ACCREDITED STANDARDS COMMITTEE X9, INC.

, FINANCIAL INDUSTRY STANDARDS OF AMEICAN NATIONAL STANDARDS, DRAFTS AND TECHNICAL

CATALOG OF FINANCIAL INDUSTRY AMERICAN NATIONAL STANDARDS, DRAFT STANDARDS FOR TRIAL USE, TECHNICAL REPORTS and TECHNICAL GUIDELINES March 2010
ASC X9, Inc. 1212 West Street, Suite 200, Annapolis, Maryland 21401 www.x9.org

TABLE OF CONTENTS ASC X9, INC FINANCIAL INDUSTRY STANDARDS

TABLE OF CONTENTS HOW TO PURCHASE STANDARDS TERMS AND DEFINITIONS X9s ELECTRONIC BENEFITS TRANSFER (EBT) SET X9s SECURITY COLLECTION X9s IMAGE COLLECTION X9s MICR DOCUMENT PRINTING COLLECTION X9s CRYPTOGRAPHIC MESSAGE COLLECTION X9s ENCRYPTION COLLECTION X9s CHECK IMAGE COMPLIANCE COLLECTION (Formerly Check 21) X9s DTSU X9.100-172 SET PG. 2 PG. 5 PG. 6 PG. 7 PG. 7 PG. 7 PG. 8 PG. 9 PG. 9 PG. 9 PG. 10

PAPER CHECK STANDARDS PG. 11-16 X9/TR-100 Organization of Standards for Paper-Based and Image-Based Payments X9/TR-2 Understanding and Designing Checks X9/TR-6 Quality Control of MICR Documents X9/TG-8 Check Security Guideline X9.7 Bank Check Background and Numerical Convenience Amount Field X9.100-10 Paper Specifications for Checks (formerly X9.18) X9.100-111 Specifications for Check Endorsements (formerly X9.53) X9.100-130 Specifications for Universal Interbank Batch/Bundle (formerly X9.64) X9.100-151 Check Correction Strip Specification (formerly X9.40) X9.100-160-1 Placement and Location of Magnetic Ink Printing (MICR) (formerly X9.13) X9.100-160-2 Placement and Location of Magnetic Ink Printing (MICR) Part 2: EPC Field Use (formerly X9.13 Annex A only) X9.100-161 Creating MICR Document Specification Forms (formerly X9.47) X9.100-120 Specifications for Bank Deposit Tickets (formerly X9.33) X9.100-170 Specifications for the Padlock Icon (formerly X9.51) DSTU 100-172-1 Specifications for the Validation of ICSF, Part 1: Overview and Security Marks DSTU 100-172-2 Specifications for the Validation of ICSF, Part 2: Data Definitions DSTU 100-172-3 Specifications for the Validation of ICSF, Part 3: Message Definitions DSTU 100-172-4 Specifications for the Validation of ICSF, Part 4: Application and Registration Policies and Process DTSU X9.100-172 SET Specifications for the Validation of ICSF, Parts 1-4 X9.100-20 Print and Test Specifications for Magnetic Ink Printing (formerly X9.27)
PUBLISHED March 2010 Copyrighted 2010

X9/TR-33 Check Image Quality Assurance Standards and Processes X9.100-40-1 and 2 Specifications for Check Image Tests Part 1: Definition of Elements and Structures; Part 2: Application and Registration Procedures ELECTRONIC CHECK PROCESSING STANDARDS PG. 17-18 X9.100-140 Specifications for an Image Replacement Document (IRD) (formerly DSTU X9.90) X9.100-180 Specifications for Electronic Exchange of Check and Image Data (non-domestic) (formerly DSTU X9.37) X9.100-181 Specifications for TIFF Image Format for Image Exchange DSTU X9.100-183 Specifications For Electronic Check Adjustments X9.100-187 Specifications for Electronic Exchange of Check and Image Data - Domestic ELECTRONIC RETAIL, SECURITY AND ELECTRONIC BENEFITS TRANSFER STANDARDS

PG. 19-22

X9.58 Financial Transaction Messages - Electronic Benefits Transfer (EBT) Food Stamps X9.59 Electronic Commerce for the Financial Services Industry: Account Based Secure Payments Objects X9.93-1 Financial Transaction Messages - Electronic Benefits Transfer (EBT) Part 1: Messages X9.93-2 Financial Transaction Messages - Electronic Benefits Transfer (EBT) Part 2: Files X9.104-1 Financial transaction card originated messages Card acceptor to acquiring host messages Part 1: Messages, data elements and code values X9.104-2 Financial transaction card originated messages Card acceptor to acquiring host messages Part 2: Convenience store and petroleum marketing industry X9.105-1 Financial transaction card originated messages interchange message specifications Part 1: Messages, data elements and code values (Identical to ISO 8583-1:2009) X9.105-3 Financial transaction card originated messages interchange message specifications Part 3: Maintenance procedures for messages, data elements and code values (Identical to ISO 8583-3:2003) X9.106 Retail Financial Services Merchant Category Codes (Identical to ISO 18245) X9.107 Bank cards Magnetic stripe data content for track 3 (Identical to ISO 4909) DSTU X9.108 Financial transaction messages Electronic benefits transfer (EBT) WIC retailer interface standard X9/TR-38-3 Financial Services - UNIversal Financial Industry Message Scheme Part 3: ISO 20022 Modelling Guidelines (Identical to TR/ISO 20022-3 TS) X9/TR-38-4 Financial Services - UNIversal Financial Industry Message Scheme Part 4: ISO 20022 XML Design Rules (Identical to TR/ISO 20022-4 TS) CREDIT STANDARDS PG. 23 X9.103 Motor Vehicle Retail Sale and Lease Electronic Contracting X9/TR-4 Financial Services Technical Report SPeRS Standards and Procedures for Electronic Records and Signatures X9.110 TOLEC - Transfer of Location of Electronic Contracts SECURITIES PROCESSING STANDARDS X9/TG-10 Signature Guarantee Guideline X9.5 Financial Institution Numbering System (FINS) X9.6 Securities Identification System X9.12 Specifications for Fully Registered Municipal Securities
PUBLISHED March 2010

PG. 24-25

Copyrighted 2010

X9.14 Specifications for Securities Transaction Interchange Forms X9.20 Securities Institutional Delivery System X9.101 International securities identification numbering system (ISIN) (Identical to ISO 6166) DATA AND INFORMATION SECURITY STANDARDS PG. 26-33 X9/TR-39 Retail Financial Services Compliance Guideline Part 1: Online PIN Security and Symmetric Key Management (formerly TG-3) X9/TR-39 FAQ X9/TG-9 Abstract Syntax Notation and Encoding Rules for Financial Industry Standards X9/TR-31 Interoperable Secure Key Exchange Key Block Specification for Symmetric Algorithms X9.8-1 Personal Identification Number Management and Security Part 1: PIN Protection Principles and Techniques for Online PIN Verification in ATM & POS Systems X9.24-1 Retail Financial Services Symmetric Key Management Part 1: Using Symmetric Techniques X9.24-2 Retail Financial Services Symmetric Key Management Part 2: Using Asymmetric Techniques for the Distribution of Symmetric Keys X9.32 Financial Institution Data Compression (Wholesale) X9.42 Public Key Cryptography For The Financial Services Industry: Agreement of Symmetric Keys Using Discrete Logarithm Cryptography X9.44 Key Establishment Using Integer Factorization Cryptography X9.62 Public Key Cryptography for the Financial Services ECDSA X9.63 Public Key Cryptography for the Financial Services Industry: Key Agreement and Key Transport Using Elliptic Curve Cryptography X9.65 Triple Data Encryption Algorithm (TDEA) Implementation X9.69 Key Management Extensions X9.73 Cryptographic Message Syntax X9.79-1 Financial Services PKI Policy and Practices Framework X9.80 Prime Number Generation Primality Testing, and Primality Certificate X9.82-1 Random Number Generation, Part 1: Overview and Basic Principles X9.82-3 Random Number Generation, Part 3: Deterministic Random Bit Generators X9.84 Biometric Information Management and Security for the Financial Services Industry X9.92-1 Public Key Cryptography for the Financial Services Industry Digital Signature Algorithms Giving Partial Message Recovery Part 1: Elliptic Curve Pintsov-Vanstone Signatures (ECPVS) X9.95 Trusted Time Stamp Management and Security X9.96 XML Cryptographic Message Syntax (XCMS) X9.97-1 Financial services - Secure Cryptographic Devices (Retail) - Part 1: Concepts, Requirements and Evaluation Methods X9.97-2 Identical to ISO 13491-2: 2005 Banking - Secure cryptographic devices (retail) - Part 2: Security compliance checklists for devices used in financial transactions X9.102 Symmetric Key Cryptography For the Financial Services Industry - Wrapping of Keys and Associated Data X9.112-1 Wireless Management and Security Part 1: General Requirements MANAGEMENT STANDARDS X9.99 Privacy Impact Assessment Standard HOW TO JOIN ASC X9, INC. X9 MEMBERSHIP INFORMATION MEMBERSHIP ENROLLMENT FORM
PUBLISHED March 2010

PG. 34

PG. 35 PG. 36 PG. 38

Copyrighted 2010

HOW TO PURCHASE STANDARDS ONLINE

The Accredited Standards Committee X9 (ASC X9) is the only organization accredited by the American National Standards Institute (ANSI)* developing technical standards for the financial services industry. Please make your standards selection carefully. X9 is not unable to provide refunds nor can we accept returns or cancellations of electronic documents purchased through the X9. ALL SALES ARE FINAL. If you are unsure of your selection or if you need further information, please feel free to contact X9 staff before placing your order:

You may access the X9 electronic bookstore by going to:

www.x9.org click on the Standards tab, then the X9 Standards Store tab Payment Standards may be purchased using: MasterCard, VISA American Express. Free Standards for Accredited Standards Committee X9 members ASC X9 members in good standing at the X9 membership Category A, B or C levels have full access to X9 standards free of charge. Information about membership in ASC X9 is located beginning on page 40 of this catalog.

PUBLISHED March 2010

Copyrighted 2010

TERMS AND DEFINITIONS

American National Standard Standards developers accredited by the American National Standards Institute (ANSI) use the Approved American National Standard mark and term the standard an American National Standard. These are not American National Standards. Draft Standards for Trial may be published by accredited standards developers for trial use and comment in trade or technical journals, or as separate publications for a period of up to three years. The availability of such draft standards shall be registered with ANSI and announced in ANSIs Standards Action, other appropriate media and, if practical, may be listed in ANSIs catalog. An American National Standard that has been reviewed and approved by the consensus body and no changes have been made to it. Accredited Standards Committee X9, Incorporated, Financial Industry Standards. The ANSI-accredited body that develops national financial industry standards. A national federation of standards developers. X9 is not ANSI, X9 is accredited by ANSI and each organization has their own separate membership International Organization for Standardization, or SO/IEC.

Draft Standard for Trial Use (DSTU)

Reaffirmed

Accredited Standards Committee X9, Inc. (ASC X9, Inc.)

American National Standards Institute (ANSI)

International Organization for Standards (ISO)

PUBLISHED March 2010

Copyrighted 2010

Standards Collections
X9.93-2008 Set - Financial transaction messages -- Electronic benefits transfer (EBT) -- Part 1: Messages and Part 2: Files *** SAVE 10% - 176 pages These two standards provide all parties involved in Electronic Benefits Transfer (EBT) transactions with technical specifications for exchanging financial transaction messages. The documents standardize message formats based on the ISO 8583 standard and thereby maximize EBT productivity for all stakeholders in the industry. These standards describe messages in both an offline and online processing environment. It specifies message structure, format and content, data elements and values for data elements used in EBT. The method by which EBT settlement takes place is not within the scope of this standard. Data representation used in individual systems is subject to the commercial relationships between the parties contracting to each system. The message formats specified in this standard are designed to ensure that compatibility between systems conforming to these standards are always feasible. Price: $108.00

X9 Security Collection - Security Features for Check Documents Collection -- Save 30% Collection Includes: X9/TR 100-2008 Organization of Standards for Paper-based and image-based Check Payments -- Part 1: Organization of Standards; Part 2: Definitions used in Standards X9/TG-8-2002 Check Security Guideline X9/TR 2-2005 Understanding, Designing and Producing Checks X9.100-170-2004 Specifications for the Padlock Icon (Formerly X9.51) DTSU X9.100-172-1-2007 Specifications for the Validation of ICSF, Part 1: Overview and Security Marks DTSU X9.100-172-2-2007 Specifications for the Validation of ICSF, Part 2: Data Definitions DTSU X9.100-172-3-2007 Specifications for the Validation of ICSF, Part 3: Message Definitions DTSU X9.100-172-4-2007 Specifications for the Validation of ICSF, Part 4: Application and Registration Policies and Process Price: $460.00 X9 Image Collection - Image Compliant Financial Documents Collection -- Save 30% Collection Includes: X9/TR-100-2008 Organization of Standards for Paper-based and image-based Check Payments -- Part 1: Organization of Standards; Part 2: Definitions used in Standards X9.100-10-2006 Paper Specifications for MICR Documents (Formerly X9.18) X9.100-160-1-2009 Placement and Location of Magnetic Ink Printing (MICR) (Formerly X9.13)
PUBLISHED March 2010 Copyrighted 2010

X9.100-160-2-2009 Placement and Location of Magnetic Ink Printing (MICR) Part 2: EPC Field Use X9.100-20-2006 Print and Test Specifications for Magnetic Ink Printing (MICR) Part 1: Print Specifications, Part 2: Conformance Testing, Part 3: Secondary Reference Documents (Formerly X9.27) X9.7-1999 (R2007) Bank Check Background and Numerical Convenience Amount Field X9.100-111-2009 Specifications for Check Endorsements (Formerly X9.53-1996) DTSU X9.100-172-1-2007 Specifications for the Validation of ICSF, Part 1: Overview and Security Marks Price: $740.00 X9 MICR Document Printing Collection -- Save 30% Collection Includes: X9/TR-2-2005 Understanding, Designing and Producing Checks X9/TR -100-2008 Organization of Standards for Paper-based and image-based Check Payments -- Part 1: Organization of Standards; Part 2: Definitions used in Standards X9/TR-6-2006 Guide to Quality MICR Printing and Evaluation X9.100-10-2006 Paper Specifications for MICR Documents (Formerly X9.18) X9.100-20-2006 Print and Test Specifications for Magnetic Ink Printing (MICR) Part 1: Print Specifications, Part 2: Conformance Testing, Part 3: Secondary Reference Documents (Formerly X9.27) X9.100-130-2006 Specifications for Universal Interbank Batch/Bundle Ticket (Formerly X9.64) X9.100-160-1-2009 Placement and Location of Magnetic Ink Printing (MICR) (Formerly X9.13) X9.100-160-2-2009 Placement and Location of Magnetic Ink Printing (MICR) Part 2: EPC Field Use X9.100-120-2004 Specifications for Bank Deposit Tickets X9.100-161-2004 Creating MICR Document Specification Forms (Formerly X9.47) X9.100-170-2004 Specifications for the Padlock Icon (Formerly X9.51) DTSU X9.100-172-1-2007 Specifications for the Validation of ICSF, Part 1: Overview and Security Marks Price: $475.00
PUBLISHED March 2010 Copyrighted 2010

X9 Cryptographic Message Collection - Cryptographic Message Standards Collection-Save 30% Collection Includes: X9.73-2003 Cryptographic Message Syntax X9.96-2004 XML Cryptographic Message Syntax Price: $85.00

X9 Encryption Collection Collection Includes: X9/TR-39-2009 Retail Financial Services Compliance Guideline Part 1: Online PIN Security and Symmetric Key Management (formerly TG-3) X9.24 Part 1-2009 Part 2 (2006) Retail Financial Services Symmetric Key Management X9.65-2004 Triple Data Encryption Algorithm X9.80-2005 Prime Number Generation, Primary Testing and Primality Certificates Price: $530.00 Check Image Compliance Collection (Formerly Check 21) (Updated for 2009) -- Save 30%! A newly updated collection to allow persons dealing with payments to meet Check 21 requirements. Check Image Compliance Collection contains: X9/TR-33-2006 Check Image Quality Assurance Standards and Processes X9.100-111-2009 Physical Check Endorsements X9.7-2007 Bank Check Background and Numerical Convenience Amount Field X9.100-140-2008 Specifications for an Image Replacement Document (IRD) (formerly DSTU X9.90) X9.100-160-2009 Placement and Location of Magnetic Ink Printing (Parts 1 and 2) X9.100-18-2008 Specifications for Electronic Exchange of Check and Image Data - Domestic Price: $560.00 - If you purchase this package we recommend you also purchase the X9 MICR Collection to improve quality.

PUBLISHED March 2010

Copyrighted 2010

X9 DTSU X9.100-172-2007 SET Specifications for the Validation of ICSF, Parts 1-4 -- Save 10% The four part DTSU X9.100-172 series establishes eXtensible Markup Language (XML) data elements, structures, and schemas that describe how various implementations can communicate and interoperate; this in turn establishes interoperable validation of standard-compliant image-survivable check security features without requiring feature-specific software or processing system. This set includes: Part 1: Overview and Security Marks Part 2: Data Definitions Part 3: Message Definitions Part 4: Application and Registration Policies and Process Price: $360.00

PUBLISHED March 2010

Copyrighted 2010

10

Paper Check Standards

X9/TR-100 Organization of Standards for Paper-based and image-based Check Payments -- Part 1: Organization of Standards; Part 2: Definitions used in Standards - 57 Pages Part 1 recommends the numbering scheme for all standards associated with paper-based and imagebased payments. The numbering scheme is divided into two sections; core standards and application standards. Core standards cover such items as paper requirements, MICR requirements, optical requirements, and image requirements. Application standards cover such items as check documents, deposit tickets, internal documents, image replacement documents, other documents, MICR, security, and electronic. Part 2 lists the definitions of industry specific words and phrases required for the understanding of paper-based and image-based payment standards. Publication Date: 2008 Free of Charge Download: www.x9.org or www.ansi.org X9/TR-2 Understanding, Designing and Producing Checks 102 Pages Certain elements of check design are specified in X9 American National Standards or are mandated by the Uniform Commercial Code (UCC) and the Federal Reserve Boards Regulation CC. TR-2 presents guidelines for the design and production of a check and describes the proper location of the data elements on the check, along with the rationale for those requirements. Additionally, TR-2 provides a summary of requirements and other optional elements, with references, where appropriate, to standards and legal documents. The guidelines contained in this report are intended to promote greater uniformity in the design and production of checks, which will improve processing and handling throughout the check processing system. Publication Date: 2005 Price: $100.00 X9/TR-6 Guide to Quality MICR Printing and Evaluation 85 Pages This technical report covers all MICR printing and is intended to improve MICR quality via understanding and uniform interpretation of existing standards and specifications of MICR. The basic elements of MICR are defined in existing American National Standards, which are referenced where appropriate. This document serves as a single reference for the foremost set of elements that will produce quality MICR documents. Publication Date: 2006 Price: $100.00 X9/TG-8 Check Security Guideline 69 Pages The purpose of this guideline is to provide those who participate in the paper document processing system, namely financial institutions, check vendors and merchants, with the information they need to educate their employees and customers about fraud, and to identify and implement the fraud prevention programs appropriate for their business. It is with the idea of maintaining and even improving the efficiency of the check payment system that we ask all check acceptors to assess their risk of loss due to fraud and take prudent measures to reduce that risk without unduly inconveniencing or alienating honest customers, or compromising legitimate dealings with suppliers and creditors. Publication Date: 2001 Price: $100.00
PUBLISHED March 2010 Copyrighted 2010

11

X9.7 Bank Check Background and Numerical Convenience Amount Field 86 Pages Specifies the location and background design of essential check data fields and is intended for all business size and personal checks. Publication Date: 2007 Price: $140.00

X9.100-10 (Formerly X9.18) Paper Specifications for MICR Documents - 27 Pages This standard establishes paper specifications for the MICR documents that are used in the US Payments System. While checks and deposit tickets are the primary documents considered in these specifications, users of MICR/OCR E-13B font readers will be well served by applying these specifications to internal documents, when intended for use in reader/sorters. This standard gives specifications to those attributes most important and most common both to raw base stock and to finished printed products of MICR documents. When available, methodology for measurements of the various paper attributes shall conform to those of the Technical Association of Pulp and Paper Industry (TAPPI). The specifications state what are considered to be the appropriate requirements for paper documents intended for external processing from the viewpoint of the end user, namely the institution performing post encoding in proof-of-deposit applications and those that operate reader/sorter equipment for in clearing and transit clearing applications. Nonetheless, these same specifications are also considered appropriate requirements for paper before any print process is applied to base stock. Base stock, either from rolls or from sheets, must meet the specifications as well as fully processed, end user documents. Paper specifications from the standpoint of fraud prevention and security are not given within this standard. The various features that paper can have that hinder fraud and aid authentication of original document are addressed in ANS X9.100-170 Specifications for the Padlock Icon standard (formerly known as ANS X9.51) and in X9/TG-8 Check Security Guideline. Although reference may be made within this standard to various commonly used paper-based security features, setting specifications for paper-based security features are excluded from the scope of this standard. Publication Date: 2006 Price: $60.00 X9.100-111 (Formerly X9.53) Physical Check Endorsements 30 Pages This standard provides for the legibility and uniformity of the endorsement process as defined within the exchange standard file format standards. It does not apply to the targeting of correct areas for placement of endorsement overlay areas on a check image. This standard specifies the parameters for the design elements on the back of the check and the placement and data content of endorsements. This standard is not intended to modify existing MICR standards for checks. This standard is not intended to apply to electronic endorsements, as defined within check image exchange standards (file format standards). It does apply to targeting correct areas for placement of endorsement overlays in check images. Publication Date: 2009 Price: $60.00

PUBLISHED March 2010

Copyrighted 2010

12

X9.100-130 (Formerly X9.64) Specifications for Universal Interbank Batch/Bundle Ticket 14 Pages This standard specifies the required elements of the Universal Interbank Batch/Bundle Ticket. It is expected that bankers refer to this standard when designing this form. This standard is sufficiently flexible to meet differing document and institution needs without unnecessary constraints. Publication Date: 2006 Price: $60.00 X9.100-151 (Formerly X9.40) Check Correction Strip Specification 16 Pages This standard covers the design and the functional characteristics of the strip extension ("strip") as affixed to a check. These strips provide a new MICR clear band area used to modify or correct the MICR line of items for forward collection, returns, rejects, or other banking interchange systems. Publication Date: 2004 Price: $60.00 X9.100-160-1 (Formerly X9.13) Part 1, Placement and Location of Magnetic Ink Printing (MICR) 40 Pages Part 1 of this standard covers only design considerations that apply to placement and location of magnetic ink printing on checks, drafts, and other documents intended for automated processing among depository institutions. Other types of documents such as internal control forms are not covered. A complete understanding of MICR printing requires reference to other standards and technical guidelines listed in Clause 2. Publication Date: 2009 Price: $100.00 X9.100-160-2 (Formerly X9.13, Annex A only) Magnetic Ink Printing (MICR) Part 2: EPC Field Use 17 Pages Part 2: EPC Field Use Part 2 of the MICR standard establishes external processing code (EPC) assignments and management, and specifies the MICR characters approved for use in the U.S. Payments System. Publication Date: 2009 Price: $60.00 X9.100-161 (Formerly X9.47) Creating MICR Document Specification Forms 15 Pages The contents for MICR Document specification Forms are specified in this X9 American National Standard. It may be used to create specifications for the design and manufacture of checks and deposit tickets, as well as other financial institution MICR documents. The standard is sufficiently flexible to meet the needs of a variety of financial institutions. The standard is not the specification form itself. Publication Date: 2004 Price: $60.00 X9.100-120 (Formerly X9.33) Specifications for Bank Deposit Tickets 31 Pages This standard specifies certain deposit ticket parameters to provide for the processing of personal size and business size deposit tickets through conventional bank deposit and imaging processes. While this standard does not establish a specific design, orientation and layout for bank deposit tickets, it does provide specifications for a range within which key design elements shall be placed. Other bank specific information is excluded from this specification. This standard will improve the understanding of deposit tickets by providing background information that may be valuable in designing deposit tickets. It is hoped that the use of this standard will result in greater uniformity in several aspects of deposit ticket
PUBLISHED March 2010 Copyrighted 2010

13

design that will improve the processing and handling of deposit tickets throughout the entire check processing system. Publication Date: 2004 Price: $60.00 X9.100-170 (Formerly X9.51) Specifications for the Padlock Icon 26 pages This standard establishes the design and usage requirements of the padlock icon for visually communicating the presence of security features on a check. The standard specifies characteristics of security features that meet the requirements for use of the padlock icon. Information about specific security features can be found in ASC X9/TG-8. Publication Date: 2004 Price: $60.00 X9 DTSU X9.100-172-1 Specifications for the Validation of ICSF, Part 1: Overview and Security Marks - 59 pages The four part DTSU X9.100-172 series establishes eXtensible Markup Language (XML) data elements, structures, and schemas that describe how various implementations can communicate and interoperate; this in turn establishes interoperable validation of standard-compliant image-survivable check security features without requiring feature-specific software or processing system. Publication Date: 2007 Price: $60.00 X9 DTSU X9.100-172-2 Specifications for the Validation of ICSF, Part 2: Data Definitions - 131 pages The four part DTSU X9.100-172 series establishes eXtensible Markup Language (XML) data elements, structures, and schemas that describe how various implementations can communicate and interoperate; this in turn establishes interoperable validation of standard-compliant image-survivable check security features without requiring feature-specific software or processing system. Publication date: 2007 Price: $140.00

X9 DTSU X9.100-172-3 Specifications for the Validation of ICSF, Part 3: Message Definitions 145 pages The four part DTSU X9.100-172 series establishes eXtensible Markup Language (XML) data elements, structures, and schemas that describe how various implementations can communicate and interoperate; this in turn establishes interoperable validation of standard-compliant image-survivable check security features without requiring feature-specific software or processing system. Publication date: 2007 Price: $140.00 X9 DTSU X9.100-172-4 Specifications for the Validation of ICSF, Part 4: Application and Registration Policies and Process - 34 pages The four part DTSU X9.100-172 series establishes eXtensible Markup Language (XML) data elements, structures, and schemas that describe how various implementations can communicate and interoperate; this in turn establishes interoperable validation of standard-compliant image-survivable check security features without requiring feature-specific software or processing system. Publication date: 2007 Price: $60.00
PUBLISHED March 2010 Copyrighted 2010

14

X9 DTSU X9.100-172 SET Specifications for the Validation of ICSF, Parts 1-4 -- Save 10% The four part DTSU X9.100-172 series establishes eXtensible Markup Language (XML) data elements, structures, and schemas that describe how various implementations can communicate and interoperate; this in turn establishes interoperable validation of standard-compliant image-survivable check security features without requiring feature-specific software or processing system. This set includes: Part 1: Overview and Security Marks Part 2: Data Definitions Part 3: Message Definitions Part 4: Application and Registration Policies and Process Publication Date: 2007 Price: $360.00

X9.100-20 Print and Test Specifications for Magnetic Ink Printing (MICR) Part 1: Print Specifications, Part 2: Conformance Testing, Part 3: Secondary Reference Documents (Formerly X9.27) 107 Pages Part 1 of this standard specifies the shape, dimensions, magnetic signal level, and tolerances for the E13B characters which include ten numerals and four special symbols printed in magnetic ink and used for the purpose of character recognition. It describes the various known types of printing defects and other printing considerations, together with the tolerances permitted. Part 2 provides informative conformance testing requirements for the Part 1 specifications. Part 3 specifies the requirements for secondary reference documents and the test equipment for calibrating and maintaining their signal level. Publication Date: 2006 Price: $140.00 X9/TR-33 Check Image Quality Assurance Standards and Processes 75 Pages The purpose of this Technical Report is to provide a framework for assuring and assessing image quality to support the exchange of check images between financial institutions. It provides a detailed understanding of the problems and limitations associated with the image capture process, automated methods and systems that might be used to detect check quality problems (i.e., image defects and usability issues). It is anticipated that this report will establish common terminology around check image quality so as to facilitate communication among operations and technical managers at financial institutions. Publication Date: 2006 Price: $100.00 X9.100-40-1 and X9.100-40-2 Specifications for Check Image Tests Part 1: Definition of Elements and Structures for Check Image Tests and Part 2: Application and Registration Procedures - 62 pages Part 1 of ANS X9.100-40 defines the elements and structures for standard check image tests used by the financial industry to assess specific attributes of check images. The specification establishes a framework for defining check image tests, conveying the results from executing a check image test, and conveying any parameters used in executing check image tests. Part 2 of ANS X9.100-40 describes
PUBLISHED March 2010 Copyrighted 2010

15

the application and registration procedures used to register check image tests that conform to this ANS X9.100-40 Part 1 standard. Check image tests that are submitted to X9 for consideration in accordance with ANS X9.100-40 Part 2 shall be entered in the X9 Registry for Check Image Tests after the Application for a new check image test is approved. In this standard, the term "check" includes checks, substitute checks, and related check-sized financial items such as deposit tickets, cash tickets, and batch headers. Although the initial application for this standard is to support check image tests pertaining to image quality, the standard is applicable to any check image test that has a business purpose and is compatible with the structure defined herein. Publication Date: 2008 Price: $140.00 for Parts 1 & 2

PUBLISHED March 2010

Copyrighted 2010

16

Electronic Check Processing Standards

X9.100-140 (Formerly DSTU X9.90) Specifications for an Image Replacement Document (IRD) 78 Pages This standard establishes the construction, layout, data elements, data content, and printing specifications for Image Replacement Documents (IRD). An IRD is a substitute image copy of a check or a replacement for a previous IRD that includes a machine readable MICR line. An IRD that conforms to this standard and meets the requirements of a Substitute Check within Regulation CC is considered the practical and legal equivalent of the original paper check or of a previous IRD. This standard does not address operational, implementation, or settlement issues. These issues may include but are not limited to: the use of security features that are available after imaging, image compression, conversion methods, and IRD printing techniques. The informative annexes attached to this standard provide information that may prove useful to those planning on implementing the standard. Publication Date: 2008 Price: $100.00 X9.100-180 Specifications for Electronic Exchange of Check and Image Data (non-domestic) 235 Pages This standard, including the normative annexes, establishes the file sequences, record types and field formats to be used for the electronic exchange of check MICR line data, associated check processing data, check images and optional user information in the form of cash letters. This standard does not address operational, implementation or settlement issues. These issues may include, but are not limited to, a choice of: data and image compression, encryption, and transmission specifications and data representation. The informative annexes attached to this standard provide useful information for implementing the standard. Data security and privacy issues related to the use of this standard are outside the scope of the standard. Users of the standard are advised to refer to ANS X9.73 Cryptographic Message Syntax (CMS), DSTU X9.99-2004, Privacy Impact Assessment Standard and the Gramm Leach Bliley Act. Publication Date: 2009 Price: $100.00 X9.100-181 Specifications for TIFF Image Format for Image Exchange - 35 Pages The purpose of this standard is to define specific TIFF fields that can be used and the allowable values for those fields that will support interoperability for check image exchange processing between financial institutions. This standard will only address the use of G4 bi-level image (black/white) compressions within the TIFF 6.0 structure. Publication date: 2007 Price: $60.00 DSTU X9.100-183 (Formerly X9.83) Specifications for Electronic Check Adjustments 164 Pages This standard establishes the file sequences, record types, and field formats to be used for the electronic exchange of check adjustment messages. The standard format supports check related adjustment notices and requests for individual checks, bundles of checks, check cash letters and attachment of images. It supports the full range of adjustment types currently in use by financial institutions and will support web-based or mainframe system transmission. The standard may be used whether or not the particular check, bundle of checks, or cash letter was presented via paper or via an electronic check exchange file. The informative annexes attached to this standard provide information,
PUBLISHED March 2010 Copyrighted 2010

17

which may prove useful to those planning on implementing the standard. This standard does not address certain operational, implementation, or settlement issues. These issues may include, but are not limited to a choice of: data and image compression, encryption, and transmission specifications and data representation. Publication Date: 2009 Price: $60.00

X9.100-187-Specifications for Electronic Exchange of Check and Image Data - Domestic - 180 pages Since the enactment of Check 21, there has been unprecedented adoption of image exchange. This standard replaces the use of DSTU X9.37 and establishes the basis for U.S. check image exchange involving settlement between two financial institutions. ANS X9.100-180 has been adopted for Canadian internal country exchange. It is only used in the U.S. for specialized applications and is not used for U.S. financial exchange. This standard incorporates fixes and clarifications identified in various industry companion documents associated with DSTU X9.37. It also establishes requirements and limitations that are compatible with current industry practice. However, this standard maintains flexibility in order to accommodate the needs of different institutions and exchange networks. It does not have the extent of flexibility contained in ANS X9.100-180 and is not intended to cover all types of image exchange. Users of this standard should be aware that most financial exchanges utilize a "companion document" that defines the specific requirements and implementation rules for exchange within a particular network or institution agreement. The companion document should reference the specific edition of this standard that applies with the specific version of the companion document in use. This standard, including the normative annexes, establishes the file sequences, record types, and field formats to be used for the electronic exchange of check MICR line, associated check processing data and check images in the form of cash letters. This standard does not address operational, implementation, or settlement issues. These issues may include, but are not limited to, a choice of: data and image compression, encryption, and transmission specifications and data representation. The informative annexes attached to this standard provide information that may prove useful to those planning to implement the standard. Publication Date: 2008 Price: $100.00

PUBLISHED March 2010

Copyrighted 2010

18

Electronic Retail, Security and Electronic Benefits Transfer (EBT) Standards

X9.58 Financial Transaction Messages Electronic Benefits Transfer (EBT) Food Stamps 69 Pages (Includes Technical Corrigendum, 2008) This standard provides all parties involved in Electronic Benefits Transfer (EBT) transactions for Food Stamps with technical specifications for exchanging financial transaction messages between an acquirer and an EBT card issuer processor. It specifies message structure, format and content, data elements and values for data elements used in the Food Stamp program. The method by which settlement takes place is not within the scope of this standard. Publication Date: 2007 Price: $60.00 X9.59 Electronic Commerce for the Financial Services Industry: Account Based Secure Payments Objects 50 Pages This standard addresses the following: A) Payment Model Description This standard describes a model of account based electronic payments. It identifies the roles played by different components of the payment process and the flow of information between those roles. The roles are the consumer, who wishes to make a payment, a merchant which provides value, and their respective Financial Institutions, the consumer financial institution and the merchant financial institution. B) Secure Object Specifications This standard specifies a collection of electronic payment objects and references digital signature techniques to secure their content. The objects are all defined in terms of how they need to be constructed, signed and verified in computing machinery that is acting on behalf of a consumer and a merchant. A concrete syntax is specified in order that the signature can be constructed or verified at any location that has access to the consumer's public key and associated data. A business recommendation is made that the payment routing code (or PAN) used in conjunction with secure payment objects defined by this standard is not accepted as valid in non-authenticated transactions. Several usage scenarios are given to show examples of real applications where the standard objects may be applicable. Confidentiality for the payment information may be desired and is neither required, nor precluded, by this standard. Prudent implementers may choose to conduct a risk assessment to determine the need for confidentiality. Also policy issues, including terms and conditions of the agreements between the parties, are not covered in this standard. . While some of the information described in the standard must survive interchange between cooperating financial institutions, the syntax of how it appears in any particular payment protocol is not specified. Publication Date: 2006 Price: $100.00

PUBLISHED March 2010

Copyrighted 2010

19

X9.93-1 Financial Transaction Messages Electronic Benefits Transfer (EBT) Part 1: Messages 101 pages This standard provides all parties involved in Electronic Benefits Transfer (EBT) transactions with technical specifications for exchanging financial transaction messages. The document standardizes message formats based on the ISO 8583 standard and thereby maximizes EBT productivity for all stakeholders in the industry. This standard describes messages in both an offline and online processing environment. It specifies message structure, format and content, data elements and values for data elements used in EBT. The method by which EBT settlement takes place is not within the scope of this standard. Data representation used in individual systems is subject to the commercial relationships between the parties contracting to each system. The message formats specified in this standard are designed to ensure that compatibility between systems conforming to this standard is always feasible. Publication Date: 2008 Price: $60.00

X9.93-2 Financial Transaction Messages Electronic Benefits Transfer (EBT) Part 2: Files 75 pages This standard provides all parties involved in Electronic Benefits Transfer (EBT) transactions with technical specifications for exchanging financial transaction files for the Women, Infants, and Children (WIC) program and the framework for adding other EBT files and detail records in the future. The document standardizes file formats and thereby maximizes EBT productivity for all stakeholders in the industry. This standard describes files and records between the acquirer and card issuer or their agents. It specifies file structure, format and content, data elements and values for data elements used in EBT. The method by which the settlement of funds takes place is not within the scope of this standard. Data representation used in individual systems is subject to the commercial relationships between the parties contracting to each system. The file formats specified in this standard are designed to ensure that compatibility between systems conforming to this standard is always feasible. Publication Date: 2008 Price: $60.00

X9.104-1 Financial transaction card originated messages, card acceptor to acquiring host messages Part 1: Messages, data elements and code values 85 Pages This part of X9.104 defines a common interface for the exchange of information between point of sale systems or terminal devices located in a retail establishment and the acquiring host transaction processing system(s). This part of X9.104 is applicable to all aspects of payment processing required by these retail facilities, including the reporting of specific products that are part of a purchase. The standard defines a sufficient number of message types and data elements to facilitate the exchange of all necessary information related to: (1) payment transactions originated by point of sale systems or terminal devices, and (2) automated control of the systems and devices. Publication Date: 2004 Price: $100.00

PUBLISHED March 2010

Copyrighted 2010

20

X9.104-2 Financial transaction card originated messages, card acceptor to acquiring host messages Part 2: Convenience store and petroleum marketing industry - 98 Pages Part 2 of this two part American National Standard X9.104 provides example of messages used in the convenience store and petroleum marketing industry based on the message formats defined in X9.104 part 1. This part of X9.104 also defines data elements and code values for use in this environment. Publication Date: 2004 Price: $100.00 X9.105-1 (Identical to ISO 8583-1:2003) Financial Transaction Card Originated Messages Interchange message specifications - Part 1: Messages, data elements and code values - 211 Pages This part specifies a common interface by which financial transaction card-originated messages can be interchanged between acquirers and card issuers. It specifies message structure, format and content, data elements and values for data elements. The method by which settlement takes place is not within the scope of this part. Publication Date: 2009 Price: $175.00 X9.105-3 (Identical to ISO 8583-1:2003) Financial Transaction Card Originated Messages Interchange Message Specifications Part 3: Maintenance Procedures for Messages, Data Elements and Code Values 18 Pages Part 3 establishes the role of the maintenance agency (MA) and specifies the procedures for adding messages and data elements to ISO 8583-1 and to codes listed in Annex A of X9.105-1 (Identical to ISO 8583-1). The responsibilities of the MA relate to all message type identifiers and classes, data elements and sub-elements, dataset identifiers and codes within X9.105-1 (Identical to ISO 8583-1), with the exception of Institution Identification Codes. Publication Date: 2009 Price: $60.00 X9.106 (Identical to ISO 18245) Retail Financial Services Merchant Category Codes This American National Standard is an identical adoption of ISO standard 18245 which defines code values used to enable the classification of merchants into specific categories based on the type of business, trade or services supplied. Values are specified only for those merchant categories that are generally expected to originate retail financial transactions. This standard also establishes the procedures for a Registration and Maintenance Management Group (RMMG), which considers requests for new code values, and a Maintenance Agency (MA), which provides the administrative procedures required to maintain an up-to-date list of codes. It is not within the scope of this International Standard to mandate the use of merchant category codes in any given situation. Publication Date: 2003 Price: $80.00 X9.107 (Identical to ISO 4909) Bank Cards Magnetic Stripe Data Content for Track 3 28 Pages This Standard establishes specifications for cards issued by or acceptable to the banking industry and is intended to permit interchange based on the use of magnetic stripe encoded information. It specifies the data content and physical location of read/write information on track 3 and is to be used in conjunction with the relevant parts of those documents quoted in clause 2. Publication Date: 2003 Price: $60.00
PUBLISHED March 2010 Copyrighted 2010

21

DSTU X9.108 Interoperability Standard for Smart Cards used in Electronic Benefits Transfer in the WIC Program-66 Pages This standard defines a common set of Application Programming Interface (API) functions to access the WIC benefits on a smart card in the retailer environment; a common method (card discovery mechanism) to identify the issuer of the WIC EBT benefits and the WIC EBT scheme present on the smart card and, an interface to the card reader device that transmits and receives data from the WIC EBT smart card. The reference implementation provided by the WIC authority shall utilize this standard. This standard does not specify the reader driver used by the retailer application but it defines interfaces that may be implemented for the WIC module to access function of the Reader Driver Module (RDM). The use of pseudo Interface Definition Language (IDL) in this standard allows simpler definition of the API functions and their interface in a language independent manner. This standard does not define how WIC-EBT benefits are arranged on the card, the movement of security data or key management. Publication Date: 2005 Price: $60.00 TR-38-3 Financial Services - UNIversal Financial Industry Message Scheme Part 3: ISO 20022 Modelling Guidelines Identical to TR/ISO 20022-3 TS-49 Pages ISO 20022-3 was prepared to complement ISO 20022-1 with detailed modelling guidelines to be used to construct ISO 20022 compliant business transactions and message sets. Publication Date: 2009 Price: $100.00 TR-38-4 - Financial Services - UNIversal Financial Industry Message Scheme Part 4: ISO 20022 XML Design Rules Identical to TR/ISO 20022-4 TS-40 Pages ISO 20022-3 was prepared to complement ISO 20022-1 with the XML syntax design rules to be applied by the ISO 20022 Registration Authority to translate and ISO 20022 compliant definition into an ISO 20022 XML message schema for he production of ISO 20022 XML message instances. Publication Date: 2009 Price $100.00

PUBLISHED March 2010

Copyrighted 2010

22

Credit Standards
X9.103 Motor Vehicle Retail Sale and Lease Electronic Contracting - 43 Pages The scope of this standard begins at the time of signing the Contract, inclusive of signature capture, and includes the creation, storage and assignment of Electronic Chattel Paper where the assignment will involve establishing control of the Electronic Chattel Paper. This standard addresses both electronically originated Chattel Paper and Tangible Chattel Paper that is subsequently converted to an electronic format. This standard does not address other documents involved in the process (e.g. titles, odometer statements, etc.), the data elements a Contract should contain, or the formatting of the Contract. In addition, this standard does not address the process or legal requirements of presenting Contracts to Customers, the requirements to determine enforceability of Electronic Signatures, or the privacy requirements arising out of the relationships among the parties. Publication Date: 2004 Price: $60.00 X9/TR-4 (companion to X9.103) Financial Services Technical Report SPeR 404 Pages This X9 Technical Report is an effort to establish a common understanding for consumers and businesses for any interstate and foreign commerce transaction in the use of signatures, contracts or other records in electronic form. SPeRS was prepared by the SPeRS Drafting Committee of the Electronic Financial Services Council in 2003. The resulting document, with contributions from over 30 companies, representing a broad range of industries, including mortgage, insurance, securities, and technology, and most of the major financial service trade associations, provides guidance for engaging in business to business and business to consumer transactions electronically. X9 TR 4-2004 focuses on five areas: Authentication; Obtaining Consent to do Business; Establishing Agreements Online, and Meeting Notice and Disclosures Requirements; Electronic Signatures; and Record Retention. Publication Date: 2004 (reaffirmed 2009) Price: $295.00

X9.110 TOLEC Transfer of Location of Electronic Contracts - 48 pages This specification describes a method of transfer for electronic contracts, or electronic records between two disparate Electronic Vaults across a private or public network. The methods and approach described herein prescribe the requirements necessary to maintain compliance with legislation for Electronic Chattel Paper defined in revised UCC Article 9, Section 105. Publication Date: 2008 Price: $60.00

PUBLISHED March 2010

Copyrighted 2010

23

Securities Processing Standards

X9/TG-10 Signature Guarantee Guideline 45 Pages TG-10 is meant to educate guarantors to the importance of safekeeping and controlling medallions (hand stamps and/or machine plates) issued to them by their program administrator. Securities Exchange Commission Rule 17Ad-15 dramatically reshaped the method by which financial institutions guarantee signatures and thereby transfer securities. Any financial institution can now guarantee signatures as long as certain protection for transfer agents is provided. Three signature guarantee programs were established following enactment of Rule 17Ad-15 in January, 1992. Publication Date: 1995 Price: $100.00 X9.5 Financial Institution Numbering System (FINS) 11 Pages This American National Standard outlines the industry-wide numerical identification system for banks, broker/dealers, insurance companies, mutual funds and other institutions (FINS) engaged in securities transactions. This standard specifies both the configuration of the number and the meaning attached to each portion. The FINS number will serve as the common denominator in communications among users of completion of transactions and exchange of information. Publication Date: 2001 Price: $100.00

X9.6 Securities Identification System - 32 Pages This standard provides specifications for uniquely identifying an eligible securities issue. It will serve as the common denominator in communications among users for completion of transactions and exchange of information. It specifies both the configuration of the number and the meaning attached to each portion. Publication Date: 2008 Price: $100.00 X9.12 Specifications for Fully Registered Municipal Securities 15 Pages Defines the physical characteristics and format of a municipal security including certificate size, content, and layout. The specific language regarding provisions of the instrument is defined by the issuing authority and is not prescribed in the body of this standard. At a minimum, this standard is intended for use in the issuance of all fully registered municipal securities. Publication Date: 1998 Price: $100.00 X9.14 Specifications for Securities Transaction Interchange Forms 18 Pages This standard provides specifications for certain forms used by banks, brokers, dealers and other members of the securities industry in the processing of securities transactions. The standard supplies minimum requirements for the physical characteristics of preprinted forms and specifies the design of these forms. Included are three diagrams of forms used for securities processing. The use of standardized forms will foster greater efficiency and provide for a more streamlined processing function. Publication Date: 2001 Price: $100.00
PUBLISHED March 2010 Copyrighted 2010

24

X9.101 International Securities Identification Numbering System (ISIN) (Identical to ISO 6166) 18 Pages This American National Standard an identical adoption of the ISO 6166 Title standard provides a uniform structure for inter-national securities identification numbers (ISINs). It is intended for use in any application in the trading and administration of securities and other financial instruments. Publication Date: 2003 Price: $60.00

PUBLISHED March 2010

Copyrighted 2010

25

Data and Information Security Standards

X9/TR-39 Retail Financial Services Compliance Guideline - Part 1: PIN Security and Key Management - 56 Pages This guideline applies to all organizations using the Triple Data Encryption Algorithm - TDEA (Reference 7) for the encryption of PINs used for retail financial services such as POS and ATM transactions, messages among retailers and financial institutions, and interchange messages among acquirers, switches and card issuers. The guideline should be completed by all organizations acquiring or processing transactions containing PINs, from the terminal driving system to the authorizing entity. The guideline Control Objectives address security controls from the PIN entry device to the interface delivering the transaction to the authorizing entity. When this guideline is completed by a device manufacturer, the Control Objectives are intended to evaluate the manufacturing environment and the device's ability to be implemented in a manner compliant with X9.8 and X9.24 (all parts). Publication Date: 2009 Free of Charge: www.x9.org or www.ansi.org X9/TR-39 FAQ 2 Pages Publication: 2009

Free of Charge: www.x9.org or www.ansi.org

X9/TG-9 Abstract Syntax Notation and Encoding Rules for Financial Industry Standards 32 Pages This tutorial guideline helps the user to understand Abstract Syntax Notation One (ASN.1), the international standard language for defining and encoding data elements in the open systems environment. ASN.1 provides for a more precise specification of message fields and other data, improving interoperability and reducing costs. TG-9 familiarizes the reader with the ASN.1 concepts in ISO/IEC 8824, Specification of ASN.1 and ISO/IEC 8825, Specification for Basic Encoding Rules for ASN.1, without requiring the reader to read the international documents. Publication Date: 1995 Price: $60.00

X9/TR-31 Interoperable Secure Key Exchange Key Block Specification for Symmetric Algorithms Includes Supplement (2009) 50 Pages This document describes a method consistent with the requirements of ANS X9.24 Retail Financial Services Symmetric Key Management Part 1 for the secure exchange of keys and other sensitive data between two devices that share a symmetric key exchange key. This method may also be used for the storage of keys under a symmetric key. This method is designed to operate within the existing capabilities of devices used in the retail financial services industry. This document is not a security standard and is not intended to establish security requirements. It is intended instead to provide an interoperable method of implementing security requirements and policies. About the 2009 supplement: This supplement contains clarifications to the proper usage of keys utilized to protect the key block defined in TR-31. TR-31 should be read with these clarifications taken into account. Publication Date: 2005 (2009 Supplement) Price: $60.00

PUBLISHED March 2010

Copyrighted 2010

26

X9.8-1 Personal Identification Number (PIN) Management and Security Part 1: PIN Protection Principles and Techniques for Online PIN Verification in ATM & POS Systems - 59 Pages Part 1 of this two part standard specifies the basic principles and techniques which provide the minimum security measures required for effective international PIN management. These measures are applicable to those institutions responsible for implementing techniques for the management and protection of PINS. PIN protection techniques applicable to financial transaction card originated transactions in an online environment and a standard means of interchanging PIN data. These techniques are applicable to those institutions responsible for implementing techniques for the management and protection of the PIN at Automated Teller Machines (ATM) and acquirer-sponsored Point-of -Sale (POS) terminals. Publication Date: 2003 Price: $100.00 X9.24-1 Retail Financial Services Symmetric Key Management Part 1: Using Symmetric Techniques 71 Pages This part of this standard covers both the manual and automated management of keying material used for financial services such as point-of-sale (POS) transactions (debit and credit), automated teller machine (ATM) transactions, messages among terminals and financial institutions, and interchange messages among acquirers, switches and card issuers. This part of this standard deals exclusively with management of symmetric keys using symmetric techniques. This part of this standard specifies the minimum requirements for the management of keying material. Addressed are all components of the key management life cycle including generation, distribution, utilization, storage, archiving, replacement and destruction of the keying material. An institution's key management process, whether implemented in a computer or a terminal, is not to be implemented or controlled in a manner that has less security, protection, or control than described herein. It is intended that two nodes, if they implement compatible versions of - the same secure key management method,
-

the same secure key identification technique approved for a particular method, and

- the same key separation methodologies in accordance with this part of this standard will be interoperable at the application level. Other characteristics may be necessary for node interoperability; however, this part of this standard does not cover such characteristics as message format, communications protocol, transmission speed, or device interface. Publication Date: 2009 Price: $140.00

PUBLISHED March 2010

Copyrighted 2010

27

X9.24-2 Retail Financial Services Symmetric Key Management Part 2: Using Asymmetric Techniques for the Distribution of Symmetric Keys 36 Pages This part of ANS X9.24 covers the management of keying material used for financial services such as point of sale (POS) transactions, automatic teller machine (ATM) transactions, messages among terminals and financial institutions, and interchange messages among acquirers, switches and card issuers. The scope of this part of X9.24 may apply to Internet-based transactions, but only when such applications include the use of a TRSM (as defined in section 7.2 of ANS X9.24 Part 1) to protect the private and symmetric keys. This part of ANS X9.24 deals with management of symmetric keys using asymmetric techniques and storage of asymmetric private keys using symmetric keys. Additional parts may be created in the future to address other methods of key management. This part of ANS X9.24 specifies the minimum requirements for the management of asymmetric keying material and TDEA keys used for ensuring the confidentiality and integrity of the private keys of asymmetric key pairs when stored as cryptograms on a database. Addressed are all components of the key management life cycle including generation, distribution, utilization, storage, archiving, replacement and destruction. Requirements for actions to be taken in the event of key compromise are also addressed. This part of ANS X9.24 presents overviews of the keys involved in the key transport and key agreement protocols, referencing other ANSI standards where applicable. Publication Date: 2006 Price: $140.00 X9.32 Data Compression in Financial Telecommunications 42 Pages This Standard establishes a method for the compression, decompression, and related control functions associated with the electronic transmission of financial data. Also provided by this Standard are techniques to allow for the optimization of the compression function and to prevent the expansion of data. This Standard is applicable without regard to the actual format or content of the data, and can be used on many diverse types of financial data. The algorithm in this Standard may be effective in compressing data such as image or digitized audio, but other methods are typically used in these applications. Publication Date: 2006 Price: $60.00 X9.42 Public Key Cryptography for the Financial Services Industry: Agreement of Symmetric Keys Using Discrete Logarithm Cryptography 136 Pages This standard specifies schemes for the agreement of symmetric keys using Diffie-Hellman and MQV algorithms. It covers methods of domain parameter generation, domain parameter validation, key pair generation, public key validation, shared secret value calculation, key derivation, and test message authentication code computation for discrete logarithm problem based key agreement schemes. These methods may be used by different parties to establish a piece of common shared secret information such as cryptographic keys. The shared secret information may be used with symmetrically-keyed algorithms to provide confidentiality, authentication, and data integrity services for financial information, or used as a key-encrypting key with other ASC X9 key management protocols. Publication Date: 2003 Price: $100.00 X9.44 Key Establishment Using Integer Factorization Cryptography 208 Pages This Standard specifies key establishment schemes using public-key cryptography based on the integer factorization problem. Both key agreement and key transport schemes are specified. The schemes may be used by two parties to transport or agree on shared keying material. The keying
PUBLISHED March 2010 Copyrighted 2010

28

material may be used to provide other cryptographic services that are outside the scope of this Standard, e.g. data confidentiality, data integrity, and symmetric-key-based key establishment. The key pair generators may be used in other Standards based on the integer factorization problem. Publication Date: 2007 Price: $60.00 X9.62 Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA) 163 Pages This Standard defines methods for digital signature (signature) generation and verification for the protection of messages and data using the Elliptic Curve Digital Signature Algorithm (ECDSA). The ECDSA shall be used in conjunction with an Approved hash function, as specified in X9 Registry Item 00003, Secure Hash Standard (SHS). The hash functions Approved at the time of publication of this document are SHA-1 (see NOTE), SHA-224, SHA-256, SHA-384 and SHA-512. This ECDSA Standard provides methods and criteria for the generation of public and private keys that are required by the ECDSA and the procedural controls required for the secure use of the algorithm with these keys. This ECDSA Standard also provides methods and criteria for the generation of elliptic curve domain parameters that are required by the ECDSA and the procedural controls required for the secure use of the algorithm with these domain parameters. Publication Date: 2005 Price: $100.00

X9.63 Public Key Cryptography for the Financial Services Industry: Key Agreement and Key Transport Using Elliptic Curve Cryptography 415 Pages This American National Standard defines a suite of schemes designed to facilitate the secure establishment of cryptographic data for the keying of symmetrically keyed algorithms (e.g., TDEA). These mechanisms are based on the elliptic curve analogue of the Diffie-Hellman key agreement mechanism (ANSI X9.42). Because the mechanisms are based on the same fundamental mathematics as the Elliptic Curve Digital Signature Algorithm (ECDSA) (ANSI X9.62), additional efficiencies and functionality maybe obtained by combining these and other cryptographic techniques. This standard specializes ISO/IEC 15946-3 Cryptographic Techniques Based on Elliptic Curves Part 3: Key Establishment for use within the financial services industry. It defines key establishment schemes that employ asymmetric cryptographic techniques. The arithmetic operations involved in the operation of the schemes take place in the algebraic structure of an elliptic curve over a finite field. Both key agreement and key transport schemes are specified. The schemes may be used by two parties to compute shared keying data that may then be used by symmetric schemes to provide cryptographic services, e.g., data confidentiality and data integrity. Supporting mathematical definitions and examples are also provided. Publication Date: 2001 Price: $175.00 X9.65 Triple Data Encryption Algorithm (TDEA) Implementation 51 Pages This standard specifies methodologies for the implementation of ANS X9.52, Triple Data Encryption Algorithm (TDEA) Modes of Operations for the enhanced cryptographic protection of digital information. The modes of operation defined in ANS X9.52 are specified for both enciphering and deciphering operations. These modes provide a means of extending the effective key space of the ANS X3.92 Data Encryption Algorithm (DEA). ANS X9.52 provides multiple modes of operation. This standard will assist system integrators to select and implement the appropriate mode for their organizations. Publication Date: 2004 Price: $60.00
PUBLISHED March 2010 Copyrighted 2010

29

X9.69 Framework for Key Management Extensions 31 Pages This Standard defines methods for the generation and control of keys used in symmetric cryptographic algorithms. The Standard defines a constructive method for the creation of symmetric keys, by combining two or more secret key components. The Standard also defines a method for attaching a key usage vector to each generated key that prevents abuses and attacks against the key. The two defined methods can be used separately or in combination. Publication Date: 2007 Price: $60.00 X9.73 Cryptographic Message Syntax 61 Pages The Standard specifies a cryptographic message syntax that can be used to protect financial transactions and other documents from unauthorized disclosure and modification. Publication Date: 2002 Price: $60.00 X9.79-1 Financial Services Public Key Infrastructure (PKI) Policy and Practices Framework - 111 pages Defines the components of a PKI and sets a framework of practices and policy requirements for a PKI. The standard draws a distinction between PKI systems used in open, closed and network environments. It further defines the operational practices relative to industry accepted information systems control objectives. PKI practices implementing this standard can support multiple policies that incorporate the use of digital signature technology. This standard allows for the implementation of operational, baseline PKI practices that satisfy industry accepted information systems control objectives. Publication Date: 2001 Price: $60.00 X9.80 Prime Number Generation Primality Testing, and Primality Certificates 45 Pages In the current state of the art in public key cryptography, all methods require, in one way or another, the use of prime numbers as parameters to the various algorithms. This document presents a set of accepted techniques for generating primes. It is intended that ASC X9 standards that require the use of primes will refer to this document, rather than trying to define these techniques on a case-by-case basis. Standards, as they exist today, may differ in the methods they use for parameter generation from those specified in this document. It is anticipated that as each existing ASC X9 standard comes up for its 5-year review, it will be modified to reference this document instead of specifying its own techniques for generating primes. This standard defines methods for generating large prime numbers as needed by public key cryptographic algorithms. It also provides testing methods for testing candidate primes presented by a third party. This standard allows primes to be generated either deterministically or probabilistically, where: - A number shall be accepted as prime when a probabilistic algorithm that declares it to be prime is in error with probability less than 2-100. - A deterministic prime shall be generated using a method that guarantees that it is prime. In addition to algorithms for generating primes, this standard also presents primality certificates for some of the algorithms where it is feasible to do so. The syntax for such certificates is beyond the scope of this document. Primality certificates are never required by this standard. Primality certificates are not needed when a prime is generated and kept in a secure environment that is managed by the party that generated the prime. Publication Date: 2005 Price: $100.00

PUBLISHED March 2010

Copyrighted 2010

30

X9.82-1 Random Number Generation, Part 1: Overview and Basic Principles 55 pages This Standard defines techniques for the generation of random numbers that shall be used whenever ASC X9 Standards require the use of a random number or bit string for cryptographic purposes. Publication Date: 2006 Price: $60.00 X9.82-3 Random Number Generation, Part 3: Deterministic Random Bit Generators - 113 pages This part of ANS X9.82 (Part 3) defines mechanisms for the generation of random bits using deterministic methods. Publication Date: 2007 Price: $60.00 X9.84 Biometric Information Management and Security for the Financial Services Industry 148 pages This American National Standard specifies the minimum security requirements for effective management of biometric data. Within the scope of this standard the following topics are addressed: Security for the collection, distribution, and processing, of biometric data, encompassing data integrity, authenticity, and non- repudiation; Management of biometric data across its life cycle comprised of the enrollment, transmission and storage, verification, identification, and termination processes; Usage of biometric technology, including one-to-one and one-to-many matching, for the identification and authentication of banking customers and employees; Application of biometric technology for internal and external, as well as logical and physical access control; Encapsulation of biometric data; Techniques for the secure transmission and storage of biometric data; Security of the physical hardware used throughout the biometric data life cycle; Techniques for integrity and privacy protection of biometric data. Publication Date: 2003 Price: $100.00 X9.92-1 Public Key Cryptography for the Financial Services Industry Digital Signature Algorithms Giving Partial Message Recovery Part 1: Elliptic Curve Pintsov-Vanstone Signatures (ECPVS) Pages 33 This Standard defines methods for digital signature generation and verification for the protection of messages and data giving partial message recovery. This document is Part 1 of this Standard, and it defines the Elliptic Curve Pintsov-Vanstone Signature (ECPVS) digital signature algorithm. Part 2 of this Standard defines the Finite Field Pintsov-Vanstone Signature (FFPVS) digital signature algorithm. ECPVS is a signature scheme with low message expansion (overhead) and variable length recoverable and visible message parts. ECPVS is ideally suited for short messages, yet is flexible enough to handle messages of any length. The ECPVS shall be used in conjunction with an Approved hash function and an Approved symmetric encryption scheme. In addition, this ECPVS Standard provides the criteria for checking the message redundancy. Supporting examples are also provided. Publication Date: 2009 Price: $60.00 X9.95 Trusted Time Stamp Management and Security 143 Pages This standard specifies the minimum security requirements for the effective use of time stamps in a financial services environment. Within the scope of this Standard the following topics are addressed: Requirements for the secure management of the time stamp token across its life cycle, comprised of the generation, transmission and storage, validation, and renewal processes. The requirements in this Standard identify the means to securely and verifiably distribute time from a national time source down
PUBLISHED March 2010 Copyrighted 2010

31

to the application level; Requirements for the secure management of a Time Stamp Authority (TSA); Requirements of a TSA to ensure that an independent third party can audit and validate the controls over the use of a time stamp process; Techniques for the coding, encapsulation, transmission, storage, integrity and privacy protection of time stamp data; Usage of time stamp technology. Published Date: 2005 Price: $100.00 X9.96 XML Cryptographic Message Syntax (XCMS) 63 Pages This Standard specifies a text based Cryptographic Message Syntax (CMS) represented using XML 1.0 encoding that can be used to protect financial transactions and other documents from unauthorized disclosure and modification. The message syntax has the following characteristics: 1) Protected messages are represented using the Canonical XML Encoding Rules (cXER), and can be transferred as verbose markup text or in a compact, efficient binary representation using the Basic Encoding Rules (BER) or the canonical subset of BER, the Distinguished Encoding Rules (DER) 2) Messages are protected independently. There is no cryptographic sequencing (e.g., cipher block chaining) between messages. There need not be any real-time connection between the sender and recipient of the message. This makes the syntax suitable for use over store-and-forward systems, e.g. Automated Clearing House (ACH) or Society for Worldwide International Funds Transfer (SWIFT). Standard attributes are defined to allow applications to maintain relationships between messages, if desired. 3) The syntax is algorithm independent. It supports confidentiality, integrity, origin authentication, and nonrepudiation services. Only ANSI X9-approved algorithm(s) may be used for message digest, message encryption, digital signature, message authentication, and key management. 4) Support for biometric security, enhanced certificate techniques such as compact domain certificates and key management extensions such as Constructive Key Management (CKM) are provided. 5) Selective field protection can be provided in two ways. First by combining multiple instances of this syntax into a composite message. And second by using identifier and type markup tag names to select message components to be protected in a single message, which allows reusable message components to be moved between documents without affecting the validity of the signature. 6) Precise message encoding and cryptographic processing requirements are provided. Publication Date: 2004 Price: $60.00 X9.97-1 Financial services - Secure Cryptographic Devices (Retail) - Part 1: Concepts, Requirements and Evaluation Methods - 51 pages This part of ANS X9.97 specifies the requirements for Secure Cryptographic Devices which incorporate the cryptographic processes defined in ISO 9564, ISO 16609 and ISO 11568. This part of ANS X9.97 has two primary purposes: 1) to state the requirements concerning both the operational characteristics of SCDs and the management of such devices throughout all stages of their life cycle, 2) to standardize the methodology for verifying compliance with those requirements. Appropriate device characteristics are necessary to ensure that the device has the proper operational capabilities and provides adequate protection for the data it contains. Appropriate device management is necessary to ensure that the device is legitimate, that it has not been modified in an unauthorized manner, e.g., by "bugging", and that any sensitive data placed within the device (e.g., cryptographic keys) has not been subject to disclosure or change. Publication Date: 2009 Price: $140.00
PUBLISHED March 2010 Copyrighted 2010

32

X9.97-2 Identical to ISO 13491-2: 2005 Banking - Secure cryptographic devices (retail) - Part 2: Security compliance checklists for devices used in financial transactions - 38 pages This part of the standard specifies checklists to be used to evaluate secure cryptographic devices (SCDs) incorporating cryptographic processes, as specified in parts 1 and 2 of ISO 9564, ISO 16609 and parts 1 to 6 of ISO 11568, in the financial services environment. IC payment cards are subject to the requirements identified in this part of ISO 13491 up until the time of issue, after which they are to be regarded as a "personal" device and outside of the scope of this document. Publication Date: 2009 Price: $140.00 X9.102 Symmetric Key Cryptography for the Financial Services Industry - Wrapping of Keys and Associated Data - 41 pages This standard specifies four key wrap mechanisms based on ASC X9 approved symmetric key block ciphers whose block size is either 64 bits or 128 bits. The key wrap mechanisms can provide assurance of the confidentiality and the integrity of data, especially cryptographic keys or other specialized data. Publication Date: 2008 Price: $60.00 X9.112-1 Wireless Management and Security Part 1: General Requirements - 71 pages In today's world, both private and public sectors depend upon information technology systems to perform essential and mission-critical functions. In the current environment of increasingly open and interconnected systems and networks, network and data security are essential for the effective use of information technology. Privacy and regulatory requirements highlight this need. For example, systems that perform electronic commerce must protect against unauthorized access to confidential records and unauthorized modification of data. Wireless technologies are rapidly emerging as significant components of these networks. As such, data classification and risk assessments should be performed to determine the sensitivity of, and risk to, data transmitted over wireless networks. Various methods and controls should be considered for data that is sensitive, has a high value, or represents a high value if it is vulnerable to unauthorized disclosure or undetected modification during transmission over wireless networks. These methods and controls support communications security, for example by encrypting the communication prior to transmission and decrypting it at receipt. Note that data classification and risk assessments, regardless of whether data transmission is over wired or wireless environments, should be part of an organization's general security policy and best practices. Refer to Annex A Wireless Validation Control Objectives for further details. Part 1 of this Standard provides an overview of wireless radio frequency (RF) technologies and general requirements applicable to all wireless implementations for the financial services industry. Subsequent parts of this Standard will address specific applications to wireless technology and associated risks, as well as technologies, methods and controls that mitigate those risks. Publication Date: 2009 Price: $100.00

PUBLISHED March 2010

Copyrighted 2010

33

Management Standards
X9.99 (Identical to ISO 22307-2008) Privacy Impact Assessment Standard 36 Pages This International Standard recognizes that a privacy impact assessment (PIA) is an important financial services and banking management tool to be used within an organization, or by "contracted" third parties, to identify and mitigate privacy issues and risks associated with processing consumer data using automated, networked information systems. This International Standard describes the privacy impact assessment activity in general, defines the common and required components of a privacy impact assessment, regardless of business systems affecting financial institutions, and provides informative guidance to educate the reader on privacy impact assessments. A privacy compliance audit differs from a privacy impact assessment in that the compliance audit determines an institution's current level of compliance with the law and identifies steps to avoid future non-compliance with the law. While there are similarities between privacy impact assessments and privacy compliance audits in that they use some of the same skills and that they are tools used to avoid breaches of privacy, the primary concern of a compliance audit is simply to meet the requirements of the law, whereas a privacy impact assessment is intended to investigate further in order to identify ways to safeguard privacy optimally. Publication Date: 2009 Price: $60.00

PUBLISHED March 2010

Copyrighted 2010

34

Why not become a Member of ASC X9 today? ASC X9 standards are widely used and recognized, by banks, companies, organizations, government agencies, consultants, accountants and others. X9 standards are often sited or required by the Federal agencies for use in financial procedures and transactions. In addition, X9 standards continue to be the basis for many international standards used in facilitating global commerce. ASC X9, Inc. operates under its own procedures and those prescribed by the American National Standards Institute. Presently, ASC X9 operates 4 technical subcommittees and as many as 30 technical working groups developing financial industry technical standards and reports. ASC X9 is the USA Technical Advisory Group (TAG) to the International Technical Committee on Financial Services (TC68) under the International Organization for Standardization (ISO), of Geneva, Switzerland. In this role, X9 holds the USA vote on all ISO standards of TC 68 or its subcommittees SC2, SC4, and SC7. In 1974, the American National Standards Institute (ANSI) approved the scope of activity for the X9 Standards Committee on Banking, as Standardization for Facilitating Banking Operations. In June, 1976, the X9 Standards Committee approved expansion of its membership to include vendors, insurance companies, associations, retailers, regulators, and others in the financial services area. With this approval, the name was changed to X9, Financial Services. ANSI first granted X9 official accreditation in 1984. The official committee name became as it remains today, Accredited Standards Committee (ASC) X9, Financial Services. Since this time, ASC X9 was incorporated under a 501 C(6) non-profit designation for associations. Accredited Standards Committee X9, Inc. members may elect to vote and participate in one or more of the following technical subcommittees: X9AB Payments - retail, check, corporate interfacing with ISO 20022* X9C - Credit X9D - Securities Processing X9F - Data and Information Security X9 is accredited as the US Technical Advisory Group (TAG) to the ISO committee on Financial Services (TC 68). X9 participates actively in international standards development, supplies votes on TC 68 documents and contributes to the development and adoption of international standards that support the financial industry. X9 approves delegates who represent the US in international meetings and participate in the international development process. In addition, X9 serves as Secretariat to TC 68 and to TC68 SC2 which is the administrator to the TC 68 organization. * see www.iso20022 .org

PUBLISHED March 2010

Copyrighted 2010

35

X9 Membership Information
Membership in ASC X9 is by organization or company ASC X9 has four membership categories, each offering benefits to various organizations. Top membership levels provide participants with extra privileges important to leading organizations. The following is a list of categories: Category ABoard Level: $8,250 Description: Board Membership & Voting Privileges - Ability to participate on all Subcommittees and all Working Groups, USA TAG participant voting on all international standards, develop and vote on X9 policy and access to the entire X9 collection of standards free of charge. Eligibility: Executive approval Benefits: The Category A membership provides an organization with the opportunity to name a representative to the ASC X9's Board of Directors. Category A members belong to and participate in multiple subcommittees and their working groups. The Category A member votes on new work projects, standards, the association's procedures/policies, and directs the work of all subcommittees and working groups. The Category A member may represent the U. S. internationally and may serve as an X9 Subcommittee chairman. Category BSubcommittee Voting Privileges: $4,900 Description: Voting Privileges on one Subcommittee and ability to participate in all working groups within that subcommittee. Access to the full collection of X9 standards free of charge. Eligibility: Executive approval Benefits: Category B membership provides an organization with voting privileges on a single X9 subcommittee and access to that subcommittee's working groups. A Category B member votes on the standards under their subcommittee of choice. Category B members receive member access to X9's website and can download all X9 Standards and Technical Guidelines free of charge. Category CSmall Firm & Limited Voting: $2,600 Description: The Category C level member has access to one Subcommittee, has ability to vote and participate on all standards in that single subcommittee. The Company must qualify annually for this level which is open to organizations with gross revenues of less than $1 million and who employ fewer than 100 persons (letter of confirmation required from CPA or other financial person in organization). Eligibility: Executive approval Benefits: Category C members voting privileges are for ballots related to a single X9 subcommittee and access to that subcommittee's working groups. Category C members receive member access to X9's website and can download all X9 Standards and Technical Guidelines free of charge. Category EWorking Group Only: $410 Description: Access to one national Working Group a non-voting level membership. This is access for one individual for each membership. Eligibility: Executive approval
PUBLISHED March 2010 Copyrighted 2010

36

Benefits: Category E membership limits participation to a single ASC X9 national/US working (domestic) group. Category E members are provided access to the documents(s) under development in the working group of their choice. Additional information regarding participation in the activities of ASC X9 may be received through direct contact with admin@x9.org.

PUBLISHED March 2010

Copyrighted 2010

37

ACCREDITED STANDARDS COMMITTEE X9, INC. MEMBERSHIP ENROLLMENT APPLICATION

Please indicate the method of payment: Check enclosed. (Make check payable to Accredited Standards Committee X9, Inc.) Charge my credit card: Discover VISA MasterCard American Express Account Number: _______________________________Expiration Date: _____________________ Signature: _____________________________________Date: _____________________________ Choose the appropriate category for your organization: Categories A, B and C have free access to all ASC X9, Inc. Standards on the www.x9.org website. Category A $8,250 Category B $4,900 Category C $2,600** Category E $410 (Per national working group - indicate group(s) below) ** smaller organization Please indicate Working Group(s) (e.g., X9F1)_____________________________________________________________________ *Please choose the Subcommittee(s) that interests you: X9AB Payments Subcommittee - Electronic Retail, Check and Corporate Financial Transactions X9C Credit, X9D Securities Processing, X9F Data and Information Security Please complete both sections below. Your Companys Principal Contact Name _________________________________________________________________________ Title____________________________________________________________________________ Organization_____________________________________________________________________ Address_________________________________________________________________________ City____________________________________ State____________ Zip Code_______________ Phone (_______)________________ Fax (____)_____________________ Email_________________________ Your Companys Alternate Contact Name___________________________________________________________________________ Title____________________________________________________________________________ Organization_____________________________________________________________________ Address_________________________________________________________________________ City_________________________________ State____________ Zip Code_________________ Phone (_____)_____________ Fax (____)________________ Email________________________ We _______________________________________________ (name of organization) understand that we are making application to join ASC X9, Inc. as a member. We understand that upon receipt of our application and membership dues by ASC X9, Inc. they will provide appropriate access to the member-side of the ASC X9, Inc. website. We have read, understand and will accept ASC X9s Membership Policy. ________________________________________ ________________________________ Signature Date Please return this application form to: Accredited Standards Committee X9, Inc. P.O. Box 890330 Charlotte, NC 28289-0330
PUBLISHED March 2010 Copyrighted 2010

38