|
Standard
ISO 5201
First edition
Financial services — Code-scanning
2024-04
payment security
Reference number
ISO 5201:2024(en) © ISO 2024
---------------------- Page: 1 ----------------------
ISO 5201:2024(en)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2024
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: [email protected]
Website: www.iso.org
Published in Switzerland
© ISO 2024 – All rights reserved
ii
---------------------- Page: 2 ----------------------
ISO 5201:2024(en)
Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Abbreviated terms . 4
5 Overview of code-scanning payment . 4
5.1 Basic framework of code-scanning payment .4
5.2 Mandatory steps and implementation modes of code-scanning payment.6
5.2.1 Mandatory steps .6
5.2.2 Payer-presented mode .6
5.2.3 Payee-presented mode .6
6 Security target objectives and assumptions . 7
7 Risk assessment of code-scanning payment . 7
7.1 General .7
7.2 Common risks to both modes as defined in Clause 5 .7
7.2.1 Com_Risk_1: unauthorized user .7
7.2.2 Com_Risk_2: illegitimate code content .8
7.2.3 Com_Risk_3: tampered code image .8
7.2.4 Com_Risk_4: insecure message transmission . .8
7.2.5 Com_Risk_5: payer sensitive information leakage .
...