1. Home
  2. Moldova standards
  3. STM
  4. St ISO TS 9546-2024

ISO TS 9546-2024 PDF

St ISO TS 9546-2024

Name in English:
St ISO TS 9546-2024

Name in Russian:
Ст ISO TS 9546-2024

Description in English:

Original standard ISO TS 9546-2024 in PDF full version. Additional info + preview on request

Description in Russian:
Оригинальный стандарт ISO TS 9546-2024 в PDF полная версия. Дополнительная инфо + превью по запросу
Document status:
Active
Format:
Electronic (PDF)
Delivery time (for English version):
1 business day
Delivery time (for Russian version):
365 business days
SKU:
stiso30972
Choose Document Language:
€25

Full title and description

ISO/TS 9546:2024 — Guidelines for security framework of information systems of third-party payment services. This technical specification provides a structured security framework and practical guidance for implementing security mechanisms in the technical infrastructures that support third‑party payment (TPP) services, aligned to the security objectives defined in ISO 23195.

Abstract

This Technical Specification describes a security framework intended to protect critical systems and objects within TPP system environments (whether under the direct control of the third‑party payment service provider or another entity such as an account servicing payment service provider). It covers the TPP logical structural model, the definition of the security framework, design principles, responsibilities, functional recommendations to support security mechanisms, and guidance for applying the framework to any TPP service.

General information

  • Status: Published.
  • Publication date: 19 December 2024 (ISO listing: 2024-12).
  • Publisher: International Organization for Standardization (ISO).
  • ICS / categories: 03.060; 35.240.40 (financial services; IT/security for financial systems).
  • Edition / version: Edition 1 (Technical Specification).
  • Number of pages: 24 pages.

Scope

ISO/TS 9546:2024 applies to the provision of any third‑party payment (TPP) service and provides guidelines to design and implement a security framework that achieves the security objectives defined in ISO 23195. The scope includes structural modelling of TPP environments, definition of framework components, design principles, assignment of responsibilities, functional security recommendations (e.g., key management, data protection in transit and at rest, authentication and credential handling), and guidance for applying the framework across TPPSP and related entities.

Key topics and requirements

  • TPP logical structural model and asset identification (to clarify items to be protected).
  • Definition of a security framework aligned with ISO 23195 security objectives.
  • Design principles and assignment of responsibilities for TPPSP, ASPSP and third parties.
  • Functional recommendations: confidentiality, integrity, availability, non‑repudiation and authenticity for data in transit, at rest and when shared.
  • Guidance on credential handling, credential carrier protection, encryption and key‑management practices.
  • Recommendations for resisting cyberattacks, transaction risk controls (e.g., per ISO 31000), and higher security measures for payment‑sensitive information.

Typical use and users

Intended users include third‑party payment service providers (TPPSPs), banks and account servicing payment service providers (ASPSPs), payment platform architects, security architects and engineers, compliance and risk teams, auditors, fintech vendors and integrators, and regulators seeking harmonized guidance for securing TPP information systems. Organizations implement the guidance to complement existing controls (for example ISO/IEC 27001, industry payment security measures) and to demonstrate alignment with internationally agreed TPP security objectives.

Related standards

Key related standards and documents include ISO 23195 (Security objectives of information systems of third‑party payment services), which defines the security objectives this Technical Specification implements; ISO/IEC 27001 (information security management) and other sector‑specific security guidance (e.g., payment industry best practices) are commonly referenced alongside ISO/TS 9546 when designing comprehensive protections.

Keywords

third‑party payment, TPP, TPPSP, security framework, payment systems security, credential protection, key management, data confidentiality, ISO 23195, transaction risk control.

FAQ

Q: What is this standard?

A: ISO/TS 9546:2024 is a Technical Specification published by ISO that provides guidelines for a security framework for information systems used by third‑party payment services.

Q: What does it cover?

A: It covers the TPP logical structural model, definition of a security framework, design principles, responsibilities, functional security recommendations (encryption, key management, authentication, data protection) and guidance for applying these measures to TPPSP environments and cooperating entities.

Q: Who typically uses it?

A: TPPSPs, banks/ASPSPs, payment platform architects, security and risk teams, auditors, fintech vendors, integrators and regulators use it to design, assess and align security controls for TPP services.

Q: Is it current or superseded?

A: ISO/TS 9546:2024 is a current Technical Specification published in December 2024 (Edition 1). Users should monitor ISO and national body publications for any amendments or later revisions.

Q: Is it part of a series?

A: Yes — it is part of the ISO work addressing third‑party payment security and is intended to be used alongside ISO 23195 (which defines the security objectives) and other relevant ISO and industry standards.

Q: What are the key keywords?

A: Third‑party payment, TPPSP, security framework, credentials, key management, data protection, ISO 23195.