EPC: Guidelines on cryptographic algorithms usage and key management

18 January 2019

The EPC published a new version of the Guidelines on cryptographic algorithms usage and key management in order to provide guidance to the European payments industry, more precisely to security officers, risk managers, system engineers and systems designers.

Although its content does not assume expertise in cryptology, it contains some sections which require a basic mathematical background.

This document was updated to reflect newsworthy developments in cryptography, including the impacts of the latest progress in cryptanalysis (e.g. on public key cryptography, message authentication codes and hash functions). This includes a review of the recommendations with the inclusion of more cross-references to the main body of the document.

Moreover, various updates have been made regarding the usage of some algorithms (e.g., 2TDES, 3TDES) based on recent developments in cryptography since the publication of the last version in 2017. Also, a new section on the recently published TLS v1.3 has been added. In addition, the sections on quantum computing considerations and distributed ledger technology have been reviewed and updated as needed, including new background information. The list of references was updated since the last publication of the document in December 2017.

In producing these guidelines, the EPC aims to provide a reference basis to support payment service providers. However, it needs to be recognised that research and developments in cryptology are constantly evolving. Therefore, the EPC plans to annually review and update the document to reflect the state of the art in light of major new developments and to keep it aligned with the documents referenced.

Full news

Full publication


© EPC