The purpose of this document is to provide guidance to the European payment industry in the field of cryptographic algorithms and related key management issues.

Its target audience includes security officers, risk managers, system engineers and systems designers. Although its content does not assume expertise in cryptology, it contains some sections which require a basic mathematical background.

The document specifies a number of recommendations and best practices on cryptographic algorithms, security protocols, confidentiality and integrity protection and key management in the first section, for which further detailed background information may be found in the subsequent sections of the document.

The document was updated to reflect newsworthy developments in cryptography, including the impacts of the latest progress in cryptanalysis (e.g. on public key cryptography, message authentication codes and hash functions). This includes a review of the recommendations with inclusion of appropriate cross-references to the main body of the document. 

Various updates have been made regarding the usage of some algorithms based on recent developments in cryptography since the publication of the last version in 2019. Also the section on quantum computing considerations and distributed ledger technology has been reviewed and updated as needed, including new background information.

Finally, the list of references was updated since the last publication of the document in January 2019.

In producing these guidelines, the aims to provide a reference basis to support payment service providers. However, it needs to be recognised that research and developments in cryptology are constantly evolving. Therefore, the plans to annually review and update the document to reflect the state of the art in light of major new developments and to keep it aligned with the documents referenced.

Document download