You've been redirected from MobilePaymentsToday.com to PaymentsDive.com. In March 2021, Mobile Payments Today became a part of Payments Dive. For the latest payments news, sign up for the daily newsletter.

ASC X9 seeks participants for PKI, TLS security study groups

Published

Oct. 26, 2018

The Accredited Standards Committee X9 Inc. has formed two study groups whose aim is to improve security and safeguard privacy for the financial services industry.

One group will look into issues regarding public key infrastructure certificate authorities; the other will research concerns related to use of the transport layer security protocol.

The committee is seeking participants for both groups, according to a press release.

PKI study group

A public key infrastructure functions through a process of registering and issuing certificates via a certificate authority.

Existing commercial CAs provide digital certificates to protect internet traffic; legacy systems rely on the same certificates for browsers, mobile apps and servers. However, security policies for financial services increasingly have different requirements from general internet use.

The PKI study group will seek solutions that protect financial services industry interests while maintaining a strong security and privacy posture for customers. 

The group will examine issues related to private CA and public third-party CA service providers and investigate the potential for an independent, dedicated CA for the financial services industry.

TLS study group

Transport layer security is a cryptographic protocol for providing secure communications over a private computer network or the internet; TLS replaces SSL, which is obsolete. 

Like many internet protocols, TLS continues to evolve and software implementations struggle to keep pace. Meanwhile, changes in the most recent TLS version will affect financial institutions and other large organizations.

The TLS study group will research problems encountered in current use of the protocol, review concerns with the new TLS version, and consider potential future issues.

The group will work to determine tactical and strategic solutions for the financial services industry, which might include new standardization efforts, implementation guidelines or other possible activity including alternative protocols.

"These new initiatives will provide important additions to the landscape of financial communications security and privacy," Steve Stevens, executive director of ASC X9, said in the release. "X9 members are committed to developing the technical financial standards needed for our industry to act efficiently and competitively in the marketplace. We invite any interested subject matter experts to participate in these efforts."