Skip to product information
1 of 12

PayPal, credit cards. Download editable-PDF and invoice in 1 second!

GA 1280-2015 English PDF (GA1280-2015)

GA 1280-2015 English PDF (GA1280-2015)

Regular price $145.00 USD
Regular price Sale price $145.00 USD
Sale Sold out
Shipping calculated at checkout.
Quotation: In 1-minute, 24-hr self-service. Click here GA 1280-2015 to get it for Purchase Approval, Bank TT...

GA 1280-2015: Security requirements for automatic teller machines

This standard specifies the general requirements of the hardware modules, network access, operating systems, application systems and data security requirements, test methods and inspection rules of the automatic teller machine. This standard applies to the design, production, inspection and acceptance of automatic teller machine security.
GA 1280-2015
GA
PUBLIC SECURITY INDUSTRY STANDARD
OF THE PEOPLE REPUBLIC OF CHINA
Security requirements for automatic teller machines
ISSUED ON. OCTOBER 28, 2015
IMPLEMENTED ON. JANUARY 01, 2016
Issued by. Ministry of Public Security of PRC
Table of contents
Foreword ... 3
1 Scope ... 4
2 Normative references ... 4
3 Terms, definitions and abbreviations ... 5
4 General requirements ... 7
5 Hardware module security requirements ... 8
6 Network access security requirements ... 10
7 Operating system security requirements ... 11
8 Application system security requirements ... 13
9 Data security requirements ... 14
10 Test methods ... 15
11 Inspection rules ... 24
Foreword
Chapter 1 to Chapter 3 of this Standard, 4.4, 4.5, 4.10, 5.1.3, 5.2.6, 5.4.3, 5.5.3, 7.1.7, and Chapter 10 are recommended, AND the remainder are mandatory. This standard was drafted in accordance with the rules given in GB/T
1.1-2009.
This standard was proposed by the Public Security Administration Bureau of the Ministry of Public Security.
This standard shall be under the jurisdiction of the National Security Alarm System Standardization Technical Committee (SAC/TC 100).
The drafting organizations of this standard. Public Security Administration Bureau of the Ministry of Public Security, the CBRC Security Bureau, GRG Banking Financial Electronics Co., Ltd., Beijing Telesound Electronics Co., Ltd., Eastern Communications Co., Ltd., Security and Police Electronic Product Quality Detection Center of the Ministry of Public Security, Industrial and Commercial Bank of China, Agricultural Bank of China, Bank of China, China Construction Bank.
The drafters of this standard are. Liu Wei, Yuan He, Yang Jianhua, Ren Ji, Xie Huachun, Bian Sanping, Wang Jianli, Liu Xu, Xing Weidong, Bao Shilong, Qiu Rixiang, Zhang Hongbin, Luo Panfeng, Xu Jun, Nie Rong, Ji Jinglin, Ye
Zaiben.
Security requirements for automatic teller machines
1 Scope
This standard specifies the general requirements, the hardware modules, network access, operating systems, application systems and data security requirements, test methods and inspection rules of the automatic teller machine.
This standard applies to the design, production, inspection and acceptance of automatic teller machine security.
2 Normative references
The following documents are essential to the application of this document. For the dated documents, only the versions with the dates indicated are applicable to this document; for the undated documents, only the latest version (including all the amendments) are applicable to this Standard.
GB10409 Burglary resistant safes
GB/T 18789.1-2013 Information technology - General specification for
automated teller machine - Part 1. Device
GB/T 19584 Magnetic stripe data content and specification for bank card GA 745 Regulations of security and protection for bank self-service
equipment and self-service bank
JR/T 0002-2009 Specification on automatic teller machine (ATM) terminal for bank card
JR/T 0025.3 China financial integrated circuit (IC) card specifications - Part 3. Debit/credit application independent ICC to terminal interface
requirements
JR/T 0025.11 China financial integrated circuit (IC) card specifications - Part 11. Contactless integrated circuit card communication specification
3 Terms, definitions and abbreviations
3.1 Terms and definitions
The following terms and definitions apply to this document.
3.1.1
Automatic teller machine
It refers to the self-service equipment, which integrates a variety of different financial business functions, through which customers can finish the bank counter services such as deposit, withdrawal, transfer, information inquiry and other agency business, including automatic teller machine AND cash
recycling system.
3.1.2
Automatic teller machine control software
It refers to the control system software running at the automatic teller machine terminal equipment at the bottom of the terminal trading channel, through which the ATM components can be controlled. It is mainly used to provide customers and ATM equipment administrator with a variety of
transaction and management interface, AND realizes certain functions
together with the ATM front-end processing system through message
exchange.
3.1.3
Automatic teller machine front-end processing system
It refers to, in case of dealing with online transactions, the processing system that is responsible for the communication between the ATM terminal and the ATM management center, which can receive, process and forward
the transaction request information from the ATM terminal and the
transaction result information from the management center.
3.1.4
Message
It refers to the data unit used for exchanging and transmission in the
network.
3.1.5
4.6 Different ATM cabinet doors shall not use the same key, AND the different cabinet doors of the same ATM shall not use the same key.
4.7 ATM cabinet inside shall reserve the installation openings for the face surveillance camera and the cash deposit and withdrawal surveillance camera. 4.8 The surveillance cameras installed in ATM shall comply with the relevant requirements of GA 745.
4.9 ATM cabinet enclosure shall be made of steel plate of thickness greater than or equal to 1 mm.
4.10 ATM should support the national commercial password series algorithm. 4.11 ATM shall have the function of outputting the status information such as working normal and fault.
4.12 ATM with a cabinet door shall be installed with alarm detection device, to detect and alarm the abnormal door opening and closing. When the safe lock is opened, the ATM shall not enter service mode.
4.13 The card mouth shall have the function of preventing from illegal
installation of reading device, detecting the illegal installation of reading device, AND issuing alarm.
5 Hardware module security requirements
5.1 Card reader module
5.1.1 The card reader module shall have the function of returning card in case of power failure.
5.1.2 Contact card reader module shall have the card retention function, during which it shall produce a fault signal.
5.1.3 Contact card reader module should have the jitter card feeding function. 5.1.4 Contact IC card reader module shall comply with the relevant provisions of JR/T 0025.3, the contactless IC card reader module shall comply with the relevant provisions of JR/T 0025.11, AND the magnetic stripe card reader module shall comply with the relevant provisions of GB/T 19584.
5.2 Cash dispense module
5.2.1 It shall have the function of rejecting unauthorized instructions. 5.5.1 The anti-destructive capacity of the safe shall comply with the
requirements of C.3 in Appendix C of GB/T 18789.1-2013. The safe door shall have safety locking device, AND the number of such safety locking devices and the safety locking directions shall be not less than 2. The other
requirements of the safe shall comply with the relevant provisions of GB 10409.
5.5.2 The safe shall have a device and fittings fixed to the ground, AND the fixation and connection devices shall be not less than 4, with the diameter of the fittings greater than or equal to 12 mm.
5.5.3 The safe should be added with dynamic electronic password lock.
5.5.4 The inside of the safe door shall be installed with temperature sensor, to conduct detection and alarming for the conditions when the temperature is greater than or equal to 70 ??C.
5.6 Encrypting PIN pad module
Encrypting PIN pad module shall simultaneously comply with the PCI-EPP
requirements AND the China UnionPay card acceptance terminal PIN input
device safety assessment requirements.
6 Network access security requirements
6.1 Access control
6.1.1 When ATMC registers for the first time, it shall provide identity validity verification information to ATMP.
6.1.2 ATM shall have a network access control mechanism, AND conduct
identity validity verification of the terminal devices accessing the ATM through network.
6.2 Intrusion prevention
ATM shall have intrusion prevention mechanism. In case of detecting the network attack, it shall record the attack address, time, type and other information, AND take the initiative to prevent transactions and other means of protection.
6.3 Transmission security
The communication data transmission security from ATMC to ATMP shall
comply with the following requirements.
7.3.2 Remote login control
It shall turn off the operating system remote login service.
7.3.3 Password policy
7.3.3.1 It shall set a unique initial password for each user, AND prompt the user to change it after first use. It shall authenticate the user identity before performing a password reset.
7.3.3.2 It shall have a policy mechanism for the maximum service life of the set password.
7.3.3.3 It shall have a policy mechanism for the controlling of password complexity requirements, includin...

View full details