ISO 23195-2021 pdf download

ISO 23195-2021 pdf download.Security objectives of information systems of third-party payment services. The description of the secunty vulnerabilities and the security obestives hereafter are intended to protect those assets previously mentioned because their degradation and/or damages in quality can result man unacceptable level of risk of fraud. 4.2.2 user data 43.2.1 General User data Include spcciI data required by the TN’ service which Is entered by or generated under the control or either human users or external IT entities Abuse or breach of user data can cause some commercial business risks, such as loss of reputation for the TPPSP. However, they generally cannot Influence the operation of the security functional components, i.e. they cannot cause financial systemic rlcs. NOTE The term ‘user dat.i ii taken from ISO/IEC 1540W Acrordir4 to the methodology otiined I. ISOIIEC 15408, all data can be divided into two types, namely uses data’ and TSF data. See 3ilD and 3.3.11. 4.222 TPP business configuration data The configuration data specifies the rules for TPP transactiuns. asset out by a TPP scheme. Those rules arc laid down by both TPPSP and ASPSP, along with TPP-AIS (if the mode is chosen). Configuration data may be present in: a) the TPPSP credential carriers; b) the ASPSP credential carriers lithe ASPSP credential iteeds to be used In the TPP transaction; c) the TPP payment terminals. d) the Tl’PSP gatekeepers; e) the TPP’BIS: 1) the ASPSP gatekeepers; g) the ASPSP accounting system; h) the TPP-AIS (if this mode Is chosen). NOTE Rules for YP? transactions are enforced by both the Implesneatanon of apphcationIevel software I. the different logical components as per Fiore 1 and the associated business confIguration data depicted her. EXAMPtE In a TPP business, the maslinum daily transfer balance limit is a type of business configuration data. 4.2.23 TPP business cumulative data Cumulative data in the TPP business are the data that are accumulated dunng the TPP business operation. Typically. cumulative data are divided imo several types as follows: a) Customer information: this kind of data comprises the payment service user’s P11. EXAMPlE 1 the ,tacnr of the payer or payee, the crrtifIcme type and number and the phone numbes are all TPP-rrlaird customer’s P11 b) Accounting Information: this kind of data coinptiscs account numbers Issued by ASPSP and account numbers Issued by TPPSP. EXAMPLE 2 Payment accounts are Lssued by nit ASPSP and are enrolled in tiw TPP-BIS. EXAMPLE...