As payment trends move away from cash and towards online financial transactions, the use of third-party payment (TPP) providers such as PayPal is set to grow. While a convenient way to pay, their increased use inevitably brings with it greater security risks. A new standard for the information systems that provide TPP services has just been published to facilitate the safe development of the technology.
A TPP provider is a service that gives merchants the ability to accept online payments without requiring a merchant account. When it comes to their security, the fact that there is an intermediary increases the risk of fraud in the processing of the payment.
ISO 23195, Security objectives of information systems of third-party payment services, provides an internationally agreed list of terms and definitions, two logical structural models and a list of security objectives. To ensure maximum relevancy, the logical structural models, assets, threats and security objectives in this document are based on real-world practices.
Recognizing that TPP providers are continually seeking to reduce the risks of payment fraud, the standard acts as a solid complement to their existing measures.
Security objectives of information systems of third-party payment services
ISO 23195 was developed by ISO subcommittee SC 2, Financial services, security, of technical committee ISO/TC 68, Financial services. The secretariat for ISO/TC 68/SC 2 is held by BSI, ISO’s member for the UK.