ISO 19092:2008
Financial services - Biometrics - Security framework

Standard No.
ISO 19092:2008
Release Date
2008
Published By
International Organization for Standardization (ISO)
Status
 2023-03
Replace By
ISO 19092:2023
Latest
ISO 19092:2023
Scope
This International Standard describes the security framework for using biometrics for authentication of individuals in financial services. It introduces the types of biometric technologies and addresses issues concerning their application. This International Standard also describes the architectures for implementation, specifies the minimum security requirements for effective management, and provides control objectives and recommendations suitable for use by a professional practitioner. The following are within the scope of this International Standard: — usage of biometrics for the authentication of employees and persons seeking financial services by: — verification of a claimed identity; — identification of an individual; — validation of credentials presented at enrolment to support authentication as required by risk management; — management of biometric information across its life cycle comprised of the enrolment, transmission and storage, verification, identification and termination processes; — security of biometric information during its life cycle, encompassing data integrity, origin authentication and confidentiality; — application of biometrics for logical and physical access control; — surveillance to protect the financial institution and its customers; — security of the physical hardware used throughout the biometric information life cycle The following are not within the scope of this International Standard: — the individual's privacy rights and ownership of biometric information; — specific techniques for data collection, signal processing and matching of biometric data, and the biometric matching decision-making process; — usage of biometric technology for non-authentication convenience applications such as speech recognition, user interaction and anonymous access control. This International Standard provides the mandatory means whereby biometric information may be encrypted for data confidentiality or other reasons. Although this International Standard does not address specific requirements and limitations of business applications employing biometric technology, other standards may address these topics.

ISO 19092:2008 Referenced Document

  • ISO 10202-3 Financial transaction cards - Security architecture of financial transaction systems using integrated circuit cards - Part 3: Cryptographic key relationships
  • ISO/IEC 19790 Corrigendum 1 - Information technology - Security techniques - Security requirements for cryptographic modules

ISO 19092:2008 history

  • 2023 ISO 19092:2023 Financial services — Biometrics — Security framework
  • 2008 ISO 19092:2008 Financial services - Biometrics - Security framework
Financial services - Biometrics - Security framework


Copyright ©2024 All Rights Reserved