This document is aimed to provide guidance to the European payments community on algorithm usage and key management issues.
It contains some recommendations from EPC on algorithm usage and key management issues that the payment service providers may consider together with their own security policy and the relevant professional or national rules and regulations they have to comply with.
These guidelines recommend use of International Standards where appropriate. It also addresses the points that should be considered whenever payment service providers wish to provide interoperable services based on cryptographic mechanisms. These points may be of particular interest for secured cross-border services.
The scope of this document is limited to cryptographic algorithms and key management. Amongst the mechanisms excluded from its scope are:
• error detecting mechanisms such as Cyclic Redundancy Check,
• data compression facilities such as Zip or Huffman coding,
• side-channel countermeasures and protocol layer interdependency checking,
• secret algorithms, for which no technical features are available.
The world of cryptography being wide and rapidly expanding, this document focuses on algorithms which are suitable for payment services, and which are already adopted by the financial industry or which are likely to be in the foreseeable future.
In order to cope with the rapid evolution of the technology, this report is updated yearly.
