Customer Service:
Mon - Fri: 8:30 am - 6 pm EST

X9: Accredited Standards Committee X9, Inc.

ASC X9, the Accredited Standards Committee X9, is a nonprofit organization that develops and publishes standards for the financial services industry. Headquartered in Annapolis, United States, ASC X9 standards define the workings of the financial industry in the United States. With approximately 130 member companies, including key industry leaders, and the global financial influence wielded by the United States, ASC X9 standards strongly affect financial systems throughout the world. ASC X9 also serves as the administrator for the U.S. TAGs (United States Technical Advisory Group) to ISO/TC 68 (International Organization for Standardization/Technical Committee) and to three of its subcommittees. Standards from X9 are available both individually, directly through the ANSI webstore, and as part of a Standards Subscription. If you or your organization are interested in easy, managed, online access to standards that can be shared, a Standards Subscription may be what you need - please contact us at: or 1-212-642-4980 or Request Proposal Price.

Below are X9's best-selling standards. To find additional standards, please use the search bar above.

 Back to All Publishers Home

ANSI X9.24-1-2017

Retail Financial Services Symmetric Key Management Part 1: Using Symmetric Techniques

Covers the manual and automated management of keying material used for financial services such as point-of-sale (POS) transactions (debit and credit), automated teller machine (ATM) transactions, messages among terminals and financial institutions, and interchange messages among acquirers, switches and card issuers. It deals exclusively with management of symmetric keys using symmetric techniques, and specifies the minimum requirements for the management of keying material. Since last publication, this standard has undergone significant modifications in structure and content, including considerations related to the use of the AES algorithm. Implementation details for DUKPT have been moved to part three of X9.24. Addressed herein are activities and requirements related to each stage or event within the key life cycle including generation, distribution, utilization, storage, archiving, replacement and destruction of the keying material. An institution's key management process is not to be implemented or controlled in a manner that has less security, protection, or control than described herein. It is intended that two nodes, if they implement compatible versions of: the same secure key management method, the same secure key identification technique approved for a particular method, and the same key separation methodologies in accordance with this part of this standard, will be interoperable at the application level. Other characteristics may be necessary for node interoperability; however, this part of this standard does not cover such characteristics as message format, communications protocol, transmission speed, or device interface.

ANSI X9.58-2013

Financial Transaction Messages - Electronic Benefits Transfer (EBT) - Supplemental Nutrition Assistance Program (SNAP) and cash benefit programs

This standard provides all parties involved in Electronic Benefits Transfer (EBT) processing for the Supplemental Nutrition Assistance Program (SNAP) and Cash benefit programs with technical specifications for exchanging financial transaction messages between an Acquirer and an EBT card issuer processor.It specifies message structure, format and content, data elements and values for data elements used in the SNAP and Cash benefit programs

X9.100 Core Check Printer Package

X9.100 Core Check Printer Package

The Core Check Printer package contains the standards necessary for printing compliant checks and deposit tickets. These standards cover the design and manufacturing of checks including paper, magnetic ink codeline placement and testing, background for both front and back (with endorsement areas). Design elements include what you need to know to support successful capture and processing of check information through both MICR and OCR processes. It includes information on sample specification forms that banks typically supply to vendors that fulfill print orders. The following standards are included in this package: X9.100-10-2016 Paper for MICR Documents; X9.100-20-2015 Print and Test Specifications for Magnetic Ink Printing; X9.100-30-2011 (R2017) Optical Measurement Specifications for MICR Documents; X9.100-160-1-2015 Magnetic Ink Printing (MICR) Part 1: Placement and Location; X9.100-160-2-2014 Magnetic Ink (MICR) - Part 2: EPC Field Use; X9.100-110-2015 Document Imaging Compatibility; X9.100-111-2015 Check Endorsements

ANSI X9.102-2008 (R2017)

Symmetric Key Cryptography for the Financial Services Industry - Wrapping of Keys and Associated Data

This standard specifies four key wrap mechanisms based on ASC X9 approved symmetric key block ciphers whose block size is either 64 bits or 128 bits. The key wrap mechanisms can provide assurance of the confidentiality and the integrity of data, especially cryptographic keys or other specialized data.

ANSI X9.63-2011 (R2017)

Public Key Cryptography for the Financial Services Industry - Key Agreement and Key Transport Using Elliptic Curve Cryptography

Defines key establishment schemes that employ asymmetric cryptographic techniques. The arithmetic operations involved in the operation of the schemes take place in the algebraic structure of an elliptic curve over a finite field. Both key agreement and key transport schemes are specified. The schemes may be used by two parties to compute shared keying data that may then be used by symmetric schemes to provide cryptographic services, e.g., data confidentiality and data integrity. Supporting mathematical definitions and examples are also provided.  

ANSI X9.62:2005

Public Key Cryptography for the Financial Services Industry, The Elliptic Curve Digital Signature Algorithm (ECDSA)

This Standard defines methods for digital signature (signature) generation and verification for the protection of messages and data using the Elliptic Curve Digital Signature Algorithm (ECDSA). ECDSA is the elliptic curve analogue of the Digital Signature Algorithm (ANS X9.30). The ECDSA shall be used in conjunction with an Approved hash function, as specified in X9 Registry Item 00003, Secure Hash Standard (SHS). The hash functions Approved at the time of publication of this document are SHA-1 (see NOTE), SHA-224, SHA-256, SHA-384 and SHA-512. This ECDSA Standard provides methods and criteria for the generation of public and private keys that are required by the ECDSA and the procedural controls required for the secure use of the algorithm with these keys. This ECDSA Standard also provides methods and criteria for the generation of elliptic curve domain parameters that are required by the ECDSA and the procedural controls required for the secure use of the algorithm with these domain parameters.

ANSI X9.119-1-2016

Retail Financial Services - Requirements for Protection of Sensitive Payment Card Data - Part 1: Using Encryption Method

Theft of sensitive card data during a retail payment transaction is increasingly becoming a major source of financial fraud. Besides an optional encrypted PIN, this data includes magnetic stripe track 2 data: PAN, expiration date, card verification value, and issuer private data. While thefts of this data at all segments of the transaction processing system have been reported, the most vulnerable segments are between the point of transaction device capturing the magnetic stripe data and the processing systems at the acquirer. This document would standardize the security requirements and implementation for a method for protecting this sensitive card data over these segments. Several implementations exist to address this situation. This document would provide guidance for evaluating these implementations. Clarification based on card brand guidance for the encryption of the middle digits has been added to this document. This supports the automated fuel dispenser industry.

ANSI X9.24-1 / ANSI X9.24-2 / X9 TR-31 - Symmetric Key Management and Security Package

ANSI X9.24-1, ANSI X9.24-2 and X9 TR-31

ANSI X9.24-1 / ANSI X9.24-2 / X9 TR-31 - Symmetric Key Management and Security Package provides guidance on the management of symmetric keys using symmetric techniques as well as asymmetric techniques for the distribution of symmetric keys. It also establishes methods for the secure exchange of keys and sensitive data using symmetric key exchange key. ANSI X9.24-1 / ANSI X9.24-2 / X9 TR-31 - Symmetric Key Management and Security Package includes:
ANSI X9.24-1-2017
ANSI X9.24-2-2016
X9 TR-31 2010

ANSI X9.100-181-2014

TIFF Image Format for Image Exchange

Defines specific TIFF fields and parameters for check image exchange and the allowable values for those parameters. This standard will only address the use of G4 bilevel image (black/white) compressions within the TIFF 6.0 structure. A least common denominator approach was used to identify the fields that everyone should read and the required or allowable values for these fields that everyone will be expected to support. To accomplish interoperability, some of the fields and values are more restrictive compared to what is being generated in todays environment. In addition, this standard clarified areas that have been interpreted in different ways.

ANSI X9.95-2016

Trusted Time Stamp Management and Security

This standard specifies the minimum security requirements for the effective use of time stamps in a financial services environment. Within the scope of this Standard the following topics are addressed: Requirements for the secure management of the time stamp token across its life cycle, comprised of the generation, transmission and storage, validation, and renewal processes. The requirements in this Standard identify the means to securely and verifiably distribute time from a national time source down to the application level. Requirements for the secure management of a Time Stamp Authority (TSA) Requirements of a TSA to ensure that an independent third party can audit and validate the controls over the use of a time stamp process Techniques for the coding, encapsulation, transmission, storage, integrity and privacy protection of time stamp data Usage of time stamp technology Items considered out of scope and not addressed in this Standard include the following: Requirements for a National Timing Authority imposed by the International Timing Authority Application specific requirements and limitations for employing time stamp technology The individualÆs privacy and ownership of time stamp data Although this standard focuses on the financial services industry, it may be applied to other applications where the management and security of time stamps are necessary.


As the voice of the U.S. standards and conformity assessment system, the American National Standards Institute (ANSI) empowers its members and constituents to strengthen the U.S. marketplace position in the global economy while helping to assure the safety and health of consumers and the protection of the environment.