1、 ASC X9, Inc. 2004 All rights reserved American National Standard for Financial Services ANS X9.1032004 Motor Vehicle Retail Sale and Lease Electronic Contracting Accredited Standards Committee X9, Incorporated Financial Industry Standards Date Approved: July 19, 2004 American National Standards Ins
2、titute ANS X9.103-2004 ii ASC X9, Inc. 2004 All rights reservedContents Page Forewordv Introduction vi 1 Scope 1 2 Normative references 1 3 Terms and definitions .2 4 Symbols and abbreviated terms 4 5 Electronic Signatures5 5.1 Use of Electronic Signatures in this Standard .5 5.2 Application of Elec
3、tronic Signatures to a Record5 5.3 Association of Electronic Signature to a Record.5 5.4 Protection of Electronic Signatures.5 6 Control of Electronic Chattel Paper.6 6.1 Purpose of Control of Electronic Chattel Paper.6 6.2 General Requirements for Control of Electronic Chattel Paper .6 6.3 Role of
4、the Dealer 7 6.4 Purchases of Chattel Paper and Security Interests in Chattel Paper.7 6.5 Use of Agents or Third-Party Service Providers 7 6.6 Systems or Procedures for Establishing Control of Electronic Chattel Paper .7 7 Creation of Electronic Chattel Paper .8 7.1 Application of Control to the Cre
5、ation of Electronic Chattel Paper .8 7.1.1 A Single Authoritative Copy of Record or Records .8 7.1.2 Identification of the Secured Party as Assignee 8 7.1.3 Maintenance and Communication of Electronic Chattel Paper 8 7.1.4 Limiting Copies or Revisions that Add or Change an Identified Assignee .8 7.1
6、.5 Non-Authoritative Copies .9 7.1.6 Authorized and Unauthorized Revisions 9 7.2 Conversion between Tangible Chattel Paper and Electronic Chattel Paper .9 7.2.1 Conversion of Tangible Chattel Paper to Electronic Chattel Paper .9 7.2.2 Conversion of Electronic Chattel Paper to Tangible Chattel Paper
7、.9 8 Storage of Electronic Chattel Paper . 10 8.1 Application of Control to the Storage of Electronic Chattel Paper . 10 8.1.1 A Single Authoritative Copy of Record or Records 10 8.1.2 Identification of the Secured Party as Assignee . 10 8.1.3 Maintenance of Electronic Chattel Paper.10 8.1.4 Limitin
8、g Copies or Revisions that Add or Change an Identified Assignee 10 8.1.5 Non-Authoritative Copies 11 8.1.6 Authorized and Unauthorized Revisions . 11 8.2 Modifications, Addenda, and Corrections . 11 8.2.1 Modifications and Addenda. 11 8.2.2 Corrections 12 8.2.3 Modifications, Addenda, and Correction
9、s Not Part of the Authoritative Copy 12 8.2.4 Modifications, Addenda, and Corrections as Part of Authoritative Copy. 12 8.3 Disaster Recovery and Business Continuity Programs . 12 ANS X9.103-2004 ASC X9, Inc. 2004 All rights reserved iii9 Assignment of Electronic Chattel Paper.13 9.1 Application of
10、Control to the Assignment of Electronic Chattel Paper.13 9.1.1 A Single Authoritative Copy of Record or Records.13 9.1.2 Identification of the Secured Party as Assignee13 9.1.3 Communication of Electronic Chattel Paper 13 9.1.4 Limiting Copies or Revisions that Add or Change an Identified Assignee.1
11、4 9.1.5 Non-Authoritative Copies .15 9.1.6 Authorized and Unauthorized Revisions 15 Annex A (Informative) Examples of Electronic Signatures 16 A.1 General .16 A.2 Association of Electronic Signature to the Record .16 A.3 Electronic Signature Techniques 17 A.3.1 Digital Signatures17 A.3.2 Personal Id
12、entification Number .17 A.3.3 Electronically Captured Handwritten Signature.18 A.3.4 Biometric Signature 18 A.3.5 Process Signatures.18 Annex B (Informative) General Security Principles and Guidelines for the Authoritative Copy20 B.1 General .20 B.2 Business Messaging Security20 B.2.1 Risk Assessmen
13、t.20 B.2.2 Security Requirements .21 B.2.3 Message-Level Security versus Infrastructure Security .22 B.2.4 Infrastructure-Level Security .22 B.2.5 Message-Level Security23 B.3 Message-Level Security Overview.24 B.3.1 Identification and Verification Mechanics.24 B.3.2 Using Digital Certificates for I
14、dentification and Verification 25 B.3.3 Using Username/Passwords for Identification and Verification (Authentication)25 B.3.4 Using Digital Certificates for Data Encryption .25 B.3.5 Message-Level Source, Target and System Verification.26 B.4 Message-Level Verification Options26 B.4.1 Identification
15、 and Verification Options .26 B.4.2 Digital Signature26 B.4.3 Username and Password Hash26 B.4.4 Username and Password Clear-text over HTTPS 26 B.4.5 Username and Password Encrypted out-of-band Digital Certificates .26 B.4.6 Binary Token Shared Secret 27 B.5 Infrastructure-Level Security .27 B.5.1 P
16、ublic Networks.27 B.6 General Communication Security Principles .27 B.6.1 Communications Infrastructure.27 B.6.2 Data Security28 Annex C (Informative) Overview of SPeRS 29 C.1 General .29 C.2 Section 1 Authentication .29 C.3 Section 2 Consent to Transact Business Electronically.29 C.4 Section 3 Agre
17、ements, Notices and Disclosures30 C.5 Section 4 Electronic Signatures .30 C.6 Section 5 Record Retention 30 Annex D (Informative) Examples of Backup, Restoration and Disaster Recovery Procedures for Storage and Transfer of an Authoritative Copy .32 D.1 General .32 D.2 Backup Procedures.32 ANS X9.103
18、-2004 iv ASC X9, Inc. 2004 All rights reservedD.2.1 Frequency and Storage 32 D.3 Restoration Logging. 32 D.4 Testing of Backup and Restoration Procedures . 33 D.5 Compromise and Disaster Recovery33 D.5.1 Compromise and Disaster Recovery Plan . 33 D.5.2 Contingency Facility. 33 D.6 Audit Procedures 3
19、3 ANS X9.103-2004 ASC X9, Inc. 2004 All rights reserved vForeword Approval of an American National Standard requires verification by ANSI that the requirements for due process, consensus, and other criteria for approval have been met by the standards developer. Consensus is established when, in the
20、judgment of the ANSI Board of Standards Review, substantial agreement has been reached by directly and materially affected interests. Substantial agreement means much more than a simple majority, but not necessarily unanimity. Consensus requires that all views and objections be considered, and that
21、a concerted effort be made toward their resolution. The use of American National Standards is completely voluntary; their existence does not in any respect preclude anyone, whether he has approved the standards or not from manufacturing, marketing, purchasing, or using products, processes, or proced
22、ures not conforming to the standards. The American National Standards Institute does not develop standards and will in no circumstances give an interpretation of any American National Standard. Moreover, no person shall have the right or authority to issue an interpretation of an American National S
23、tandard in the name of the American National Standards Institute. Requests for interpretation should be addressed to the secretariat or sponsor whose name appears on the title page of this standard. CAUTION NOTICE: This American National Standard may be revised or withdrawn at any time. The procedur
24、es of the American National Standards Institute require that action be taken to reaffirm, revise, or withdraw this standard no later than five years from the date of approval. Published by Accredited Standards Committee X9, Incorporated Financial Industry Standards P.O. Box 4035 Annapolis, MD 21403
25、USA X9 Online http:/www.x9.org Copyright 2004 ASC X9, Inc. All rights reserved. No part of this publication may be reproduced in any form, in an electronic retrieval system or otherwise, without prior written permission of the publisher. Published in the United States of America. ANS X9.103-2004 vi
26、ASC X9, Inc. 2004 All rights reservedIntroduction Recently, dramatic advances in computer engineering and software development have transcended most industries, including the automotive dealership financing industry. The substantial increase in electronic commerce in the late 1990s was accompanied b
27、y increased use of electronic tools in the automotive dealership financing industry. This technology is being used to improve efficiencies, boost productivity, and improve customer satisfaction. The enactment of the Electronic Signatures in Global and National Commerce Act (ESIGN) in 2000 and the ad
28、option of the Uniform Electronic Transactions Act (UETA) by most states have allowed the automotive dealership financing industry to re-evaluate its paper-based processes. ESIGN and UETA permit the use of electronic records and signatures by prohibiting the denial of legal effect, validity, or enfor
29、cement of a signature or record solely because it is in electronic form. In addition, revisions to Article 9 of the Uniform Commercial Code (UCC), which governs secured transactions, have increased the legal certainty related to the use of electronic Records and Electronic Chattel Paper, including s
30、ales of Electronic Chattel Paper in the secondary markets. This standard provides guidance and direction to the automotive dealership financing industry with respect to the creation, storage, and assignment of Electronic Chattel Paper for retail installment sales and leasing transactions where assig
31、nment of the Electronic Chattel Paper will be perfected by establishing “control“ of the Electronic Chattel Paper pursuant to Article 9 of the UCC. This standard is not intended to establish requirements for the use of Electronic Chattel Paper that exceed those required by law or are inconsistent wi
32、th those required by law. Retail Installment Sales/Lease Contracts - Whether a transaction is a retail installment sale or a lease, at least two separate signatures are required in order for the transaction to be effective. The first signature is that of the Customer who signs as the debtor and gran
33、tor of a security interest in the vehicle in the case of a retail installment sale and as the lessee in the case of a lease. The second signature is that of the Dealer as the seller/creditor in the case of a retail installment sale and the lessor in the case of a lease. Additional signatures may als
34、o be necessary from the Customer and the Dealer or may be required from other parties such as a co-buyer or a guarantor. ESIGN, UETA, and Article 9 of the UCC may all, depending on the nature and the type of transaction, be applicable to establishing a valid and binding Contract in these two context
35、s. Electronic Chattel Paper - The completed retail installment sale or lease contract is Chattel Paper owned by the Dealer. If the Chattel Paper is evidenced by a Record or Records consisting of information stored in an electronic medium, the Chattel Paper is Electronic Chattel Paper. The Dealer may
36、 choose to retain ownership of the Electronic Chattel Paper. However, the Dealer or a subsequent owner of the Electronic Chattel Paper may choose to assign the Electronic Chattel Paper and the assignee may perfect its interest in the Electronic Chattel Paper by establishing “control“ of the Electron
37、ic Chattel Paper pursuant to Article 9 of the UCC. Suggestions for the improvement or revision of this Standard are welcome. They should be sent to the X9 Committee Secretariat, Accredited Standards Committee X9, Inc., Financial Industry Standards, P.O. Box 4035, Annapolis, MD 21403 USA. This Standa
38、rd was processed and approved for submittal to ANSI by the Accredited Standards Committee on Financial Services, X9. Committee approval of the Standard does not necessarily imply that all the committee members voted for its approval. The X9 committee had the following members: Gene Kathol, X9 Chairm
39、an Vincent DeSantis, X9 Vice-Chairman Cynthia Fuller, Executive Director Isabel Bailey, Managing Director ANS X9.103-2004 ASC X9, Inc. 2004 All rights reserved viiOrganization Represented Representative ACI Worldwide Jim Shaffer American Express Company Mike Jones American Financial Services Associa
40、tion Mark Zalewski Bank of America Daniel Welch Bank One Corporation Jacqueline Pagan BB and T Woody Tyner Capital One Scott Sykes Citigroup, Inc. Daniel Schutzer Deluxe Corporation John Fitzpatrick Diebold, Inc. Bruce Chapa Discover Financial Services Jon Mills eFunds Corporation Cory Surges Federa
41、l Reserve Bank Dexter Holt First Data Corporation Gene Kathol Fiserv Bud Beattie Hewlett Packard Larry Hines Hypercom Scott Spiker IBM Corporation Todd Arnold Ingenico John Sheets JPMChase Bank Robert J Blair KPMG LLP Jeff Stapleton KPMG LLP Alfred Van Ranst Jr. MagTek, Inc. Carlos Morales MasterCar
42、d International William Poletti Mellon Bank, N.A. David Taddeo National Association of Convenience Stores John Hervey National Security Agency Sheila Brand NCR Corporation David Norris NEC Solutions (America) Michael Versace Savvis Kevin M. Nixon Star Systems, Inc. Michael Wade The Clearing House Vi
43、ncent DeSantis Unisys Corporation David J. Concannon University Bank Stephen Ranzini VeriFone, Inc. Brad McGuinness VECTORsgi Ron Schultz VISA Patricia Greenhalgh Wachovia Bank Ray Gatland Wells Fargo Bank Ruven Schwartz ANS X9.103-2004 viii ASC X9, Inc. 2004 All rights reservedThe X9C subcommittee
44、on Consumer Credit had the following members: John Freeman, Chairman Mark Zalewski, Vice Chairman Organization Represented Representative American Financial Services Association Mark Zalewski Bank of America Jeffrey Bierman Chase Automotive Finance Joan Aristei DaimlerChrysler Services Matt Millikan
45、 DealerTrack, Inc. Vince Passione Deluxe Corporation John Fitzpatrick Diebold, Inc. Bruce Chapa Fiserv Bud Beattie Ford Financial Cindy Duffy GMAC Mary R. Crisp Hudson Cook, LLP Michael A. Benoit Hypercom Scott SpikerIBM Corporation Todd Arnold Ingenico John Sheets RouteOne Dan Doman Savvis Kevin M.
46、 Nixon Toyota Financial Services Elise Ross VeriFone, Inc. Tim Hirner Wachovia Bank Ray Gatland Under ASC X9, Inc. procedures, a working group may be established to address specific segments of work under the ASC X9 Committee or one of its subcommittees. A working group exists only to develop standa
47、rd(s) or guideline(s) in a specific area and is then disbanded. The individual experts are listed with their affiliated organizations. However, this does not imply that the organization has approved the content of the standard or guideline. (Note: Per X9 policy, company names of non-member participa
48、nts are listed only if, at the time of publication, the X9 Secretariat received an original signed release permitting such company names to appear in print.) The X9C1 Electronic Contracting Working Group, which developed this standard, had the following members: John Freeman and Mark Zalewski Co-Cha
49、irmen and Recorders Robert Mossel, Project Editor Organization Represented Representative American Financial Services Association John Freeman American Financial Services Association Robert McKew, Esq. American Financial Services Association Mark Zalewski Bank of America Todd Inskeep Cable or a person to whom Chattel Paper has been sold; or a trustee, indenture trustee, agent, collateral agent, or other representative in whose favor a security interest is created or provided for.73UCC 9-102 (18). 4UCC 9-102 (31). 5ESIGN 106 (5); UETA