Central Bank of Egypt Retail Payments Standards

Retail Banking Payments Standards

Introduction
Standards in retail payments are vital for ensuring consistency across all domestic payments
systems and compatibility with international norms. The primary basis for standards will be
those defined by the International Organization for Standardization (ISO) for the financial
services sector. The ISO standards defined by Technical Committee TC68 are specific to
financial services and deal more with applications than technical specifications. Over the years
ISO has delegated responsibility to different standards committees that act in specialized areas to
augment the capacity of the ISO. The Joint Technical Committee (JTC) is one such committee
that has been given responsibility for cards. They work in conjunction with the International
Electrotechnical Commission (IEC) to develop the card standards. They develop standards for all
cards including those used in the financial industry and others such as health care, transportation
and others. In addition, other standards have developed around security. Important standards for
security as regards payment cards are set by the Payment Card Industry (PCI) Security Standards
Council (SSC). These standards aim to reduce the potential for card fraud, hacking and various
other security vulnerabilities and threats.
Compliance with the aforementioned standards will help to build the basis for interoperability
across systems in Egypt. This is a key goal of this process. Each of the recommended standards
will be briefly defined below. It is recommended that compliance with these be discussed and
communicated to all stakeholders in the Egyptian payments community. Standards related to the
financial services industry are evolving all the time. As such, it will be important for the CBE to
continue to track standards as they develop. The ISO and the JTC secretariats update their
information on a regular basis. It is recommended that the CBE periodically review the new
standards to determine which of these will be most appropriate for Egypt. Compliance with
standards should also be incorporated in the inspection process for both the banks and payment
system service providers.
The following links are provided for more detailed information:
JTC 1/SC 17 Cards and Personal Identification
http://www.iso.ch/iso/iso_catalogue/catalogue_tc/catalogue_tc_browse.htm?commid=45144&pu
blished=on
Payment Card Industry Security Standards Council
The second major set of standards affecting retail payments is the Payment Card Industry
Standard (PCI) Data Security Standards (DSS). As mentioned earlier, it focuses on standards
intended to reduce fraud and other security related threats. The link for this set of standards is
provided below.
https://www.pcisecuritystandards.org/

Central Bank of Egypt Retail Payments Standards

ISO TC68 ISO Standards for the Financial Services Industry

http://www.iso.ch/iso/iso_catalogue/catalogue_tc/catalogue_tc_browse.htm?commid=49650 or
http://www.iso.ch/iso/iso_catalogue/catalogue_tc/catalogue_tc_browse.htm?commid=49650&pu
blished=on&includesc=true
The primary segments within TC68 are as follows:
TC 68/SC 2

Security management and general banking operations

TC 68/SC 4

Securities and related financial instruments

TC 68/SC 7

Core banking

ISO 20022

UNIversal Financial Industry message scheme

The balance of the document will cover each of the three recommended areas of standards
recommended for adoption by the CBE. As above, the standards specific to payments will be
highlighted for quick identification.

Central Bank of Egypt Retail Payments Standards

Cards
With the growth in card usage in sectors outside financial services, card standards have become a
separate and distinct set of standards under the JTC 1/SC 17 Secretariat. The category includes
not only financial transaction cards, but identification cards, travel cards, smart cards and others.
A comprehensive listing is provided for all standards in the card category. The International
Electrotechnical Commission (IEC) is the international standards and conformity assessment
body for all fields of electrotechnology that works with the ISO in the development of
international standards. The key standards under this secretariat that apply to financial services
are as follows:
ISO/IEC 4909:2006
ISO/IEC 7810:2003
ISO/IEC 7811 1-9
Users
ISO/IEC 7812 1-2
ISO/IEC 7813:2006
transaction cards
ISO/IEC 7816 1-15
ISO/IEC 8484:2007
ISO/IEC 10373 1-7

Financial transaction cards Magnetic stripe content

Identification cards Physical characteristics
Identification cards Recording technique and Identification of
Identification cards, Identification of Users
Information technology Identification cards Financial
Identification cards Integrated circuit cards
Information Technology Magnetic stripes on saving books
Identification cards Test methods

It is important to note that some of the other types of cards listed below may develop a financial
services application in the future. One recent example is the use of contactless cards used in
payment applications for transportation. At this point; however, the aforementioned standards
listed above are the ones currently in widespread use in financial services. The items most
specific to the financial industry in the overall list of cards are highlighted below. For more
detailed information on each specification go to the link provided above. Each of the individual
specifications can be purchased from the ISO. The CBE may wish to purchase specifications
relevant to Egypt in the future. The key will be to ensure that all payment cards used in Egypt
conform to ISO standards.
Standards and projects under the direct responsibility of JTC 1/SC 17 Secretariat

Standard and/or project

ICS
ISO/IEC 4909:2006

60.60

35.240.15

60.60

35.240.15

Identification cards -- Financial transaction cards -- Magnetic stripe data content

for track 3
ISO/IEC 7501-1:2008
Identification cards -- Machine readable travel documents -- Part 1: Machine
readable passport

Central Bank of Egypt Retail Payments Standards

Standard and/or project

ICS
ISO/IEC 7501-2:1997

90.93

35.240.15

90.92

35.240.15

90.92

35.240.15

90.93

35.240.15

90.60

35.240.15

60.60

35.240.15

60.60

35.240.15

60.60

35.240.15

60.60

35.240.15

60.60

35.240.15

60.60

35.240.15

Identification cards -- Machine readable travel documents -- Part 2: Machine

readable visa
ISO/IEC 7501-3:2005
Identification cards -- Machine readable travel documents -- Part 3: Machine
readable official travel documents
ISO/IEC 7810:2003
Identification cards -- Physical characteristics
ISO/IEC 7811-1:2002
Identification cards -- Recording technique -- Part 1: Embossing
ISO/IEC 7811-2:2001
Identification cards -- Recording technique -- Part 2: Magnetic stripe -- Low
coercivity
ISO/IEC 7811-6:2008
Identification cards -- Recording technique -- Part 6: Magnetic stripe -- High
coercivity
ISO/IEC 7811-7:2004
Identification cards -- Recording technique -- Part 7: Magnetic stripe -- High
coercivity, high density
ISO/IEC 7811-8:2008
Identification cards -- Recording technique -- Part 8: Magnetic stripe -- Coercivity
of 51,7 kA/m (650 Oe)
ISO/IEC 7811-9:2008
Identification cards -- Recording technique -- Part 9: Tactile identifier mark
ISO/IEC 7812-1:2006
Identification cards -- Identification of issuers -- Part 1: Numbering system
ISO/IEC 7812-2:2007
Identification cards -- Identification of issuers -- Part 2: Application and

Central Bank of Egypt Retail Payments Standards

Standard and/or project

ICS
registration procedures
ISO/IEC 7813:2006

60.60

35.240.15

90.20

35.240.15

60.60

35.240.15

60.60

35.240.15

60.60

35.240.15

60.60

35.240.15

60.60

35.240.15

60.60

35.240.15

60.60

35.240.15

ISO/IEC 7816-6:2004/Cor 1:2006

60.60

35.240.15

ISO/IEC 7816-7:1999

90.93

35.240.15

Information technology -- Identification cards -- Financial transaction cards

ISO/IEC 7816-1:1998
Identification cards -- Integrated circuit(s) cards with contacts -- Part 1: Physical
characteristics
ISO/IEC 7816-1:1998/Amd 1:2003
Maximum height of the IC contact surface
ISO/IEC 7816-2:2007
Identification cards -- Integrated circuit cards -- Part 2: Cards with contacts -Dimensions and location of the contacts
ISO/IEC 7816-3:2006
Identification cards -- Integrated circuit cards -- Part 3: Cards with contacts -Electrical interface and transmission protocols
ISO/IEC 7816-4:2005
Identification cards -- Integrated circuit cards -- Part 4: Organization, security and
commands for interchange
ISO/IEC 7816-4:2005/Amd 1:2008
Record activation and deactivation
ISO/IEC 7816-5:2004
Identification cards -- Integrated circuit cards -- Part 5: Registration of application
providers
ISO/IEC 7816-6:2004
Identification cards -- Integrated circuit cards -- Part 6: Interindustry data
elements for interchange

Identification cards -- Integrated circuit(s) cards with contacts -- Part 7:

Central Bank of Egypt Retail Payments Standards

Standard and/or project

ICS

Interindustry commands for Structured Card Query Language (SCQL)

ISO/IEC 7816-8:2004

60.60

35.240.15

60.60

35.240.15

90.93

35.240.15

90.60

35.240.15

60.60

35.240.15

60.60

35.240.15

90.60

35.240.15

ISO/IEC 7816-15:2004/Cor 1:2004

60.60

35.240.15

ISO/IEC 7816-15:2004/Amd 1:2007

60.60

35.240.15

60.60

35.240.15

60.60

35.240.40

Identification cards -- Integrated circuit cards -- Part 8: Commands for security

operations
ISO/IEC 7816-9:2004
Identification cards -- Integrated circuit cards -- Part 9: Commands for card
management
ISO/IEC 7816-10:1999
Identification cards -- Integrated circuit(s) cards with contacts -- Part 10:
Electronic signals and answer to reset for synchronous cards
ISO/IEC 7816-11:2004
Identification cards -- Integrated circuit cards -- Part 11: Personal verification
through biometric methods
ISO/IEC 7816-12:2005
Identification cards - Integrated circuit cards -- Part 12: Cards with contacts -USB electrical interface and operating procedures
ISO/IEC 7816-13:2007
Identification cards -- Integrated circuit cards -- Part 13: Commands for
application management in a multi-application environment
ISO/IEC 7816-15:2004
Identification cards -- Integrated circuit cards -- Part 15: Cryptographic information
application

Examples of the use of the cryptographic information application

ISO/IEC 7816-15:2004/Amd 2:2008
Error corrections and extensions for multi-application environments
ISO/IEC 8484:2007

Central Bank of Egypt Retail Payments Standards

Standard and/or project

ICS

Information technology -- Magnetic stripes on savingsbooks

ISO/IEC 10373-1:2006

60.60

35.240.15

60.60

35.240.15

90.92

35.240.15

60.60

35.240.15

90.92

35.240.15

60.60

35.240.15

60.60

35.240.15

60.60

35.240.15

60.60

35.240.15

60.60

35.240.15

60.60

35.240.15

90.93

35.240.15

Identification cards -- Test methods -- Part 1: General characteristics

ISO/IEC 10373-2:2006
Identification cards -- Test methods -- Part 2: Cards with magnetic stripes
ISO/IEC 10373-3:2001
Identification cards -- Test methods -- Part 3: Integrated circuit(s) cards with
contacts and related interface devices
ISO/IEC 10373-5:2006
Identification cards -- Test methods -- Part 5: Optical memory cards
ISO/IEC 10373-6:2001
Identification cards -- Test methods -- Part 6: Proximity cards
ISO/IEC 10373-6:2001/Amd 1:2007
Protocol test methods for proximity cards
ISO/IEC 10373-6:2001/Amd 2:2003
Improved RF test methods
ISO/IEC 10373-6:2001/Amd 3:2006
Protocol test methods for proximity coupling devices
ISO/IEC 10373-6:2001/Amd 4:2006
Additional test methods for PCD RF interface and PICC alternating field exposure
ISO/IEC 10373-6:2001/Amd 5:2007
Bit rates of fc/64, fc/32 and fc/16
ISO/IEC 10373-7:2008
Identification cards -- Test methods -- Part 7: Vicinity cards
ISO/IEC 10536-1:2000
Identification cards -- Contactless integrated circuit(s) cards -- Close-coupled
cards -- Part 1: Physical characteristics

Central Bank of Egypt Retail Payments Standards

Standard and/or project

ICS
ISO/IEC 10536-2:1995

90.93

35.240.15

90.93

35.240.15

90.92

35.240.15

60.60

35.240.15

60.60

35.240.15

60.60

35.240.15

60.60

35.240.15

60.60

35.240.15

60.60

35.240.15

60.60

35.240.15

Identification cards -- Contactless integrated circuit(s) cards -- Part 2: Dimensions

and location of coupling areas
ISO/IEC 10536-3:1996
Identification cards -- Contactless integrated circuit(s) cards -- Part 3: Electronic
signals and reset procedures
ISO/IEC 11693:2005
Identification cards -- Optical memory cards -- General characteristics
ISO/IEC 11694-1:2005
Identification cards -- Optical memory cards -- Linear recording method -- Part 1:
Physical characteristics
ISO/IEC 11694-2:2005
Identification cards -- Optical memory cards -- Linear recording method -- Part 2:
Dimensions and location of the accessible optical area
ISO/IEC 11694-3:2008
Identification cards -- Optical memory cards -- Linear recording method -- Part 3:
Optical properties and characteristics
ISO/IEC 11694-4:2008
Identification cards -- Optical memory cards -- Linear recording method -- Part 4:
Logical data structures
ISO/IEC 11694-5:2006
Identification cards -- Optical memory cards -- Linear recording method -- Part 5:
Data format for information interchange for applications using ISO/IEC 11694-4,
Annex B
ISO/IEC 11694-6:2006
Identification cards -- Optical memory cards -- Linear recording method -- Part 6:
Use of biometrics on an optical memory card
ISO/IEC 11695-1:2008
Identification cards -- Optical memory cards -- Holographic recording method --

Central Bank of Egypt Retail Payments Standards

Standard and/or project

ICS

Part 1: Physical characteristics

ISO/IEC 11695-2:2008

60.60

35.240.15

60.60

35.240.15

60.60

35.240.15

90.92

35.240.15

ISO/IEC 14443-2:2001/Amd 1:2005/Cor 1:2007

60.60

35.240.15

ISO/IEC 14443-2:2001/Amd 1:2005

60.60

35.240.15

90.92

35.240.15

ISO/IEC 14443-3:2001/Amd 1:2005/Cor 1:2006

60.60

35.240.15

ISO/IEC 14443-3:2001/Amd 1:2005

60.60

35.240.15

60.60

35.240.15

60.60

35.240.15

Identification cards -- Optical memory cards -- Holographic recording method -Part 2: Dimensions and location of accessible optical area
ISO/IEC 11695-3:2008
Identification cards -- Optical memory cards -- Holographic recording method -Part 3: Optical properties and characteristics
ISO/IEC 14443-1:2008
Identification cards -- Contactless integrated circuit cards -- Proximity cards -Part 1: Physical characteristics
ISO/IEC 14443-2:2001
Identification cards -- Contactless integrated circuit(s) cards -- Proximity cards -Part 2: Radio frequency power and signal interface

Bit rates of fc/64, fc/32 and fc/16

ISO/IEC 14443-3:2001
Identification cards -- Contactless integrated circuit(s) cards -- Proximity cards -Part 3: Initialization and anticollision

Bit rates of fc/64, fc/32 and fc/16

ISO/IEC 14443-3:2001/Amd 3:2006
Handling of reserved fields and values
ISO/IEC 14443-4:2008
Identification cards -- Contactless integrated circuit cards -- Proximity cards -Part 4: Transmission protocol

Central Bank of Egypt Retail Payments Standards

Standard and/or project

ICS
ISO/IEC 15457-1:2008

60.60

35.240.15

60.60

35.240.15

60.60

35.240.15

90.93

35.240.15

60.60

35.240.15

90.92

35.240.15

60.60

35.240.15

60.60

35.240.15

90.60

35.240.15

60.60

35.240.15

60.60

35.240.15

Identification cards -- Thin flexible cards -- Part 1: Physical characteristics

ISO/IEC 15457-2:2007
Identification cards -- Thin flexible cards -- Part 2: Magnetic recording technique
ISO/IEC 15457-3:2008
Identification cards -- Thin flexible cards -- Part 3: Test methods
ISO/IEC 15693-1:2000
Identification cards -- Contactless integrated circuit(s) cards -- Vicinity cards -Part 1: Physical characteristics
ISO/IEC 15693-2:2006
Identification cards -- Contactless integrated circuit cards -- Vicinity cards -- Part
2: Air interface and initialization
ISO/IEC 15693-3:2001
Identification cards - Contactless integrated circuit(s) cards - Vicinity cards -- Part
3: Anticollision and transmission protocol
ISO/IEC 18013-1:2005
Information technology -- Personal identification -- ISO-compliant driving licence - Part 1: Physical characteristics and basic data set
ISO/IEC 18013-2:2008
Information technology -- Personal identification -- ISO-compliant driving licence - Part 2: Machine-readable technologies
ISO/IEC 20060:2001
Information technology -- Open Terminal Architecture (OTA) specification -Virtual machine specification
ISO/IEC 24727-1:2007
Identification cards -- Integrated circuit card programming interfaces -- Part 1:
Architecture
ISO/IEC 24727-2:2008

10

Central Bank of Egypt Retail Payments Standards

Standard and/or project

ICS

Identification cards -- Integrated circuit card programming interfaces -- Part 2:

Generic card interface
ISO/IEC 24727-3:2008

60.60

35.240.15

60.60

35.240.15

60.60

35.240.15

Identification cards -- Integrated circuit card programming interfaces -- Part 3:

Application interface
ISO/IEC 24727-4:2008
Identification cards -- Integrated circuit card programming interfaces -- Part 4:
Application programming interface (API) administration
ISO/IEC TR 29123:2007
Identification Cards -- Proximity Cards -- Requirements for the enhancement of
interoperability

11

Central Bank of Egypt Retail Payments Standards

Payment Card Industry Security Standards Council

The PCI Security Standards Council (PCI SSC) is an open global forum for the ongoing
development, enhancement, storage, dissemination and implementation of security standards for
account data protection. The PCI Security Standards Councils mission is to enhance payment
account data security by driving education and awareness of the PCI Security Standards. The
organization was founded by American Express, Discover Financial Services, JCB International,
MasterCard Worldwide, and Visa, Inc. The PCI SSC has been responsible for the development
of the following standards:
Payment Card Industry Data Security Standard (PCI DSS),
PIN Entry Device (PED) Security Requirements and the
Payment Application Data Security Standard (PA-DSS).
These standards are used as guidelines to help organizations that process card payments prevent
credit card fraud, hacking and various other security vulnerabilities and threats. A company
processing, storing, or transmitting payment card data should be required to be PCI DSS
compliant. Non-compliant companies who maintain a relationship with one or more of the card
brands, either directly or through an acquirer should be at risk of losing their ability to process
credit card payments and be audited and/or fined. All in-scope companies should be required to
validate their compliance annually. This validation should be conducted by auditors - i.e. persons
who are PCI DSS Qualified Security Assessors (QSAs), however, smaller companies may have
the option to use a self-certification questionnaire. This is something that should be considered in
Egypt. The questionnaire should be validated by a QSA, but generally depends on the
requirements of the card brands in that merchant's region.
The current version of the standard (1.2) specifies 12 requirements for compliance, organized
into 6 logically related groups, which are called "control objectives". The updated standard and
supporting documentation is available on the Councils Web site at:
https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml.
The aforementioned control objectives and their requirements are:
Build and Maintain a Secure Network
o Requirement 1: Install and maintain a firewall configuration to protect cardholder
data
o Requirement 2: Do not use vendor-supplied defaults for system passwords and
other security parameters
Protect Cardholder Data
o Requirement 3: Protect stored cardholder data
o Requirement 4: Encrypt transmission of cardholder data across open, public
networks

12

Central Bank of Egypt Retail Payments Standards

Maintain a Vulnerability Management Program

o Requirement 5: Use and regularly update anti-virus software
o Requirement 6: Develop and maintain secure systems and applications
Implement Strong Access Control Measures
o Requirement 7: Restrict access to cardholder data by business need-to-know
o Requirement 8: Assign a unique ID to each person with computer access
o Requirement 9: Restrict physical access to cardholder data
Regularly Monitor and Test Networks
o Requirement 10: Track and monitor all access to network resources and
cardholder data
o Requirement 11: Regularly test security systems and processes
Maintain an Information Security Policy
o Requirement 12: Maintain a policy that addresses information security
This set of standards should be reviewed with the stakeholders and mandated for compliance in a
reasonable timeframe based on the participants reactions.

13

Central Bank of Egypt Retail Payments Standards

Financial Industry Standards

As stated above, these standards relate to the financial industry as a whole. The four major
segments represented in this secretariat are:
T68 S/C2 Security management and general banking operations
T68 S/C4 Securities and related financial instruments
T68 S/C7 Core Banking
ISO 20022 UNIversal Financial industry message format
ISO 20022 is quite significant as it provides the financial industry with a common platform
for the development of messages in a standardized XML syntax, using:
a modelling methodology (based on UML) to capture in a syntax-independent way
financial business areas, business transactions and associated message flows;
a set of XML design rules to convert the messages described in UML into XML
schemas.
This flexible framework allows communities of users and message development
organizations to define message sets according to an internationally agreed approach and to
migrate to the use of common XML-based syntax.
A significant number of the financial industry standards relate specifically to the area of
payments. Once again, the items that relate to payments have been highlighted in the overall list
and should be reviewed by the CBE for adoption. The key standards under this secretariat that
apply to financial services are as follows:
ISO 1004:1995
Magnetic ink character recognition print specifications
ISO 8583 1-3
Financial transaction card originated messages -- Interchange message
specifications
ISO 9362:1994
Banking -- Banking telecommunication messages -- Bank identifier codes
ISO 9564 1-4
Banking -- Personal Identification Number (PIN) management and
security
ISO 9992 1-2
Financial transaction cards -- Messages between the integrated circuit card
and the card accepting device
ISO 11568 1-4
Banking -- Key management (retail)
ISO 13491 1-2
Banking -- Secure cryptographic devices (retail)
ISO 13492:2007
Financial services -- Key management related data element
ISO 15668:1999
Banking -- Secure file transfer (retail)
ISO 15782 1-2
Certificate management for financial services
ISO 16609:2004
Banking -- Requirements for message authentication using symmetric
techniques
ISO 18245:2003
Retail financial services -- Merchant category codes
14

Central Bank of Egypt Retail Payments Standards

ISO/TS 20022 1-5

ISO 21188:2006
framework

UNIversal Financial industry message format

Public key infrastructure for financial services -- Practices and policy

ISO Webpage Link for the listing below is

http://www.iso.ch/iso/iso_catalogue/catalogue_tc/catalogue_tc_browse.htm?commid=49650&pu
blished=on&includesc=true
Standards and projects under the direct responsibility of TC 68 Secretariat and its SCs

Standard and/or project

ICS

ISO 1004:1995

TC

90.93

35.240.40

TC 68/SC 7

60.60

01.140.30

TC 68/SC 7

Information processing -- Magnetic ink character recognition -Print specifications

ISO 4217:2008
Codes for the representation of currencies and funds
ISO 4217:2008/Cor 1:2008

03.060
60.60

01.140.30

TC 68/SC 7

03.060
ISO 6166:2001

90.92

03.060

TC 68/SC 4

90.60

03.060

TC 68/SC 4

90.93

03.060

TC 68/SC 4

90.60

03.060

TC 68/SC 4

90.93

35.240.15

TC 68/SC 7

Securities and related financial instruments -- International

securities identification numbering system (ISIN)
ISO 6536:1981
Bank operations -- Standard scheme for drawing lists
ISO 8109:1990
Banking and related financial services -- Securities -- Format of
Eurobonds
ISO 8532:1995
Securities -- Format for transmission of certificate numbers
ISO 8583-1:2003
Financial transaction card originated messages -- Interchange
message specifications -- Part 1: Messages, data elements and
code values

15

Central Bank of Egypt Retail Payments Standards

Standard and/or project

ICS

ISO 8583-2:1998

TC

90.93

35.240.15

TC 68/SC 7

90.93

35.240.15

TC 68/SC 7

90.60

03.060

TC 68/SC 4

90.60

35.240.40

TC 68/SC 4

90.92

03.060

TC 68/SC 7

90.60

35.240.40

TC 68/SC 2

90.60

35.240.40

TC 68/SC 2

90.92

35.240.40

TC 68/SC 2

60.60

35.240.40

TC 68/SC 2

Financial transaction card originated messages -- Interchange

message specifications -- Part 2: Application and registration
procedures for Institution Identification Codes (IIC)
ISO 8583-3:2003
Financial transaction card originated messages -- Interchange
message specifications -- Part 3: Maintenance procedures for
messages, data elements and code values
ISO 9019:1995
Securities -- Numbering of certificates
ISO 9144:1991
Securities -- Optical character recognition line -- Position and
structure
ISO 9362:1994
Banking -- Banking telecommunication messages -- Bank identifier
codes
ISO 9564-1:2002
Banking -- Personal Identification Number (PIN) management and
security -- Part 1: Basic principles and requirements for online PIN
handling in ATM and POS systems
ISO 9564-2:2005
Banking -- Personal Identification Number management and
security -- Part 2: Approved algorithms for PIN encipherment
ISO 9564-3:2003
Banking -- Personal Identification Number management and
security -- Part 3: Requirements for offline PIN handling in ATM
and POS systems
ISO/TR 9564-4:2004
Banking -- Personal Identification Number (PIN) management and

16

Central Bank of Egypt Retail Payments Standards

Standard and/or project

ICS

TC

security -- Part 4: Guidelines for PIN handling in open networks

ISO 9992-1:1990

90.93

35.240.15

TC 68/SC 7

90.20

35.240.15

TC 68/SC 7

60.60

35.240.15

TC 68/SC 7

90.60

03.060

TC 68/SC 4

90.92

03.060

TC 68/SC 4

90.60

35.240.40

TC 68/SC 2

90.92

35.240.40

TC 68/SC 2

60.60

35.240.40

TC 68/SC 2

60.60

35.240.40

TC 68/SC 2

Financial transaction cards -- Messages between the integrated

circuit card and the card accepting device -- Part 1: Concepts and
structures
ISO 9992-2:1998
Financial transaction cards -- Messages between the integrated
circuit card and the card accepting device -- Part 2: Functions,
messages (commands and responses), data elements and
structures
ISO 9992-2:1998/Cor 1:1999
.
ISO 10383:2003
Securities and related financial instruments -- Codes for
exchanges and market identification (MIC)
ISO 10962:2001
Securities and related financial instruments -- Classification of
Financial Instruments (CFI code)
ISO 11568-1:2005
Banking -- Key management (retail) -- Part 1: Principles
ISO 11568-2:2005
Banking -- Key management (retail) -- Part 2: Symmetric ciphers,
their key management and life cycle
ISO 11568-4:2007
Banking -- Key management (retail) -- Part 4: Asymmetric
cryptosystems -- Key management and life cycle
ISO 13491-1:2007
Banking -- Secure cryptographic devices (retail) -- Part 1:
Concepts, requirements and evaluation methods

17

Central Bank of Egypt Retail Payments Standards

Standard and/or project

ICS

ISO 13491-2:2005

TC

90.60

35.240.40

TC 68/SC 2

60.60

35.240.40

TC 68/SC 2

60.60

03.060

TC 68/SC 2

60.60

03.060

TC 68/SC 7

60.60

03.060

TC 68/SC 7

90.93

03.060

TC 68/SC 4

60.60

03.060

TC 68/SC 4

90.93

03.060

TC 68/SC 4

60.60

03.060

TC 68/SC 4

90.93

35.240.15

TC 68/SC 2

90.92

35.240.40

TC 68/SC 2

Banking -- Secure cryptographic devices (retail) -- Part 2: Security

compliance checklists for devices used in financial transactions
ISO 13492:2007
Financial services -- Key management related data element -Application and usage of ISO 8583 data elements 53 and 96
ISO/TR 13569:2005
Financial services -- Information security guidelines
ISO 13616-1:2007
Financial services - International bank account number (IBAN) -Part 1: Structure of the IBAN
ISO 13616-2:2007
Financial services - International bank account number (IBAN) -Part 2: Role and responsibilities of the Registration Authority
ISO 15022-1:1999
Securities -- Scheme for messages (Data Field Dictionary) -- Part
1: Data field and message design rules and guidelines
ISO 15022-1:1999/Cor 1:1999
.
ISO 15022-2:1999
Securities -- Scheme for messages (Data Field Dictionary) -- Part
2: Maintenance of the Data Field Dictionary and Catalogue of
Messages
ISO 15022-2:1999/Cor 1:1999
.
ISO 15668:1999
Banking -- Secure file transfer (retail)
ISO 15782-1:2003

18

Central Bank of Egypt Retail Payments Standards

Standard and/or project

ICS

TC

Certificate management for financial services -- Part 1: Public key

certificates
ISO 15782-2:2001

90.60

35.240.40

TC 68/SC 2

90.93

35.240.40

TC 68/SC 2

90.93

35.240.15

TC 68/SC 7

60.60

35.240.40

TC 68/SC 2

60.60

03.060

TC 68/SC 2

Banking -- Certificate management -- Part 2: Certificate extensions

ISO 16609:2004
Banking -- Requirements for message authentication using
symmetric techniques
ISO 18245:2003
Retail financial services -- Merchant category codes
ISO/TR 19038:2005
Banking and related financial services -- Triple DEA -- Modes of
operation -- Implementation guidelines
ISO 19092:2008
Financial services -- Biometrics -- Security framework
ISO 20022-1:2004

35.240.40
90.93

03.060

TC 68

60.60

03.060

TC 68

90.93

03.060

TC 68

90.93

03.060

TC 68

Financial services -- UNIversal Financial Industry message

scheme -- Part 1: Overall methodology and format specifications
for inputs to and outputs from the ISO 20022 Repository
ISO 20022-2:2007
Financial services -- UNIversal Financial Industry message
scheme -- Part 2: Roles and responsibilities of the registration
bodies
ISO/TS 20022-3:2004
Financial services -- UNIversal Financial Industry message
scheme -- Part 3: ISO 20022 modelling guidelines
ISO/TS 20022-4:2004
Financial services -- UNIversal Financial Industry message
scheme -- Part 4: ISO 20022 XML design rules

19

Central Bank of Egypt Retail Payments Standards

Standard and/or project

ISO/TS 20022-5:2004

ICS

TC

90.93

03.060

TC 68

60.60

35.240.40

TC 68/SC 2

60.60

03.060

TC 68/SC 7

Financial services -- UNIversal Financial Industry message

scheme -- Part 5: ISO 20022 reverse engineering
ISO 21188:2006
Public key infrastructure for financial services -- Practices and
policy framework
ISO 22307:2008
Financial services -- Privacy impact assessment

Conclusion
The CBE should plan to utilize whatever forum is established for the retail payments
stakeholders to discuss the aforementioned standards with a goal to adopt as many as is practical
for Egypt. This could be the project of a subcommittee of the Retail Payments Forum to research
and make recommendations for adoption. In addition, it should be the responsibility of someone
in the Payment System Department to track the development of standards. This should be a
major goal of the CBE Payment System Department to move as many payments as possible to
industry standards.

20