Interoperable Mobile Payment A Requirements-Based Architecture



Similar documents
Credit card: permits consumers to purchase items while deferring payment

ETSI TR V1.2.1 ( )

Innovation in payments an overview

Payment Systems for E-Commerce. Shengyu Jin 4/27/2005

Electronic Payments Part 1

The e-payment Systems

We believe First Data is well positioned to take advantage of all of these trends given the breadth of our solutions and our global operating

MOBILE CHIP ELECTRONIC COMMERCE: ENABLING CREDIT CARD PAYMENT FOR MOBILE DEVICES

ECB-RESTRICTED. Card payments in Europe a renewed focus on SEPA for cards

My Sage Pay User Manual

Safe & Quick Mobile Payment. SQ is an authentication and payment system for mobile, cashless and contactless payment via Smartphone.

Mobile Wallet Platform. Next generation mobile wallet solution

1i. What other gaps or opportunities not mentioned in the paper could be addressed to make improvements to the U.S. payment system?

The Definition of Electronic Payment

E-Commerce payment trends. Petr Polak Senior Sales Manager Czech Republic and Slovakia

Sage Pay Fraud Prevention Guide

How To Change A Bank Card To A Debit Card

Paytooth - A Cashless Mobile Payment System based on Bluetooth

Verified by Visa. Acquirer and Merchant Implementation Guide. U.S. Region. May 2011

Chargebacks: Another Payment Card Acceptance Cost for Merchants

Chapter 5. Online Payment System. Types of Payment Systems. Cash Checking Transfer Credit Card Stored Value Accumulating Balance

SAFE SYSTEM: SECURE APPLICATIONS FOR FINANCIAL ENVIRONMENTS USING MOBILE PHONES

CHAPTER 6. Learning Objectives. Learning Objectives. E-commerce Payment Systems. Types of Payment Systems

Internet Usage (as of November 1, 2011)

ACQUIRER OR ACQUIRING BANK A financial institution (often a bank) where a merchant has an account to process transactions and card payments

Euronet s Contactless Solution

Version 1.0 STRATEGIC PARTNER TRAINING MANUAL

MySagePay. User Manual. Page 1 of 48

Electronic Payment Systems. Traditional Methods

Securing Internet Payments. The current regulatory state of play

E-money Niche market that might be expanding

Server and Direct Shared Protocols

Merchant Account Glossary of Terms

EMV FAQs. Contact us at: Visit us online: VancoPayments.com

Common Electronic Purse Specifications. Business Requirements. Version 7.0. March, Copyright CEPSCO 1999 All rights reserved

Electronic Payment Systems

Frequently Asked Questions

Electronic Payment Systems. Dr Sherif Kamel

Internet PIN Debit: Aligning the Needs of Merchants, FIs and Consumers for Online Payments

Actorcard Prepaid Visa Card Terms & Conditions

Bilateral and Multilateral Processing of Card Transactions in Europe. A Card Scheme Independent Message Standard. White Paper

Visa Consulting and Analytics

Information request from the Payment Systems Regulator (PSR) to [Scheme name] in relation to the EU Interchange Fee Regulation

Swedbank Payment Portal Implementation Overview

Questions & Answers clarifying key aspects of the SEPA Cards Framework

A Guide to EMV. Version 1.0 May Copyright 2011 EMVCo, LLC. All rights reserved.

The Canadian Migration to EMV. Prepared By:

Introduction to the similar solutions and compare with the proposed system.

GLOSSARY OF MOST COMMONLY USED TERMS IN THE MERCHANT SERVICES INDUSTRY

MasterCard Contactless Reader v3.0. INTRODUCTION TO MASTERCARD CONTACTLESS READER v3.0

International Processing for the Financial Industry

A: This will depend on a number of factors. Things to consider and discuss with a member of our ANZ Merchant Services team are:

European Commission, DG Internal Market and Services Rue Joseph II Brussels BELGIUM

Electronic Payments. EITN40 - Advanced Web Security

ELECTRONIC COMMERCE WORKED EXAMPLES

UPCOMING SCHEME CHANGES

Interchange Optimization: Are you getting the best rate?

April 12, To: Verified by Visa Merchants Verified by Visa Acquirers Verified by Visa Merchant Service Providers

E-Commerce Project Management Implementation Phd. Ion Ivan, Saha Priyatosh, Asist. Cristian Toma

E-commerce refers to paperless exchange of business information using following ways.

The following information was prepared to assist you in understanding potential Electronic Value Transfer terminology.

The Adoption of EMV Technology in the U.S. By Dave Ewald Global Industry Sales Consultant Datacard Group

Visa Reloadable Frequently Asked Questions. EMV Travel Card

MASTERCARD SECURECODE ISSUER BEST PRACTICES

An access number, dialed by a modem, that lets a computer communicate with an Internet Service Provider (ISP) or some other service provider.

Appendix. Data Tables

5 STEPS TO LOWER YOUR PAYMENT PROCESSING FEES

Merchant Plug-In. Specification. Version SIX Payment Services

Travel Card. Cardholder Frequently Asked Questions. June 2014 T.FQ.S E

Squaring the Circle in Payment Processing

Rodan + Fields RF Payday Program. Terms and Conditions.

Tokenization: FAQs & General Information. BACKGROUND. GENERAL INFORMATION What is Tokenization?

Electronic Commerce and E-wallet

Frictionless Experience with Verified by Visa. Risk-based authentication case study

Card Standard Account Fees

Chapter 10. e-payments

Internet Part 2. CS/MIS Department

Competition policy brief

Apple Pay. Frequently Asked Questions UK

PayLeap Guide. One Stop

Transcription:

Interoperable Mobile Payment A Requirements-Based Architecture Dr. Manfred Männle Encorus Technologies GmbH; product management Payment Platform Summary: Existing payment methods like cash and debit/credit card payments are still predominant in our daily lives. Nevertheless, these methods are not well suited for new payment scenarios as for example e-commerce and TV shopping, resulting in increased fraud and high disputes handling costs. Next-generation payment methods must meet technical, user, and business requirements that cover traditional as well as recent scenarios. This paper presents a mobile payment architecture that combines the security and strong user authentication of GSM networks, the cost efficiency of micropayment, and the flexibility and world wide acceptance of existing macropayment schemes. Keywords: mobile payment scheme, three domain, interoperable payment protocol 1 Introduction During the last decades, a continuing trend in the payments market has been the declining share of all payments made by cash. Cash payment volumes in the UK were some GBP 25.6 billion in 1999 accounting for three-quarters of all payments. APACS projects that cash use in the UK will still account for 62% of all payments in 2009, but cash payment volumes are expected to continue to decline [Apacs03]. Migration to on-line debit cards and the electronic purse will be important influences. Mobile payments, i.e. payments based on your mobile phone, will take their share of cashless payments for various reasons. According to a study of Frost and Sullivan, mobile payment will achieve a volume of USD 25 billion in Europe by 2006 [Frost02]. This paper starts with a brief discussion of advantages and drawbacks of different payment methods. Section 3 presents a list of the most important requirements to a modern payment system and provides the basis for chapter 4 the architecture of an interoperable mobile payment system, followed by conclusions and an outlook.

2 M. Männle 2 Payment methods Paying with cash will remain the predominant payment method, but its share is continuously declining. Users appreciate its ease of use, anonymity, and ubiquitous acceptance. Drawbacks are handling costs, in particular when dealing with foreign currencies, and risk of loss and theft. Furthermore, distant payments as needed for e-commerce are not economically feasible. Check payments are widely accepted but come with relatively high handling costs. Their importance is constantly decreasing, particularly in Europe. Credit and debit card payments continue to grow. They are widely accepted, offer good security and come with affordable costs. They allow distant payments and are therefore the preferred payment method for e-commerce and m-commerce. Payments, however, are not anonymous and some consumers are reluctant to use credit cards for e-commerce because of the perceived risk of fraud. Merchant discount (merchant service charge) is relatively high in e-commerce, because the disputes rate is relatively high for cardholder-not-present transactions. Furthermore, person-to-person payments are not always possible and valuta is usually delayed by one or more days. Enhancements of card payments like SET [SET97] or 3D-Secure [Visa01] try to overcome these drawbacks, in particular by introducing better consumer authentication via chip or digital signature in order to decrease e-commerce fraud. Changes necessary at merchant and consumer side are the major hurdles in deploying these systems. Token-based methods like the German Geldkarte gained some acceptance, mainly for cashless payments at vending machines, but spread is limited because of the need of card reading devices. A growing number of other payment methods and trials, e.g. e-cash schemes like CyberCash [Cyb03] and mobile payment systems like Paybox [Pay03], evolved over the last decades but did not yet gain significant market share. One of the main reasons is their limited interoperability and acceptance, i.e. consumers and merchants must both register to the same entity the scheme does not allow to leverage existing business relationships between consumers, issuers, acquirers, and merchants. The following chapters describe technical, business, and user requirements to next-generation payment systems and present an interoperable mobile payment architecture that addresses these needs.

Interoperable Mobile Payment A Requirements-Based Architecture 3 3 Requirements to next-generation payment systems When looking at the advantages and drawbacks of existing payment methods and when learning from the reasons why many payment systems failed, one can derive a set of technical, business, and user requirements: Interoperability Financial networks follow the three domain model in order to implement interoperability. Brand and business rules are defined in a payment scheme. Issuers hold contracts with consumers, maintain consumer accounts and issue e.g. credit cards. Merchant acquirers deliver services tailored to merchants needs. The interchange domain ensures interoperability, computes fees and settles funds between issuers and acquirers. Stakeholders are not restricted to a single role, e.g. some banks issue cards and acquire merchants at the same time. Technically, interoperability is achieved by standardized protocols like ISO 8583 [ISO87]. Wide-spread acceptance Every introducer of a new payment system encounters the so-called henand-egg problem. Consumers are reluctant to use and subscribe for a new payment method, as long as acceptance is limited to a small subset of merchants; merchants hesitate to accept a new scheme as long as the consumer base is small. Leveraging the existing infrastructure (merchant acquirers, issuers) can overcome this problem. Ease of use Consumers and merchants are familiar with use cases like registration, confirming payments with a PIN, transactions (e.g. credit and debit), account statements, etc. Ease of use can be achieved if a mobile payment scheme copies the known payment transaction types, use cases, and business relationships. Moreover, a payment system of international scope is expected to provide foreign currency conversion during the payment flow. Disposability The need of additional devices or software poses a barrier for introducing a new payment system, in particular to consumers. Furthermore, consumers prefer payment systems that provide ubiquitous access. A method bound to e.g. a PC (like some e-cash schemes) limits usage to web payments and is likely to remain in this niche segment. Economy

4 M. Männle Cost for deploying and maintaining a new payment method as well as subscription and per transaction fees must compete with costs of existing payment schemes. On the other hand, fee distribution among the service providers must cover their efforts and risks. Security Strong payer authentication is the precondition to prevent consumer fraud and to keep the number of disputes low. This is why most schemes that provide a payments guarantee for the payee demand strong consumer authentication. Measures for integrity, non-repudiation, confidentiality, and persistence further reduce the number of disputes and increase consumer trust. Anonymity The consumer prefers anonymous payments, which is in contrast to fraud reduction and strong authentication. Nevertheless, consumer data can be hidden from the merchant while still keeping strong authentication by the issuer. The requirements listed above are considered the most important technical, user, and business requirements. Other aspects as for example legal requirements are out of the scope of this document. 4 Mobile payment architecture We propose an extended three domain model in order to fulfill the requirements listed in section 3. Building on the three domain model allows to leverage the existing banking, card issuing, and merchant acquiring infrastructure (cf. figure 1). In this extended model, payer authentication is performed by the GSM network when the consumer uses his or her mobile phone to confirm a payment. GSM networks provide a strong, chip-based user authentication and almost ubiquitous access [GSM03]. Figure 1 depicts a role-based three domain model, where the traditional macropayment systems are extended by a micropayment system (account management and interchange components), mobile payment handling (mobile payment processing component), and consumer wallet servers. The wallet servers manage consumer data (IDs, account numbers, spending limits, address, preferences, etc.) and is responsible for consumer authentication. The payment processing component handles a mobile payment protocol ( mpp ) between wallet and merchant servers. The merchant acquirer routes authorization requests to the respective interchange network using a micropayment authorization protocol

Interoperable Mobile Payment A Requirements-Based Architecture 5 ( map ) designed for micropayment and ISO8583 derivatives or equivalent protocols for macropayment. A virtual private network provides security (authentication, integrity and confidentiality) for communication between the components. consumer (payer) shopping and delivery merchant (payee) authentication authorization mobile wallet server mobile payment handling payment request mpp merchant services server wallet / PI issuer micropayment account mobile interchange network micropayment authorization map merchant account merchant acquirer top-up and depletion macropayment account other (macro) interchange networks macropayment authorization ISO 8583, ZVT, etc. Figure 1: Mobile micro- and macropayment. A typical payment flow consists of the following steps: Registration Consumers must register with a wallet server, providing payment instrument data (e.g. credit card number), personal preferences, and data needed for authentication (e.g. a PIN). Different methods exist, for example sending PIN letters via paper mail, in order to check customer data and therefore improve the quality of the customer data base. Shopping The consumer shops in a physical shop (point of sale), at a vending machine, or in an online shop. After selecting a basket of products or services, the consumer selects mobile payment. The user is routed to his or her wallet (web and WAP technically allow this), actively connects the wallet, or receives a message or call from the wallet for authentication. Consumer authentication

6 M. Männle After GSM network authentication, the consumer can additionally confirm the purchase with a PIN or cancel the transaction. In case of confirmation, the wallet triggers the payment transaction. Payment authorization The payment processing component routes the payment request to the respective merchant server that triggers authorization of the payment via the respective interchange network. The authorization result is indicated to the consumer and the merchant who in case of success delivers the product or service. If applicable, the processing component may convert foreign currencies before authorization. Payment capture Whereas digital content is usually paid immediately, physical retailers also need deferred and split captures in case delivery is deferred or happens in several tranches. Clearing & settlement Payment instruments (micro- and macropayment account management systems), merchant servers, and potentially the processing component log transactional data for later processing. In a clearing and settlement (C&S) procedure, the C&S processor computes fees and initiates funds transfer of aggregated amounts between issuers and acquirers. Disputes processing Disputes processing costs for e-commerce can be decreased through a payment protocol that supports digital content delivery resumption. The role-based model described above does not restrict a stakeholder to take only one single role. Mobile operators are in a good position to operate wallet servers and to issue micropayment instruments. Banks traditionally take the role as macropayment issuers and merchant acquirers. Nevertheless, the model as well permits a mobile operator to acquire merchants or a bank to issue a micropayment instrument. I.e., the technical architecture supports a whole bunch of possible business setups. 5 Conclusions and outlook The presented approach combines the security features and strong user authentication of GSM networks, the cost efficiency of micropayment, and the flexibility and world wide acceptance of existing macropayment schemes.

Interoperable Mobile Payment A Requirements-Based Architecture 7 Non-proprietary (interoperable) payment systems are superior to proprietary solutions in the long term and create additional value for all participating parties. Technically, the interchange domain ensures interoperability between independent issuers and acquirers who operate components (wallet server, merchant server, etc.) of various vendors. On the business side, initiatives like the GSM Association and the Mobile Payment Services Association (MPSA) are setting up interoperable mobile payment schemes [ITW03]. However, the introduction of a new and widely accepted mobile payment scheme, in particular the setup of a clear business model and the delay until users get confidence and familiarity with a new brand and scheme, will take considerable time (cf. the introduction of credit card schemes). Nevertheless, the commitment of mobile network operators to initiatives like MPSA point towards the introduction of interoperable micropayment schemes. Next-generation mobile payment systems are on their way. References [Apacs03] Association for Payment Clearing Services: Payments, Facts and Figures http://www.apacs.org.uk/about_apacs/htm_files/figures.htm, as of 2003-01-20, Cash http://www.apacs.org.uk/about_apacs/htm_files/cash.htm, as of 2003-01-20. [Cyb03] CyberCash, Inc. (acquired by VeriSign, Inc), http://www.cybercash.com/. [Frost02] Frost & Sullivan: Mobile Commerce Payments, May 2002. [GSM03] GSM: GSM Recommendations 02.09, 02.17, 03.20, and 03.21; cf. for example http://www.3gpp.org/ftp/specs/archive/ as of 2003-01-20. [ISO87] ISO 8583: Bank card originated messages Interchange message specifications Content for financial transactions, August 1987. [Pay03] Paybox AG, http://www.paybox.de/ and http://www.paybox.net/ as of 2003-01-20. [SET97] SET Secure Electronic Transaction LLC: SET Specification Books, May 1997, http://www.setco.org/set_specifications.html as of 2003-01-20. [Visa01] Visa International Service Association: 3-D Secure Protocol Specification, November 2001. [ITW03] ITWorld: European operators team on mobile payment scheme, http://www.itworld.com/net/2613/030226eumobile/page_1.html as of 2003-05-14.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information