{"id":457454,"date":"2024-10-20T09:51:19","date_gmt":"2024-10-20T09:51:19","guid":{"rendered":"https:\/\/pdfstandards.shop\/product\/uncategorized\/bs-iso-52012024\/"},"modified":"2024-10-26T18:18:48","modified_gmt":"2024-10-26T18:18:48","slug":"bs-iso-52012024","status":"publish","type":"product","link":"https:\/\/pdfstandards.shop\/product\/publishers\/bsi\/bs-iso-52012024\/","title":{"rendered":"BS ISO 5201:2024"},"content":{"rendered":"

PDF Catalog<\/h4>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
PDF Pages<\/th>\nPDF Title<\/th>\n<\/tr>\n
2<\/td>\nundefined <\/td>\n<\/tr>\n
7<\/td>\nForeword <\/td>\n<\/tr>\n
8<\/td>\nIntroduction <\/td>\n<\/tr>\n
9<\/td>\n1 Scope
2 Normative references
3 Terms and definitions <\/td>\n<\/tr>\n
12<\/td>\n4 Abbreviated terms
5 Overview of code-scanning payment
5.1 Basic framework of code-scanning payment <\/td>\n<\/tr>\n
14<\/td>\n5.2 Mandatory steps and implementation modes of code-scanning payment
5.2.1 Mandatory steps
5.2.2 Payer-presented mode
5.2.3 Payee-presented mode <\/td>\n<\/tr>\n
15<\/td>\n6 Security target objectives and assumptions
7 Risk assessment of code-scanning payment
7.1 General
7.2 Common risks to both modes as defined in Clause 5
7.2.1 Com_Risk_1: unauthorized user <\/td>\n<\/tr>\n
16<\/td>\n7.2.2 Com_Risk_2: illegitimate code content
7.2.3 Com_Risk_3: tampered code image
7.2.4 Com_Risk_4: insecure message transmission
7.2.5 Com_Risk_5: payer sensitive information leakage
7.2.6 Com_Risk_6: payee sensitive information leakage
7.2.7 Com_Risk_7: routing conflict
7.3 Risk assessment of payer-presented mode
7.3.1 PrP_Risk_1: stolen code value <\/td>\n<\/tr>\n
17<\/td>\n7.3.2 PrP_Risk_2: stolen code-generation parameters
7.3.3 PrP_Risk_3: breached encoding and decoding processes
7.3.4 PrP_Risk_4: captured code image
7.3.5 PrP_Risk_5: tempered transaction parameters
7.4 Risk assessment of payee-presented mode
7.4.1 PeP_Risk_1: code abuse
7.4.2 PeP_Risk_2: sensitive information in clear
7.4.3 PeP_Risk_3: unintentional repeated payments
7.4.4 PeP_Risk_4: attack on decoding process <\/td>\n<\/tr>\n
18<\/td>\n7.4.5 PeP_Risk_5: forged payment notification
8 Security measures to mitigate the risks in Clause 7
8.1 General
8.2 Security measures to mitigate the risks in 7.2
8.2.1 Com_Measure_1: risk communication
8.2.2 Com_Measure_2: payment application security <\/td>\n<\/tr>\n
19<\/td>\n8.2.3 Com_Measure_3: payer authentication
8.2.4 Com_Measure_4: security protocols
8.2.5 Com_Measure_5: anti cyber attacks
8.2.6 Com_Measure_6: risk control <\/td>\n<\/tr>\n
20<\/td>\n8.2.7 Com_Measure_7: server-side sensitive information protection
8.2.8 Com_Measure_8: avoid mis-routing
8.2.9 Com_Measure_9: protect printed code images
8.2.10 Com_Measure_10: reject illegitimate payment code <\/td>\n<\/tr>\n
21<\/td>\n8.2.11 Com_Measure_11: unique transaction ID
8.2.12 Com_Measure_12: payment result notification
8.3 Additional security measures to mitigate the risks in 7.2 and 7.3
8.3.1 PrP_Measure_1: code content
8.3.2 PrP_Measure_2: code generation and resolution requests
8.3.3 PrP_Measure_3: encoding and decoding processes <\/td>\n<\/tr>\n
22<\/td>\n8.3.4 PrP_Measure_4: pre-generated code
8.3.5 PrP_Measure_5: prefetched code storage
8.3.6 PrP_Measure_6: prefetched code TTL
8.3.7 PrP_Measure_7: secure code presentation <\/td>\n<\/tr>\n
23<\/td>\n8.3.8 PrP_Measure_8: payee side sensitive information protection
8.3.9 PrP_Measure_9: payee side tamper-proofing
8.3.10 PrP_Measure_10: anti-replay
8.4 Additional security measures to mitigate the risks in 7.2 and 7.4
8.4.1 PeP_Measure_1: code data set <\/td>\n<\/tr>\n
24<\/td>\n8.4.2 PeP_Measure_2: encryption in the code
8.4.3 PeP_Measure_3: code presentation
8.4.4 PeP_Measure_4: CSP data set
8.4.5 PeP_Measure_5: dynamic code
8.4.6 PeP_Measure_6: payer side sensitive information protection
8.4.7 PeP_Measure_7: payer verification
8.4.8 PeP_Measure_8: avoid repeated payments <\/td>\n<\/tr>\n
25<\/td>\n8.4.9 PeP_Measure_9: payee code management <\/td>\n<\/tr>\n
26<\/td>\nAnnex A (informative) Implementation modes of code-scanning payment <\/td>\n<\/tr>\n
35<\/td>\nAnnex B (informative) Case study to support the risk assessment <\/td>\n<\/tr>\n
37<\/td>\nAnnex C (normative) Requirements on cryptography <\/td>\n<\/tr>\n
38<\/td>\nBibliography <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":"

Financial services. Code-scanning payment security<\/b><\/p>\n\n\n\n\n
Published By<\/td>\nPublication Date<\/td>\nNumber of Pages<\/td>\n<\/tr>\n
BSI<\/b><\/a><\/td>\n2024<\/td>\n40<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"featured_media":457465,"template":"","meta":{"rank_math_lock_modified_date":false,"ep_exclude_from_search":false},"product_cat":[2641],"product_tag":[],"class_list":{"0":"post-457454","1":"product","2":"type-product","3":"status-publish","4":"has-post-thumbnail","6":"product_cat-bsi","8":"first","9":"instock","10":"sold-individually","11":"shipping-taxable","12":"purchasable","13":"product-type-simple"},"_links":{"self":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product\/457454","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product"}],"about":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/types\/product"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media\/457465"}],"wp:attachment":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media?parent=457454"}],"wp:term":[{"taxonomy":"product_cat","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_cat?post=457454"},{"taxonomy":"product_tag","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_tag?post=457454"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}