This document aims to offer guidance to the European payment industry in the field of cryptographic algorithms and related key management issues.

Its target audience includes security officers, risk managers, system engineers and systems designers. While the content of this document does not presuppose expertise in cryptology, certain sections require a basic mathematical background.

The document specifies a number of recommendations and best practices on cryptographic algorithms, security protocols, confidentiality and integrity protection and key management in the first section, for which further detailed background information may be found in the subsequent sections of the document.

This new version includes updates related to authenticated encryption, homomorphic encryption and an overall review of referred standards and algorithms.

In producing these guidelines, the European Payments Council (EPC) aims to provide a reference basis to support payment service providers (PSPs). However, it needs to be recognised that research and developments in cryptology are constantly evolving. Therefore, the EPC plans to annually review and update the document to reflect the state of the art in light of major new developments and to keep it aligned with the documents referenced.

Document download