This International Standard specifies procedures, independent of the transmission process, for protecting the
integrity of transmitted banking messages and for verifying that a message has originated from an authorized
source. It also specifies a method by which block ciphers can be approved for use in the authentication of
banking messages. In addition, because of the necessity for both members in a communicating pair to use the
same means for data representation, it defines some methods for data representation. A list of block ciphers
approved for the calculation of a message authentication code (MAC), as well as the method to be used to
approve additional block ciphers, is also provided. The authentication methods it defines are applicable to
messages formatted and transmitted both as coded character sets and as binary data.
This International Standard is designed for use with symmetric algorithms where both sender and receiver use
the same key. It does not specify methods for establishing the shared key, nor does it provide for
encipherment for the protection of messages against unauthorized disclosure. Its application will not protect
the user against internal fraud by sender or receiver, or forgery of a MAC by the receiver.
ISO 16609:2004 history
2022ISO 16609:2022 Financial services — Requirements for message authentication using symmetric techniques
2012ISO 16609:2012 Financial services - Requirements for message authentication using symmetric techniques
2004ISO 16609:2004 Banking - Requirements for message authentication using symmetric techniques