Proposed name : SCPA ("SEPA Card Payments Authorisation" set of messages) The EPAS Consortium acting on behalf of the following organisations :

Transcription

1 EPAS CONSORTIUM SUBMISSION OF A NEW CATEGORY OF MESSAGES FOR CARD PAYMENTS (SCPA SEPA CARD PAYMENTS AUTHORISATION) BUSINESS JUSTIFICATION FOR THE UPDATE OF THE UNIFI (ISO 20022) FINANCIAL REPOSITORY Name of the request: Proposed name : SCPA ("SEPA Card Payments Authorisation" set of messages) Submitting organization: The EPAS Consortium acting on behalf of the following organisations : Thales e-transaction (FR). Industry MoneyLine (FR). Industry Atos Worldline (DE). Industry GIE Groupement des Cartes Bancaires "CB" (FR). Banking Security Research and Consulting (SRC) GmbH (DE). Banking Sermepa (ES). Banking Total (FR). Industry Integri (BE). Services Galitt (FR). Services RSC Commercial Services (DE). Services SIBS (PT). Banking Ingenico (FR). Industry Lyra Network (FR). Services Wincor-Nixdorf (ES). Industry Banksys (BE). Banking Interpay Nederland (NL). Banking Cetrel (LU). Banking University of Applied Sciences, Cologne (DE). University PAN Nordic Card Association (PNC) (SE). Banking BP (GB). Industry Europay Austria Zahlungsverkehrssysteme GmbH (AT). Banking Thales e-transactions España (ES). Industry Page 1

2 Scope of the registration request: The proposed request concerns the registration of a set of messages within the card "acceptor acquirer" domain for Point of Interaction (POI) transactions. The goal of these messages is to cover the whole POI card payment transactions authorisation related processes (authorisation, completion, rejection, reconciliation, parameters acquisition and diagnostic exchanges) between an acceptor (usually a merchant) and an acquirer (usually a bank). The overall scope of the proposed set of messages is to allow an acceptor and an acquirer to exchange POI authorisation related messages (request, response) either directly or through one or more intermediary agents. Additional messages would also cater for the exchanges of information related to the completion, rejection and reconciliation of an authorisation, as well as parameter acquisition and diagnostic exchanges. The set of messages submitted for registration would be based on the following exchanges of information: Type of exchange Scope and definition Authorisation exchanges (Request, Response) Exchanges to authorise a card payment transaction Completion exchanges (Request, Response) Rejection notification Reconciliation exchanges (Request, Response) Parameters acquisition exchanges (Request, Response) Diagnostic exchanges (Request, Response) Exchanges to confirm the completion of an authorisation of a card payment transaction Exchanges to notify the rejection of a card payment transaction Exchanges to allow the reconciliation of authorised card payment transactions Exchanges to allow an acquirer to send parameters to an acceptor's system Exchanges to allow an acceptor to assess the availability of services provided by an acquirer Page 2

3 Purpose of the registration request: POI card payments authorisation messages are today usually based on ISO 8583 but lacks a standardised harmonised implementation due to numerous discrepancies in the implementation of ISO 8583 in several countries. With the convergence of card payments towards a SEPA 1 framework of implementation in Europe, the need for interoperability and for a common implementation has become a more acute issue for European banks and their stakeholders (customers, payment services providers, etc.). The European Central Bank has already let known the financial industry that UNIFI messages would be the preferred route as regards the development of new financial messages. Whilst this issue has been addressed with a relative high level of urgency in Europe and, more specifically within SEPA, it will, nevertheless, become a major priority in the years to come for world-wide and regional card payment schemes, card acceptors and acquirers, namely due the emergence of global standards such as EMV. ISO addresses messages belonging to the financial arena. Card payments, whilst belonging to sphere of financial and payment transactions, have not been addressed so far by this new standardisation process. The proposed UNIFI development for POI card payment authorisation messages would bring to the users and financial industries the following advantages : - a new set of card payment based messages based on a common methodology used for all forthcoming financial messages ; - a common approach pertaining to all financial messages adopted in a convergence process (credit transfers, direct debits, securities, clearing, settlement, card payments, etc.) ; - an appropriate "time-to-market" scheduling which would be in-line with the expected SEPA timeframe imposed to banks ( ) ; - a global solution based on a robust methodology -which would ease the further certification process of protocol components ; - a stance which would anticipate and facilitate a convergence process which has already started in the clearing of card payments and which may follow an ISO methodology in the near future ; - the opportunity to take into account the flexibility provided by the standard to support enhanced data collected (e.g. loyalty) from an acceptor and forwarded to an acquirer or to an issuer; - a preliminary step in the further ISO standardisation process of card-based clearing, settlement and acquirer-to-issuer messages. 1 Single Euro Payments Area Page 3

4 Variant message Whilst the proposed request is not addressing specifically a new "variant" of a message, it may, however be worth considering that the proposed "SEPA" set of messages may possibly be viewed as a variant of a "to-be-defined" more global series of POI card payment authorisation messages in the future. Community of users: Benefits for stakeholders Banks The proposed development will help banks to adopt a single methodology and approach in addressing new and updated messages in the financial arena. Banks are today confronted to various categories of messages based on non-interoperable technologies (e.g. SWIFT, EDIFACT, ISO 15022, ISO 8583) which hinders a convergence process and lead to higher development and maintenance costs. A timely migration towards a single methodology (e.g. ISO 20022) for all financial data exchanges (credit transfers, card payments, securities, treasury management, cheques, etc.) will lead to a progressive reduction and simplification of global and certification costs. It will enable banks and their customers to rely more and more on "off-the-shelves" harmonised software solutions. Acceptors Acceptors are bank customers involved in a card acceptance contract for the acquisition of POI card payment transactions. The existence of country-based incompatible standards hinders the central acquisition of card payment transactions by multinational acceptors and, hence, the development of business. A common standard will provide tremendous incentives and opportunities for the development of central POI card transactions acquiring activities in Europe and meet the European legislators' objectives of a single payments area in Europe. From a world-wide perspective, the existence of a common standard will extend this benefit to a larger worldwide market. This standard will provide additional cost-savings for activities associated to loyalty and e- billing when related to commercial data associated to a card payment. Payment services providers The emergence of payment services providers for the forthcoming years will require the existence of full-fledged standards to facilitate their operations and enable banks and acceptors to migrate from one service provider to another one without having to undergo the technical obstacles associated to various incompatible message specifications in this migration process. The proposed standard will contribute to a large extent to the creation of a level playing among those actors and will increase competition. Page 4

5 Estimated number of users and messages Based on existing rough estimations of card payment authorisations in the SEPA area, it is estimated that the number of POI transactions would amount to more than 23 billion card payment transactions a year, for the SEPA area only, for an estimated total amount of more than 1,400 billion of EUR for the sole banking industry, only. Expected savings for the industry Whilst relative high costs may be expected in the implementation of the new standards for the 4-5 years to come, expected longer term savings are expected due to : - the convergence process (credit transfers, direct debits, clearing, settlement, card payments, etc.) - the availability of "off-the-shelves" software solutions at a lower cost - the enlargement and maturity of the market, increased competition and product quality - the simplification of front-end and back-end processes - the availability of test and development tools - the ease of the certification process and the lower costs of certification Timing and development: Urgency of the development The proposed development would start asap (e.g. October 2006) in order to meet the SEPA deadlines ( ). The EPAS Consortium has already started a data flow development which could be used as an input to the IS Data Modelling process. The standards should be ready by mid-2007 for a further review by the EPC 2 during the second semester of 2007 and a final EPC endorsement by end of Expected consequence of a delay The expected consequence of a delay is associated to the non-delivery of the proposed EPAS standard in time. Any delay in the provision of a SEPA compliant standard by the above timescales would have as consequence to jeopardise in part - the current SEPA initiative carried out in Europe. 2 European Payments Council Page 5

6 Time consideration as regards the development of messages Part of the data modelling process has already been carried out by the EPAS Consortium with the following achievements : - business and functional requirements - identification of messages supported in the POI card authorisation process - sequence flows of the exchange of data pertaining to those messages. The proposed ISO Data Modelling process would require : - a translation of the current data flows and business models developed by EPAS in actual ISO methodology - an identification of common data elements based on existing messages (e.g. ISO 8583) and their variants - the adoption of "tag" elements developed in a strict respect of performance constraints (e.g. short tags for optimisation) - the identification of data elements to be : i) added to the ISO Repository, ii) imported from the Repository or iii) which may need some update to the Repository. Involvement of organisations in the development process The EPAS Consortium gathers organisations belonging to various activity sectors (card payment systems, petrol companies, major retailer organisation, terminal manufacturers, payment services providers, university,etc.). A liaison 3 has been initiated with the EPC in order to ensure that the EPAS standards will become part of SEPA compliance by end of The EPC intends to endorse the EPAS specifications through the intermediation of a an EPC ad hoc group composed of representatives of different industries and reporting to the EPC Cards Working Group. The whole initiative addresses the expectations of the European Commission and European Central Bank to achieve common standards in the POI "terminal-to-acquirer" domain by Other standards initiative addressing the same requirements The EPAS Consortium is not aware of any other initiative addressing similar requirements at the time of submission of the present Business Justification for POI related messages. 3 Pending the signature of an MOU (Memorandum of Understanding) Page 6

7 Resources and possible help from the RA Whilst the EPAS Consortium has an in-depth expertise in card related standardisation issues and resources to carry out the EPAS project, some help will be sought from the RA for the development of the ISO Data Model, especially as regards the use of the RA modelling tools developed especially by the RA for this purpose. The joint forces "EPAS Consortium and RA" will help to speed up the whole standardisation initiative, especially as regards the ISO modelling work Future message maintenance The EPAS Consortium is committed to ensure the future maintenance of its specifications. Contact persons: The following person can be contacted by the RA, RMG or SEG to get additional information on the project and/or its business justification: William VANOBBERGHEN EPAS Co-ordinator c/o Groupement des Cartes Bancaires "CB" Washington Plaza F PARIS CEDEX 08 TF: TX: william-vanobberghen@cartes-bancaires.com Intellectual Property Rights (IPR): The EPAS Consortium confirms its knowledge and acceptance of the UNIFI IPR policy outlined as follows : Organizations that contribute information to be incorporated into the ISO Repository shall keep any Intellectual Property Rights (IPR) they have on this information. A contributing organization warrants that it has sufficient rights on the contributed information to have it published in the ISO Repository through the ISO Registration Authority in accordance with the rules set in ISO To ascertain a widespread, public and uniform use of the ISO Repository information, the contributing organization grants third parties a non-exclusive, royalty-free license to use the published information. Page 7