Path:
Home >
GB/T >
Page207 > GB/T 42015-2022
Price & Delivery
US$379.00 · In stock · Download in 9 secondsGB/T 42015-2022: Information security technology - Data security requirements for internet payment services
Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See
step-by-step procedureStatus: Valid
| Std ID | Version | USD | Buy | Deliver [PDF] in | Title (Description) |
| GB/T 42015-2022 | English | 379 |
Add to Cart
|
4 days [Need to translate]
|
Information security technology - Data security requirements for internet payment services
|
Click to Preview a similar PDF
Basic data
| Standard ID | GB/T 42015-2022 (GB/T42015-2022) |
| Description (Translated English) | Information security technology - Data security requirements for internet payment services |
| Sector / Industry | National Standard (Recommended) |
| Classification of Chinese Standard | L80 |
| Classification of International Standard | 35.030 |
| Word Count Estimation | 18,158 |
| Date of Issue | 2022-10-12 |
| Date of Implementation | 2023-05-01 |
| Issuing agency(ies) | State Administration for Market Regulation, China National Standardization Administration |
GB/T 42015-2022: Information security technology - Data security requirements for internet payment services
---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Information security technology - Data security requirements for internet payment services
ICS 35.030
CCSL80
National Standards of People's Republic of China
Information Security Technology Network Payment Service Data
security requirements
payment services
Released on 2022-10-12
2023-05-01 implementation
State Administration for Market Regulation
Released by the National Standardization Management Committee
table of contents
Preface I
1 Scope 1
2 Normative references 1
3 Terms and Definitions 1
4 Abbreviations 2
5 Overview 2
5.1 Composition of online payment service business 2
5.2 Network payment service data scope 2
6 Basic Requirements 3
7 Data Collection 3
7.1 Collection of personal information 3
7.2 App system permission application 3
7.3 Informed Consent 3
8 Data storage and transmission 4
9 Data usage and processing 4
9.1 Data display 4
9.2 Data Access 4
9.3 Data Processing 5
10 Data provision and disclosure 5
10.1 Data provision 5
10.2 Data disclosure 6
11 Data Deletion6
12 Data Export 6
13 Rights of Personal Information Subject 6
14 Data Security Requirements for Typical Scenarios of Online Payment Services 7
14.1 Payment and identity authentication through biometric features 7
14.2 Reconciliation 7
14.3 Payment Risk Control 7
14.4 Payment Password Security 8
Appendix A (Informative) Data Processing Activities and Security Risks of Online Payment Services 9
Appendix B (Informative) Reference Rules for Identification of Important Data in Online Payment Services and Examples of Data Classification 11
Appendix C (Informative) Scope of Personal Information Collection and Use Requirements for Common Extended Business Functions of Online Payment Services 12
Appendix D (Informative) Scope of Application and Requirements for System Permissions Related to Online Payment Service App 13
Reference 14
foreword
This document is in accordance with the provisions of GB/T 1.1-2020 "Guidelines for Standardization Work Part 1.Structure and Drafting Rules for Standardization Documents"
drafting.
Please note that some contents of this document may refer to patents. The issuing agency of this document assumes no responsibility for identifying patents.
This document is proposed and managed by the National Information Security Standardization Technical Committee (SAC/TC260).
This document is drafted by. Ant Technology Group Co., Ltd., China Electronics Standardization Institute, Tsinghua University, China Network Security
Full Review Technology and Certification Center, National Computer Network Emergency Technology Coordination Center, China Power Great Wall Internet System Application Co., Ltd.,
Tianyi E-Commerce Co., Ltd., Beijing Kuaishou Technology Co., Ltd., Ma Ma Consumer Finance Co., Ltd., Beijing Sankuai Online Technology Co., Ltd.
Company, Beijing Xiaomi Mobile Software Co., Ltd., Suning.com Group Co., Ltd., China Academy of Information and Communications Technology, Beijing ByteDance
Technology Co., Ltd., Beijing Xiaoju Technology Co., Ltd., Shenzhen Tencent Computer System Co., Ltd., China Mobile Communications Group Co., Ltd., Beijing
East Technology Holdings Co., Ltd., Zhejiang University.
The main drafters of this document. Peng Jin, Shangguan Xiaoli, Xu Yujia, Wang Xin, Bai Xiaoyuan, Hu Ying, Zhou Chenwei, Luo Hongwei, Jin Tao, Wei Liru,
Li Dongnan, Li Haiying, Li Jie, Song Zheng, Shu Min, Wang Wenlei, Min Jinghua, Zhang Na, Liu Yuan, Jiao Wei, Meng Xiaonan, Zhao Xinqiang, Huang Xinbei, Gan Junjie,
Cai Yiming, Yu Haoyang, Li Yijing, Wang Yuxiao, Song Wendi, Leng Shan, Huang Zhuxin, Zhang Bingsheng, Cao Jing, Zheng Xinya, Song Jian, Jiang Wei, Qiu Qin, Hu Tie,
Wu Yang, Jiang Zengzeng, Jiang Fangjie, Li Gen.
Information Security Technology Network Payment Service Data
security requirements
1 Scope
This document specifies the data processing activities of online payment services such as collection, storage, transmission, use, processing, provision, disclosure, deletion, and export.
security requirements.
This document is applicable to the standardization of data processing activities of network payment service providers, and can also be used by regulatory authorities and third-party evaluation agencies to regulate network payment service providers.
Provide reference for supervision, management and evaluation of payment service data processing activities.
2 Normative references
The contents of the following documents constitute the essential provisions of this document through normative references in the text. Among them, dated references
For documents, only the version corresponding to the date is applicable to this document; for undated reference documents, the latest version (including all amendments) is applicable to
this document.
GB/T 25069 Information Security Technical Terms
GB/T 35273-2020 Personal Information Security Specifications for Information Security Technology
GB/T 37988 Information Security Technology Data Security Capability Maturity Model
GB/T 39335 Information Security Technology Personal Information Security Impact Assessment Guidelines
GB/T 40660 Basic requirements for information security technology biometric identification information protection
GB/T 41391-2022 Information Security Technology Mobile Internet Application (App) Collection of Personal Information Basic Specifications
GB/T 41479 Information Security Technology Network Data Processing Security Specifications
GB/T 41819 Information Security Technology Face Recognition Data Security Requirements
3 Terms and Definitions
The following terms and definitions defined in GB/T 25069 and GB/T 35273-2020 apply to this document.
3.1
The payee or the payer completes the direct or indirect payment through electronic devices such as computers and mobile terminals, and relying on the Internet to remotely transmit payment instructions.
The business activity of money transfer.
Note 1.Does not include payment services done using near-field communication and private networks.
Note 2.The online payment services mentioned in this document are limited to the online payment services of non-bank payment institutions.
3.2
Provide online payment service (3.1) for the payee and payer through the Internet network, and interact with the online payment service accounting platform (3.3)
Information system to complete funds transfer.
3.3
An information system that provides services such as account management, fund transfer, and accounting for online payment services (3.1).
...
