BS ISO 23195:2021 pdf download -Security objectives of information systems of third-party payment services.
3.1.5 third-party payment service provider TPPSP payment service provider offering TPP (3.1.3) services where they are not the ASPSP (3.1.6) itself Note 1 to entry: Comparison with the term “third-party payment service provider” defined in ISO/TR 21941:2017, 3.1.11: a) the abbreviated form of “third-party payment service provider” has been clarified as “TPPSP” instead of “TPP” because “TPP” is a business mode which has been defined in this document; b) the abbreviated form ASPSP is utilized instead of “account servicing payment service provider”; c) the term “payment initiation service” has been changed to “TPP” since the “TPP” contains “the payment initiation services”; d) “account information service on accounts” has been removed because it is not linked to TPP closely. [SOURCE: ISO/TR 21941:2017, 3.1.11, modified — Note 1 to entry has been added.] 3.1.6 account servicing payment service provider ASPSP payment service provider providing and maintaining a payment account (3.1.2) for a payment service user (3.1.7) Note 1 to entry: In ISO/TR 21941:2017, an ASPSP is defined as “providing and maintaining a payment account for a payer” only. In the context of this document, an ASPSP can be a bank or other institution which opens and maintains a payment account for the payment service user. [SOURCE: ISO/TR 21941:2017, 3.1.3, modified — Note 1 to entry has been added.] 3.1.7 payment service user PSU natural or legal person making use of a payment service in the capacity of payer (3.1.9), payee (3.1.8) or both Note 1 to entry: Generally, a payment service user is an end user of a TPP information system. Note 2 to entry: Generally, the payee is a merchant or a person who receives the money without offering goods or services directly. In this document they are called merchant and payee, respectively, if necessary. Note 3 to entry: In situations where the payment service user is a natural person, this payment service user is deemed a PII principal (3.1.10).