Mobile and Contactless Payments Requirements and Interactions

Similar documents
Testing & Certification Terminology

Is Your Organization Ready for the EMV Challenge?

Tokenization April Tokenization. Gregory H. Soule, CPA, CISA, CISSP, CFE Senior Manager. Andrews Hooper Pavlik PLC

EMV Terminology Guide

EMV: Facts at a Glance

Ensuring the Safety & Security of Payments. Faster Payments Symposium August 4, 2015

In this Document: EMV Payment Tokenisation Payment Account Reference (PAR) FAQ EMV Payment Tokenisation Technical FAQ

Quick Guide. Token Service Provider

The Future of Payment Security in Canada

Quick Guide. Token Service Provider

Tokenization: What, Why and How

EMV Chip Cards. Table of Contents GENERAL BACKGROUND GENERAL FAQ FREQUENTLY ASKED QUESTIONS GENERAL BACKGROUND...1 GENERAL FAQ MERCHANT FAQ...

Technology Developments in Card-Based Payments WACHA Payments 2013

Optimizing Transaction Speed at the POS

Contactless Toolkit for Acquirers

Understanding the 2015 U.S. Fraud Liability Shifts

U.S. EMV Migration Update. A joint presentation from Citizens Commercial Banking and Worldpay

Visa Minimum U.S. Online Only Terminal Configuration

HCE Driving NFC: From Idea to Reality to Ubiquity. Mobey Day October 7/8, 2014

EMV and Educational Institutions:

THE ADOPTION OF EMV TECHNOLOGY IN THE U.S. By Guy Berg Global Industry Sales Consultant Datacard Group

Effective Communication Practices for U.S. Chip Migration. Communication & Education Working Committee June 2014

EMV Basics and the market

ATM Webinar Questions and Answers May, 2014

EMV 3-D Secure Press Kit Q&A

THE FUTURE OF TRANSACTING

Agenda. What is EMV. Chip vs Mag Stripe. Benefits of EMV. Timeframes & Liability Shift. Costs. Things to consider. Questions

PayPass M/Chip Requirements. 3 July 2013

EMV for Merchants and Merchant Acquirers: U.S. Migration Considerations. Smart Card Alliance Webinar October 6, 2011

Card Payment acceptance at Common Use positions at airports

RuPay Contactless Ideathon (1.2)

Card Payments Roadmap in the United States: How Will EMV Impact the Future Payments Infrastructure?

Frequently Asked Questions for Merchants May, 2015

EMV FAQ S FROM A MERCHANT S PERSPECTIVE

Electronic Payments in US

Visa Digital Solutions. Rocio Beckham Community Issuers

EMV A Chip Off the New Block

Open Payment Fare Systems

Finding the Best Route for EMV in the US

EMV: The Race Is On! September 24, 2013

Securing Card Payments Challenges & Opportunities. Julie Hanson Senior Vice President, Card & Payment Products ICBA Bancard & TCM Bank, NA

E M V O V E R V I E W. July 2014

October is Here: Are Issuers, Merchants & Consumers Ready for EMV?

EMV in the U.S. Liability shift; what does this mean for the U.S.?

A Conversation with Visa on Consumer Debit Growth Connie Davis FIS Global Retail Payments Greg Borchardt Visa Consumer Debit Products

Seeds of Change in Debit

EMV: Frequently Asked Questions for Merchants

Leveraging Data Security Technology. October 19 th 9:15 AM

Dates Visa MasterCard Discover American Express. Acquirers, subprocessors. support EMV. International ATM liability shift 2

Technologies for Payment Fraud Prevention: EMV, Encryption and Tokenization

EMV Implementation Guide

Payment Digitalization and the University Smart Card

The Changing Landscape of Card Acceptance

A Merchant s Path to EMV Understanding Impacts To Your Business

EMVCo: Operating Principles

Revolutionize Your Business with Harbortouch

ADDING VALUE TO SECURITY. How Issuers Can Leverage Tokenization to Capture New Revenue-Generating Opportunities. firstdata.com

I N T E R A C. The Faster, More Convenient Way. Small Value Purchases

First Data Output Services Providing Additional Support For Your Customers

When the hard-to-reach become your preferred customers. Finc / the offering which addresses financial inclusion challenges

EMV * Contactless Specifications for Payment Systems

EMV is coming. Here s how to stay ahead of the trend. Presented by CO-OP Financial Services

Secure Remote Payment Council (SRPc) White Paper Discussion: EMV Enhancements Post Implementation September 13, 2016

Topics. First Data and STAR Network overview. Competitive advantage. Fraud in emerging payments. Fraud innovation what s coming

Hot Topics in Payments Cornerstone CU League Small CU Committee July 9, 2014

Cards on the table! Bernd Filsinger Payment Technology Services Lead Client Support Services, Europe region

EMV: GET READY. Michelle Thornton, CO-OP Financial Services

Proxama PIN Manager. Bringing PIN handling into the 21 st Century

EMV is coming. But it s ever changing.

Adapting to Mobile Wallets: The Consumer Experience

Will US EMV Migration Impact Acquiring Worldwide?

MAKE WAY FOR THE EMV CREDIT CARD. What You Need to Know for a Smarter POS Strategy.

EMV Adoption in the U.S.

EMV Adoption. What does this mean to your ATMs?

HCE E-Book HOST CARD EMULATION: NFC S MISSING LINK

Evaluating Processing Infrastructure, Support & Costs

Gemalto Consulting Services. Take control of your smart card implementation

Aconite Smart Solutions

Canada EMV Test Card Set Summary

DELIVER A TRULY DIGITAL WALLET EXPERIENCE. Powering customer engagement and business growth. Finacle Digital Wallet Solution

Top 5 Facts Merchants Need To Know About EMV

1.9 billion. contactless Toolkit for financial institutions ADDING CONTACTLESS. MasterCard and Maestro Contactless

Nayax 24 Raoul Wallenberg St., Building A1, 4th floor, Tel Aviv, 69719, Israel Tel:

EMV: Coming Soon to a Card Near You

Are We at a Contactless Inflection Point?

jhapassport EMV Update:

Mastercard Engage Directory for Digital Wallets

EMV & Fraud POS Fraud Mitigation Tips for Merchants First Data Corporation. All Rights Reserved.

Digital Banking BPC s Vision

Procedural Guidelines RuPay QR code

Pinless Transaction Clarifications

JTC Resource Bulletin. EMV and Credit Card Liability: What Courts Need to Know

THE NEXT EVOLUTION IN COMMERCE: INVISIBLE PAYMENTS

Card Technology. November 6, 2017 / Jennifer Baur, Conduent & Jamie Topolski, Fiserv

SecuRe Pay recommendations for the security of mobile payments

Investigating the myths and realities of contactless payment

Expanding to New Verticals

Minimizing the Impact of EMV & Churn on Your Subscription Business

Modular Components. Superior Technology. Flexible Software

PIN Issuance & Management

Transcription:

Mobile and Contactless Payments Requirements and Interactions Version 1.0 Date: February 2018 2018 U.S. Payments Forum and Smart Card Alliance. All rights reserved. Page 1

About the U.S. Payments Forum The U.S. Payments Forum, formerly the EMV Migration Forum, is a cross-industry body focused on supporting the introduction and implementation of EMV chip and other new and emerging technologies that protect the security of, and enhance opportunities for payment transactions within the United States. The Forum is the only non-profit organization whose membership includes the entire payments ecosystem, ensuring that all stakeholders have the opportunity to coordinate, cooperate on, and have a voice in the future of the U.S. payments industry. Additional information can be found at http://www.uspaymentsforum.org. About the Mobile and Contactless Payments Working Committee The goal of the Mobile and Contactless Payments Working Committee is for all interested parties to work collaboratively to explore the opportunities and challenges associated with implementation of mobile and contactless payments in the U.S. market, identify possible solutions to challenges, and facilitate the sharing of best practices with all industry stakeholders. Legal Notices This document is intended solely as a convenience to its readers, for purposes of providing interested payments industry stakeholders with a better understanding of the mobile and contactless payments landscape. While great effort has been made to ensure that the information in this document is accurate as of the original date of publication, the U.S. Payments Forum cannot guarantee such accuracy, and hereby expressly disclaims all warranties of any kind regarding the information herein, including but not limited to all warranties as to the accuracy, completeness or adequacy of such information. Note that payment industry rules, requirements, policies and procedures are complex, are subject to change, and may impact or be impacted by specific facts, circumstances or other factors. Prior to implementing any product, solution or strategy, appropriate business, legal, professional and technology advisors should be consulted, including payment networks and acquirers. Comments or recommendations for edits or additions to this document should be submitted to: receipt-bestpractices@uspaymentsforum.org. EMV is a trademark owned by EMVCo LLC. 2018 U.S. Payments Forum and Smart Card Alliance. All rights reserved. Page 2

Table of Contents 1. Introduction and Objectives... 4 2. Terms and Definitions... 4 3. Stakeholder Groups... 5 4. Descriptions of Types of Mobile Methods... 9 5. Illustrated Stakeholder Interactions... 10 6. Requirements Matrix... 13 2018 U.S. Payments Forum and Smart Card Alliance. All rights reserved. Page 3

1. Introduction and Objectives This document describes how mobile and contactless payments requirements are collected from mobile/contactless payments ecosystem stakeholders. The intent is to garner cross-industry understanding of mobile and contactless payments requirements and best practices and encourage standardization to meet common requirements. The U.S. Payments Forum Mobile and Contactless Payments Working Committee uses a broad definition of mobile and contactless payments to mean all non-contact payment approaches that facilitate convenient, fast and secure payment transactions for consumers. Activities will include all mobile payments approaches (e.g., bar code, QR code, Near Field Communication (NFC), Magnetic Secure Transmission (MST), EMV/Magnetic Stripe Data (MSD) contactless, Bluetooth, in-app, m-commerce browser transactions, other mobile technologies that can be used to enable payment), all form factors (e.g., dual-interface EMV chip cards, mobile devices, wearables and cards on file), and both card and non-card (e.g., faster payments) approaches. The project scope is bounded to mobile payments with POS interactions (in-app or mobile-based browser payment are in scope if they are used at the POS). E-Commerce transactions are out of scope for this document. 2. Terms and Definitions To facilitate a common understanding of terms; the project has listed key terms and definitions specific to mobile payments with POS interactions, including loyalty/reward cards. Refer to the US Payments Forum Mobile and Contactless Payments Glossary for terms and definitions. 2018 U.S. Payments Forum and Smart Card Alliance. All rights reserved. Page 4

3. Stakeholder Groups The Mobile and Contactless Payments Working Committee has identified and solicited requirements input from the following industry stakeholder groups. Below is a summary description of each stakeholder group ( who ) and their motivations for mobile payments ( why ). 3.1 Issuers Who: The financial institution that issues payment cards and holds the account or credit line behind the card. Why: Interested in providing the most effective, efficient and secure ways to implement mobile payments for consumers in order to promote account usage. Interested in being able to enroll accounts and process transactions with mobile payments solutions. 3.2 Acquirers/Processors Who: A company (often a third party) appointed by a merchant to handle card transactions for merchant acquiring banks. Why: Interested in promoting the sale of mobile payment and loyalty solutions and services to merchants and providing acquiring services for mobile payments transactions. 3.3 Retail Merchants Who: Entity that accepts payments from customers (i.e., consumers/cardholders) in exchange for goods and/or services and connects to a payment network through an acquirer. There are both overlapping and unique requirements across merchant industries, including retail, petroleum, transit, and unattended systems operators (e.g., ATM, vending). Why: Interested in the use of technology solutions that drive higher revenue, increase staff efficiency, lower costs, and enhance the consumer experience. Solutions must include a secure payment process that (a) prevents fraudulent transactions and (b) prevents theft of card/cardholder data. A merchant wants its customers to trust the merchant s system enough so that the customer is willing to use his/her electronic payment device. 2018 U.S. Payments Forum and Smart Card Alliance. All rights reserved. Page 5

3.4 Payment Networks Who: A payment network provides POS and ATM services for credit, debit, ATM and prepaid card issuers and corresponding transaction acquirers. It establishes participation requirements, operating rules and technical specifications under a common brand(s) for the purpose of receiving, routing, securing authorization for, settling and reporting domestic and international payment transactions. Each payment network determines the types of transactions, payment devices and terminals that are permitted in its respective network. Why: Interested in providing their clients with a set of tools and services that facilitate the secure processing of mobile payment transactions while managing fraud and other losses as efficiently as possible. 3.5 Consumers/Cardholders Who: Consumers are the end-users purchasing goods and services. Why: Interested in having secure and convenient ways to do payments. 3.6 Mobile Payment Application (MPA) Providers Who: Entity that provides the applications that run on the mobile device and tie the mobile device to the site system. Why: Interested in promoting the sale of mobile payment and loyalty solutions and services to merchants and providing mobile payment applications to consumers, including mobile payment software, digital coupons, mobile wallets, remote solutions (e.g., cloud-based and/or using a remote secure server) and networks. They are also interested in the development of standardsbased interfaces to site systems, wallets, and payment networks to ensure secure payment transactions. 3.7 Wallet Providers Who: Providers of software and services that represent a physical wallet, putting debit and credit cards into an application that holds payment credentials through which someone can pay, using the digital version of the debit or credit cards in that person s physical wallet, and linking to the same account, to pay. Why: Interested in promoting the sale and use of wallet solutions to facilitate mobile payment transactions and the security of those transactions. 2018 U.S. Payments Forum and Smart Card Alliance. All rights reserved. Page 6

3.8 Mobile Device and Operating System Providers Who: Entities that provide/manufacture mobile devices and/or the operating systems on those devices. Why: Interested in promoting the sale of devices and services for consumers to use in the effective, efficient and secure acceptance of mobile payment transactions, while working to prevent fraud and protect merchant and consumer information. 3.9 Mobile Network Operators Who: Provider of wireless communications services that owns or controls all the elements necessary to sell and deliver services to an end user including radio spectrum allocation, wireless network infrastructure, back haul infrastructure, billing, customer care, provisioning computer systems and marketing and repair organizations. Why: Interested in promoting and expanding the adoption of current and future generations of cellular networks, wireless broadband networks, and cloud-based infrastructure and subscription services, including new strategic initiatives like Internet everywhere, infrastructure as a service, data analytics, and business intelligence services. 3.10 Token Service Providers Who: Entity within the payments ecosystem that provides registered token requestors with surrogate PAN values, otherwise known as payment tokens by managing the operation and maintenance of the token vault, deployment of security measures and controls, and registration process of allowed token requestors. Why: Interested in promoting the sale and use of payment tokens to facilitate mobile payment transactions and the security of those transactions. 3.11 Token Requestor Who: The token requestor is a payment tokenization specific role. Token requestors register with one or more token service providers (TSPs) in order to request payment tokens. Why: Interested in providing integrated TSP and wallet independent services to facilitate secure mobile payments transactions. 2018 U.S. Payments Forum and Smart Card Alliance. All rights reserved. Page 7

3.12 Terminal/POS Vendors Who: Entity that provides the site systems to a merchant. Why: Interested in promoting the sale of mobile payment and loyalty enabled solutions and services to merchants. 2018 U.S. Payments Forum and Smart Card Alliance. All rights reserved. Page 8

4. Descriptions of Types of Mobile Methods The following describes common communications methods to facilitate a mobile payments transaction at the POS. Transaction Communications Methods Contactless/NFC EMV Contactless MSD Contactless Bluetooth Low Energy (BLE) Bar Code QR Code Magnetic Secure Transmission (MST) In-App M-Commerce Browser Process Description In a contactless mobile payment transaction, the consumer holds the contactless card, device, or mobile phone in close proximity (less than 2-4 inches) to the terminal and the payment account information is communicated wirelessly (via radio frequency [RF]). An NFC contactless mobile payment transaction where a contactless EMV transaction, as specified by EMVCo, is performed. A contactless mobile payment transaction where data in a magnetic stripe format is communicated to the POS terminal. A contactless mobile payment transaction where a mobile device uses Bluetooth to communicate to a Bluetooth sensor connected to the POS In a mobile payment transaction using bar codes, a bar code may be generated by the mobile device and scanned at the POS by a barcode reader that is built in or connected to the POS or the POS may generate a bar code that is scanned by the mobile device. Alternatively, a static bar code (i.e., a sticker) may be scanned by the mobile device. In a mobile payment transaction using QR codes, a QR code may be generated by the mobile device and scanned at the POS or the POS may generate a QR code that is scanned by the mobile device. Alternatively, a static QR code (i.e., a sticker) may be scanned by the mobile device. A proprietary technology implemented in certain mobile phones that uses RF to communicate payment account information via the magnetic-stripe-reader in a POS terminal. To the POS terminal, it appears the same as a magnetic stripe transaction. An in-app mobile payments transaction involves communication between the mobile device and POS system over the Internet, typically facilitated by a mobile payment provider application. Mobile payments transaction through the web browser application on a mobile device. 2018 U.S. Payments Forum and Smart Card Alliance. All rights reserved. Page 9

5. Illustrated Stakeholder Interactions The following diagrams provide examples of the high-level overviews of processes involved in the mobile payments ecosystem and examples of stakeholder interactions. There are many different implementations for the various processes. Each diagram only shows one potential implementation, which is not intended to be definitive. 5.1 Token Request Overview PAN PAN Cardholder Mobile Application Wallet Provider Token Request Process Token Request Process Token Request Process Issuer Token Service Provider Token Requestor 2018 U.S. Payments Forum and Smart Card Alliance. All rights reserved. Page 10

5.2 Mobile Transaction Ecosystem NFC Activate Access Access Payment Credentials Cardholder Mobile Application Wallet Mobile Device Payment Token & Cryptogram Payment Token & Cryptogram Payment Token & Cryptogram PAN Token Service Provider Acquirer/ Processor Terminal/ POS Payment Network PAN Issuer 2018 U.S. Payments Forum and Smart Card Alliance. All rights reserved. Page 11

5.3 Mobile Transaction Ecosystem In-App with POS Interaction Activate Access Activate Cardholder Mobile Application Wallet Payment Token Payment Token PAN Token Service Provider Acquirer/ Processor Terminal/ POS Payment Network PAN Issuer 2018 U.S. Payments Forum and Smart Card Alliance. All rights reserved. Page 12

6. Requirements Matrix For all stakeholder groups in mobile payments environments, requirements come from a variety of sources across the stakeholder matrix. This section describes for each stakeholder group, where requirements come from, along with examples of requirements coming from each stakeholder group. 1. Issuers to: 1a Payment Networks Setting up profiles, providing BIN ranges for digitization/personalization based on network rules 1b Consumers Consumer must apply for the product Validate the consumer (identification during onboarding) Terms and conditions to the consumer 1c Token Service Providers Enrollment with TSP, providing BINs, card ranges Rule engine parameters 2018 U.S. Payments Forum and Smart Card Alliance. All rights reserved. Page 13

2. Acquirers to: 2a Merchants Technical interface specification Certification of the solution 2b Mobile Payment Application Providers If card-on-file/in-app solution, technical interface specification 2c Terminal/POS Vendors Technical interface specification 3. Merchants to: 3a Acquirers Custom requirements 3b Cardholders Education, signage, communication 3c Mobile Payment Application Providers Functional specifications/requirements 2018 U.S. Payments Forum and Smart Card Alliance. All rights reserved. Page 14

3d Terminal/POS Vendors Functional specifications/requirements 4. Payment Networks to: 4a Issuers Message format specification containing required data elements for mobile payments; specifications, operating rules, policies, and testing and certification requirements 4b Acquirers/Processors Message format specification containing required data elements for mobile payments; specifications, operating rules, policies, and testing and certification requirements 4c Merchants Operating rules and policies Technical specifications 4d Token Service Providers 4e Terminal/POS Vendors Technical specifications, AID selection, kernel configuration, testing and certification requirements, other requirements 2018 U.S. Payments Forum and Smart Card Alliance. All rights reserved. Page 15

5. Cardholders/Consumers to: 5 All Solution must be easy, secure, relevant (usability, security, experience). Acceptance of terms and conditions. 6. Mobile Payment Application Providers to: 6a Acquirers/Processors Testing and certification requirements 6b Merchants Operating instructions, technical requirements to enable payment application 6c Cardholders Operating instructions, terms and conditions, 6d Token Requestors Use case requirements for life cycle management and payment transaction methods (POS, ecommerce, in-app) 6e Terminal/POS Vendors Technical requirements to enable payment application, 2018 U.S. Payments Forum and Smart Card Alliance. All rights reserved. Page 16

7. Wallet Providers to: 7a Issuers Negotiation on terms, conditions and functionality, subject to specific implementations and may vary by state 7b Acquirers/Processors Testing and branding requirements 7c Merchants Technical requirements for loyalty and other value-added functions; branding and marketing requirements 7d Cardholders/Consumers Terms and conditions to the cardholder 7e Token Service Providers Technical specifications (how to interface with the wallet). Includes MPA requirements. 8. Mobile Device and OS Providers to: 8a Issuers Consumer experience and expectations 2018 U.S. Payments Forum and Smart Card Alliance. All rights reserved. Page 17

8b Mobile Payment Application Providers Technical specifications on how to create an application 8c Wallet Providers Technical specifications and general security requirements 8d Token Requesters Device payment credential storage capabilities 9. Mobile Network Operators to: 9a Mobile Device and OS Providers Technical and business requirements on how to put a mobile device on a network 10. Token Service Providers to: 10a Issuers Technical requirements on tokenization; requirements for authentication (e.g., identification and verification (ID&V), onboarding of user), and lifecycle management 10b Acquirers/Processors (if global networks) Interfacing with the TSP, payment and debit networks, and token BIN ranges 2018 U.S. Payments Forum and Smart Card Alliance. All rights reserved. Page 18

10c Payment Networks (if debit networks) Interfacing with the TSP, payment and debit networks, and token BIN ranges 10d Wallet Providers Interfacing with the TSP and token BIN ranges 10e Token Requesters Registration requirements, terms and conditions, certifications, and technical requirements/apis 11. Token Requester to: 11a Mobile Payment Application Providers Security requirements, credential storage implementation requirements, technical requirements/apis 12. Terminal/POS Vendors to: 12a Mobile Payment Application Providers Technical requirements to enable payment application; alignment on QR codes; other requirements 2018 U.S. Payments Forum and Smart Card Alliance. All rights reserved. Page 19

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback