International Payment Schemes & Standards. Usman Qureshi Head Business Development torange Soft

Transcription

1 International Payment Schemes & Standards Usman Qureshi Head Business Development torange Soft

2 Agenda The International card schemes Bank Card Associations Membership The integration dilemma How do we integrate? The business dilemma How do we work together? Domestic card schemes being launched among International Card Schemes Standardizing the banking IT infrastructure

3 The International Card Schemes

4 International Payment Systems The Card Schemes

5 The Market Share Total 8 Billion Payment Cards in circulation 29.2% Union Pay 28.6% Visa 20% Master Card 1.1% American Express 0.8% JCB 0.7% Discovery Iran currently has more than 300 million Payment Cards circulating cbi.ir

6 The Coverage by the Card Schemes Visa Master Card Discovery Iran Merchants 40 Million 34 Million 28.8 Million 2.6 Million ATMs 547, , Million 36,000 Iran has the largest ATM network in MEA and also the fastest growing in the ME RBR UK

7 Behpardakht Mellat 24th Parsian Electronic Co. 52nd Sadad Informatics 67th Saman e-pay 69th Iran Kish 82nd Pasargad Elec Payment 105th Asan Pardakht Persian 119th Fanava Card 131

8 The Integration Dilemma How do we Integrate?

9 Anatomy of a Card Scheme Transaction Authorization Clearing Settlement SMS (Single Message) DMS (Dual Message)

10 Authorization

11 Clearing

12 Settlement

13 What needs to be done on the Front-End ATMs POS Terminal Kiosks Mobiles e-commerce

14 What needs to be done by the Acquirers/Merchant Banks Interchange Module

15 What needs to be done by the Acquirers/Merchant Banks Interchange Module

16 Associate/affiliate and participant/agent members can perform all of the principal membership functions except sponsor other members What needs to be done by the Issuer/Cardholder Banks Bank Membership Both associations have three types of membership: principal, associate (VISA)/affiliate (MasterCard), and participant (VISA)/agent (MasterCard); Each membership type conveys different privileges. Principal membership allows members to solicit cardholders and issue cards, solicit and sign merchants, and sponsor other financial institutions for membership in the association.

17 The Business Dilemma How do we work together?

18 Well Established Domestic Card Schemes STET in France Voca Link in UK BankServ in South Africa Knet in Kuwait Shetab and Shaparak in Iran

19 Domestic Card Schemes vs. International Card Schemes At one extreme, a country can have domestic solutions for domestic payment needs (which are typically 95% of the total) and use the international solutions for cross-border situations The other extreme is for international solutions to be used for all situations whether domestic or cross-border, and then there are also intermediate approaches.

20 Benefits of a Domestic Card Scheme According to National Payments Schemes: Drivers of Economic and Social Benefits? By John Chaplin Andrew Veitch Prof. Dr. Jürgen Bott There were three key findings that came from the research. 1) Domestic schemes are the best way to achieve low transaction costs 2) Domestic schemes also innovate better for local markets 3) Domestic schemes have participation and governance benefits

21 Domestic Card Schemes being launched among International Card Schemes

22 Domestic Card Schemes among International Card Schemes RuPay a project by NPCI (National Payment Corporation of India) Launched in May 2014 EMV Enabled Cards with user data Accepted at all the ATMs in India 90% of POS and 10,000 e-commerece wesbites Recently signed a deal with Amazon and Jetairways The network is growing by 3 million users a months Offers low value payment services Financial inclusion for the un-banked and under banked

23 Domestic Card Schemes among International Card Schemes Mercury Payment System in the UAE Part of the National Payment System Launched in summer 2013 Initially only for use in UAE Now partnered with Discovery to be used internationally

24 Domestic Card Schemes among International Card Schemes Rumbles in Russia Russia Heavily depends on the two major card schemes Visa/Master Card The Country tried to build a national Payment system several times but failed till In March 2014 the banks were sanctioned and Visa and MasterCard stopped their activities completely In July 2014 the card schemes resumed their operations in Russia with an agreement If service was disrupted then Russia would confiscate 25% of the schemes average daily turn over The law also stipulates that all the card operations in Russia should be cleared within its borders through a national payment system. The Payment System Pro 1000

25 Iran Iran is in a great situation where the domestic network is very mature. In this era of increasing globalization retail banks should support domestic payment schemes as well as participate actively in the international schemes.

26 Standardizing the Banking IT infrastructure

27 Standardize Information Security (ISMS) IT Management System (ITMS) Business Continuity (BCMS) Payment Card Industry, Data Security Standard (PCI DSS)

28 Information Security and ISO Process Approach This International Standard adopts a process approach for: Establishing, Implementing, Operating, Monitoring, Reviewing, Maintaining and Improving an Organization's ISMS.

29 Information Security and ISO Deliverables Gap Analysis Report Asset Inventory Risk Assessment Report Risk Treatment Plan List of the Control Statement of Applicability Information Security Policy Manual Information Security Policies and Procedures ISMS Templates, Forms and Procedures

30 ISO 20,000 for IT Service Management System ISO/IEC (20K) is the first international standard for IT Service Management. IT Service Management (ITSM) is a discipline for managing information technology (IT) systems, Centered on the customer's perspective of IT's contribution to the business. ITSM stands in contrast to technology-centered approaches to IT management and business interaction. The following represents a characteristic statement from the ITSM literature: Providers of IT services can no longer afford to focus on technology and their internal organization, they now have to consider the quality of the services they provide and focus on the relationship with customers.[1] ITSM is process-focused and relay on common Frameworks like ITIL

31 ISO 20,000 for IT Service Management System Deliverables A. Gap Analysis Report B. Policies, Procedures & Templates as per ISO 20,000 Incident Management Problem Management Change Management Release Management Capacity Management Information Security Availability Management IT Service Continuity Management IT Budget and Accounting Service Level Management and Service Reporting Configuration Management Supplier and Business Relationship Management C. Trainings D. Internal Audit and Internal Audit Report E. Certification

32 What is the source of Disaster? ISO 22301, Disaster Recovery & Business Continuity Management

33 Deliverables 1. BCM policy 2. BIA (business impact analysis) 3. Risk and threat assessment 4. BCM strategy 5. Awareness program 6. Training program 7. Incident management plans 8. BCM plans 9. Business Recovery Plans 10. Exercise schedule and reports 11. SLA and contracts 12. Internal Audit and Training 13. Management Review 14. Mock Audit 15. Certification Audit and Certification ISO 22301, Disaster Recovery &Business Continuity Management

34 PCI Security Standards Council (SSC) PCI DSS

35 PCI Key Players & Stakeholders PCI - DSS

36 The Big Picture PCI - DSS

37 Use the Right Tools & Software Use the right tools and software Know the right use of the tools

38 No Standardization is No Excuse Follow the International Standards if you wish to operate in the international world!

39 Thank You