Most of the information from this section was summarised from an article by an Australia Financial Payments System developer and researcher in his blog Cryptography and Payments.
AS 2805 Electronic funds transfer - Requirements for interfaces is the Australian standard for electronic funds transfers in Australia. It is near-exclusively used in Australia for the operation of card-based financial transactions among banks, ATMs and EFTPOS devices.
It is closely related to ISO 8583, but pre-dates it by two years (1985 vs 1987).
ISO8583 was first published in 1987, while AS2805 was published two years earlier in 1985, after a lengthy period of draft and review in Australia, New Zealand and South Africa. ISO8583 consists of three (3) parts:
- Part 1: Messages, Data Elements and Code Values
- Part 2: Application and Registration Procedures for Institution Identification Codes (IIC)
- Part 3: Maintenance Procedures for Messages, Data Elements and Code Values
All three (3) parts of ISO8583 are concentrated on only message formats between devices (EFTPOS and ATM) and an acquiring host. AS2805 on the other hand consist of at least thirty three (33) separate published parts and covers general EFT topics such as:
- Card Management & Authorisation
- Card Detail Updating
- PIN Management
- Key Management and Security
- Message Authentication
- Privacy and Data Encryption
- Communications
- Message Structure between Devices and Acquiring Host
- Message Structure between Hosts
- File Transfers
The thirty three (33) AS2805 standards published so far are the following:
| 2805.1 | Part 1: | Communications | |
| 2805.2 | Part 2: | Message Structure, format and content | |
| 2805.3.1 | Part 3.1: | PIN Management and Security – General | |
| 2805.3.2 | Part 3.2: | PIN Management and Security – Offline | |
| 2805.4.1 | Part 4.1: | Message Authentication – Mechanisms Using a Block Cipher | |
| 2805.4.2 | Part 4.2: | Message Authentication – Mechanisms Using a Hash Function | |
| 2805.5.1 | Part 5.1: | Ciphers – Data Encipherment Algorithm 1 (DEA 1) | |
| 2805.5.2 | Part 5.2: | Ciphers – Modes of Operation for an n-bit block cipher algorithm | |
| 2805.5.3 | Part 5.3: | Ciphers – Data Encipherment Algorithm 2 (DEA 2) | |
| 2805.5.4 | Part 5.4: | Ciphers – Data Encipherment Algorithm 3 (DEA 3) & related techniques | |
| 2805.6.1.1 | Part 6.1.1: | Key Management – Principles | |
| 2805.6.1.2 | Part 6.1.2: | Key Management – Symmetric Ciphers, their Key Management & Life Cycle | |
| 2805.6.1.4 | Part 6.1.4: | Key Management – Asymmetric Cryptosystems – Key Management & Life Cycle | |
| 2805.6.2 | Part 6.2: | Key Management – Transaction keys | |
| 2805.6.3 | Part 6.3: | Key Management – Session Keys – Node to Node | |
| 2805.6.4 | Part 6.4: | Key Management – Session Keys – Terminal to Acquirer | |
| 2805.6.5.1 | Part 6.5.1: | Key Management – TCU Initialisation – Principles | |
| 2805.6.5.2 | Part 6.5.2: | Key Management – TCU Initialisation – Symmetric | |
| 2805.6.5.3 | Part 6.5.3: | Key Management – TCU Initialisation – Asymmetric | |
| 2805.6.6 | Part 6.6: | Key Management – Session Keys – Node to Node with KEK Replacement | |
| 2805.9 | Part 9: | Privacy of Communications | |
| 2805.10.1 | Part 10.1: | File Transfer Integrity Validation | |
| 2805.10.2 | Part 10.2: | Secure File Transfer (Retail) | |
| 2805.11 | Part 11: | Card Parameter Table | |
| 2805.12.1 | Part 12.1: | Message Content – Structure and Format | |
| 2805.12.2 | Part 12.2: | Message Content – Codes | |
| 2805.12.3 | Part 12.3: | Message Content – Maintenance of Codes | |
| 2805.13.1 | Part 13.1: | Secure Hash Functions – General | |
| 2805.13.2 | Part 13.2: | Secure Hash Functions – MD5 | |
| 2805.13.3 | Part 13.3: | Secure Hash Functions – SHA-1 | |
| 2805.14.1 | Part 14.1: | Secure Cryptographic Devices (Retail) – Concepts, Requirements and Evaluation Methods | |
| 2805.14.2 | Part 14.2: | Secure Cryptographic Devices (Retail) – Security Compliance Checklist for Devices used in Financial Transactions | |
| 2805.16 | Part 16: | Merchant Category Codes |