privacy, authenticity and integrity of financial transactions conducted over communications network," said Mark Zalewski, chair of the ISO technical committee that developed the new standard.

"It is expected to ensure more consistent and predictable security in financial systems and confidence in electronic communications."

The new standard sets out a framework of requirements to enable the use of public key certificates and to manage a PKI through certificate policies and certification practice statements in the financial industry. It also defines control objectives and supporting procedures to manage risks.

Mark Zalewski stated: "The new standard is a significant effort to fend off the trends in cyber crime and the intrusion attacks attempted on financial transactions worldwide. To put this threat into perspective for the digital age, over USD 222 billion in losses were sustained to the global economy as a result of identity theft."

•Date: 25th May 2006• Region: World • Type: Article •Topic: Financial sector
Rate this article or make a comment - click here