A TPP provider is a service that gives merchants the ability to accept online payments without requiring a merchant account. When it comes to their security, the fact that there is an intermediary increases the risk of fraud in the processing of the payment.
ISO 23195, Security objectives of information systems of third-party payment services, provides an internationally agreed list of terms and definitions, two logical structural models and a list of security objectives. To ensure maximum relevancy, the logical structural models, assets, threats and security objectives in this document are based on real-world practices.
Read entire post at New ISO Standard for Third-party payment security | Clare Naden | ISO.org