International Card Payment Total Solution. Request for Information (RFI)

Similar documents
ACQUIRER OR ACQUIRING BANK A financial institution (often a bank) where a merchant has an account to process transactions and card payments

ACI Card and Merchant ManagementTM solutions overview

Your Reference Guide to EMV Integration: Understanding the Liability Shift

REQUEST FOR EXPRESSIONS OF INTEREST 4887 EOI NETWORK BACKUP/ ARCHIVING

Secure Financial Transactions Any Time, Any Place

Ridge Tower Building, Sixth Avenue, Ridge-Accra, Ghana, West Africa. P.O. BOX CT 1003, Cantonments, Accra. Telephone: , fax:

Euronet Software Solutions Integrated Credit Card System Improve your organization s marketability, profitability and revenue

Introduction and Background

EMP's vision is to be the leading electronic payments processing company in the emerging markets of Africa and the Middle East.

ACFS PRODUCT FLYER MTFS

We make cards and payments work for people as a part of everyday life. We bring information to life

Dates VISA MasterCard Discover American Express. support EMV. International ATM liability shift 2

Al Mubarak Credit Card Term and condition

American Express and Discover are proprietary entities performing the functions of both a card association and an issuing bank.

Journal of Internet Banking and Commerce

Agent Registration. Program Guide. (For use in Asia Pacific, Central Europe, Middle East, Africa)

Visa Recommended Practices for EMV Chip Implementation in the U.S.

Request for Proposal Business & Financial Services Department

Euronet s Contactless Solution

Request for Information Integrated Portfolio, Project & Management Information System Technical Assistance Unit RFI: TAU/01

Ambit Card Management Card Management Solution Suite

Terms and Conditions

White paper. Focus on value added services by network companies a paradigm shift. Rahul Kaushal, Ramakant Mittal

KERKERING BARBERIO & CO., P.A. CLIENT HOSTING AGREEMENT

SWEDBANK AS TERMS AND CONDITIONS FOR PAYMENT CARDS SERVICING Valid from

Guidelines for Card Issuance and Usage in Nigeria

A Retailer Guide to Bank Accreditation

welcome to liber8:payment

OXY GEN GROUP. pay. payment solutions

Business Operations. Module Db. Capita s Combined Offer for Business & Enforcement Operations delivers many overarching benefits for TfL:

The Adoption of EMV Technology in the U.S. By Dave Ewald Global Industry Sales Consultant Datacard Group

EMV FAQs. Contact us at: Visit us online: VancoPayments.com

WASHINGTON STATE UNIVERSITY MERCHANT ACCOUNT AGREEMENT FOR UNIVERSITY DEPARTMENTS

Web Site Hosting Service Agreement

EMV Frequently Asked Questions for Merchants May, 2014

The Canadian Migration to EMV. Prepared By:

Anglo American Procurement Solutions Site

EMV and Small Merchants:

We believe First Data is well positioned to take advantage of all of these trends given the breadth of our solutions and our global operating

EMV mobile Point of Sale (mpos) Initial Considerations

Payments Transformation - EMV comes to the US

investment portfolio service

Agent Registration. Program Guidelines. (For use in Asia Pacific, Central Europe, Middle East and Africa)

Online (Internet) Banking Agreement and Disclosure

Rediff Hosting Business Associate Agreement

RETHINKING CARDS BUSINESS. Erick Ho, Head of Payment Services, SunGard 17 September Break through.

The Housing Agency Marketplace

Mobile Payment in India - Operative Guidelines for Banks

EMV : Frequently Asked Questions for Merchants

TERMS AND CONDITIONS OF USE OF KUWAIT FINANCE HOUSE BAHRAIN S WEBSITE & INTERNET BANKING SERVICES

AN OVERVIEW OF INFORMATION SECURITY STANDARDS

Information security due diligence

PUNJAB NATIONAL BANK EXPRESSION OF INTEREST (EOI) FOR EARLY WARNING SYSTEM LOAN ACCOUNTS

Guide to Payment Processing

How To Use Fis Payment Gateway

How To Use Ncr Aptra Clear

What are the PCI DSS requirements? PCI DSS comprises twelve requirements, often referred to as the digital dozen. These define the need to:

TEXTURA AUSTRALASIA PTY LTD ACN ( Textura ) CONSTRUCTION PAYMENT MANAGEMENT SYSTEM TERMS AND CONDITIONS OF USE

The following information was prepared to assist you in understanding potential Electronic Value Transfer terminology.

Merchant Service Agreement - General Terms

What Merchants Need to Know About EMV

GCB Debit Card Corporate Application Form

EMV Migration and Certification in the U.S. UL's View on Optimizing EMV Brand Certification Processes

IBM and ACI Worldwide Providing comprehensive, end-to-end electronic payment solutions for retail banking

U.S. Smart Card Migration: Stripe to EMV Claudia Swendseid, Federal Reserve Bank of Minneapolis Terry Dooley, SHAZAM Kristine Oberg, Elavon

TOURISM INNOVATIVE PAYMENT SOLUTIONS. Efficient, flexible, worldwide and secure

the region s leading payments company

SCHEDULE A MODIFIED SCOPE OF SERVICES MERCHANT CARD PROCESSING SERVICES STATE OF NORTH CAROLINA AND SUNTRUST MERCHANT SERVICES

State of Iowa REQUEST FOR INFORMATION. RFI # State of Iowa ERP System Maintenance, Upgrades and Services

Canadian Pharmaceutical Distribution Network Certificate Authority Services Agreement. In this document:

Tyro Merchant Service Agreement - General Terms

EMV A Gated Parking Systems Perspective PIE March 18 th 2014

Volume PLANETAUTHORIZE PAYMENT GATEWAY. vtiger CRM Payment Module. User Guide

Words importing only the singular shall include the plural and vice versa.

CITY OF LEMOORE REQUEST FOR PROPOSALS FOR CREDIT CARD PROCESSING SERVICE. City of Lemoore Finance Department 119 Fox St Lemoore, CA 93245

Request for Proposal (RFP) K3311 Disaster Recovery as a Service (DRaaS)

Interoperable Mobile Payment A Requirements-Based Architecture

SAMPLE RETURN POLICY

Request for Proposal (RFP) for. Corporate Agency Arrangement for General Insurance Business

PCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows:

ONLINE BANKING AGREEMENT

DISCLAIMER. Any fact, assessment, analysis, forecasts, opinion and other information (collectively Information ) released by:

STATE BANK OF PAKISTAN

NBT Bank Personal and Business Mobile Banking Terms and Conditions

Request for Information Mobile Payments (April 2015)

Should Costing Version 1.1

Verified by Visa. Acquirer and Merchant Implementation Guide. U.S. Region. May 2011

Transcription:

International Card Payment Total Solution Request for Information (RFI) October 2016

Copyright: All rights reserved. Reproduction or use of this document in any manner without express permission of ISC is strictly prohibited. LIST OF ABBREVIATIONS Abbreviations INET ICS CMS MMS PSP ISC CBI SHETAB SHAPARAK Full Names Iran Network for Electronic Transactions International Card Schemes e.g. VISA, MasterCard, Union Pay International, JCB, etc. Card Management System Merchant Management System Payment Service Provider Informatics Services Corporation Central Bank of Iran SHETAB provides the connectivity to the banks and act as the interchange and clearing engine for not-on-us transactions and all card based fund transfers. SHAPARAK is the governance and management entity for PSPs including payments to the merchants through the ACH and handling dispute resolution.

Table of Contents 1 INTRODUCTION... 1 1.1 OBJECTIVE... 1 1.2 BACKGROUND... 1 2 CURRENT ENVIRONMENT... 2 2.1 BANKS... 2 2.2 CURRENT CARD SYSTEMS & PROCESSES... 2 2.3 CURRENT PAYMENT ECOSYSTEM SCHEME... 3 2.4 CURRENT CARD PAYMENT TRANSACTIONS VOLUME... 3 3 THE REQUIREMENTS... 4 3.1 SCOPE OF THE PROJECT... 4 3.2 TECHNICAL REQUIREMENTS... 5 3.3 IMPORTANT FEATURES... 6 3.4 RESPONDENTS QUALIFICATIONS... 7 4 FORMAT OF RESPONSES TO RFI... 7 4.1 CORPORATE OVERVIEW... 7 4.2 PRODUCT INFORMATION... 8 4.3 PROJECT-RELATED INFORMATION... 8 4.4 SUCCESS STORIES... 9 4.5 TECHNICAL ENVIRONMENT... 9 5 PREPARATION OF RESPONSES... 9 6 SUBMISSION DEADLINE AND ADDRESS... 9 7 DISCLAIMER... 10 7.1 NON-BINDING... 10 7.2 COSTS... 10 7.3 NO LIABILITY... 10 7.4 AMENDMENT... 11 7.5 ACCEPTANCE OF THE TERMS AND CONDITIONS OF THIS RFI... 11

1 Introduction 1.1 Objective Informatics Services Corporation (ISC) is considering the procurement of a national merchant management system, card management system, ACS 1 and FRM 2 to manage international card payments (e.g. JCB, Union Pay International, Visa/MasterCard and etc.) usage in the domain of Iran's payment network, running alongside the current national card scheme, with conditions outlined in this document. The purpose of this Request for Information (RFI) is to acquire relevant information from top potential suppliers. Following the assessment of the responses made to this RFI, ISC may issue a Request for Proposal (RFP) for the provision of the solution to a short-list of potential suppliers selected based on the requirements described later in this document. However, ISC undertakes no commitment through the issue of this RFI and/or the subsequent receipt of responses to proceed any further with this process, should it so be decided. The information outlined in this RFI, is just to show an image of the project in general for the purpose of preparing a short list of qualified suppliers; and will not constitute neither an exact description of the project, nor an official explanation of its requirements. The RFP, which will be dispatched later to those short-listed suppliers who are willing to participate in the bid, will be the only document that can be referred to for the proposal. ISC and its advisers will treat all information received in response to this RFI in confidence and will use it solely for the purpose of deciding whether to invite the respondent to submit a proposal or not. 1.2 Background With more than 20 years of experience in developing and implementing national banking and payment infrastructures, ISC has been delegated to commence the International Card Payment Total Solution project. An overall introduction about the company is provided as follows: Established: 1993 Listed on Tehran stock exchange: 2003 Headquarters: Tehran, Iran Locations: Nationwide Employees: Over 1,200 Main Activities: Providing high level banking solutions, in two main sectors: 1. Governmental: National Payment Systems (SHETAB, SHAPARAK, RTGS, ACH, CIS, SSSS and etc.) 1 Access Control Server 2 Fraud / Risk Management Version 0.1, Copyright 2016, Confidential Page 1

2. Competitive Market: Core Banking, Card and Payment Switch, Digital Banking, Security and Consultancy. More information can be obtained at: www.isc.co.ir The series of national payment and settlement platforms and systems for the inter-bank segment, including Real-Time Gross Settlement System (RTGS), Automated Clearing House (ACH), Scripless Securities Settlement System (SSSS) and Inter-Bank Card Switch systems which include SHETAB (Banking Network) and SHAPARAK (Payment Network) systems have already been implemented. Now, the mission of connecting Iran's payment ecosystem to the international card schemes (ICS) including JCB and UPI in short term as well as Visa and MasterCard in long term has been taken into consideration. This mission is defined in order to create the facility of accepting foreign visitors' international payment cards in Iran's payment network on one hand and issuing international payment cards for Iranian citizens traveling abroad on the other hand. 2 Current Environment 2.1 Banks There are currently 34 licensed banks and Credit Institutions (apart from CBI) operating in Iran. 2.2 Current Card Systems & Processes The current proprietary debit card system has the following characteristics: Supporting multiple delivery channels including ATM, branch, point of sale (POS), KIOSK, mobile and Internet payments. Each bank is responsible for the issuance of its own magnetic stripe cards. The Payment Service Providers' (PSP) switches manage the POS devices, Internet Payment Gateways (IPGs) and Mobile payment solutions and support merchant management functions. POS transactions as well as internet-based payments are passed from the PSP switches to the SHAPARAK switch for routing to the SHETAB switch and subsequent routing to the issuing bank. SHAPARAK s primary function is the governance and management of PSPs including the payment to merchants through the ACH and handling dispute resolution. SHETAB s primary function is to provide the connectivity to the banks and act as the interchange and clearing engine for not-on-us transactions and all card based fund transfers. ATM / KIOSK hosting is supported by the owner bank Version 0.1, Copyright 2016, Confidential Page 2

Not-on-us ATM / KIOSK transactions are switched to SHETAB for routing to the card issuing bank 2.3 Current Payment Ecosystem Scheme Figure 1 illustrates the current POS delivery channel architecture. Figure 1- Current Payment Ecosystem Scheme 2.4 Current Card Payment Transactions Volume Card The current domestic debit card base is reported to have approximately 334 million cards registered. Having the total population of individuals aging 15 years old and above surpassing 60 million, the number of cards issued per person is estimated to be 5.5 cards. A range of card products are offered by the banks, such as debit, credit (very few), gift, salary, etc. Version 0.1, Copyright 2016, Confidential Page 3

SHAPARAK SHAPARAK processes more than 50 million transactions per day. Point of Sale There are 3,300,000 merchants supported by 4,590,000 POS devices in the country. ATMs The number of Installed ATMs in Iran is about 44,000, each generating an average of 10,500 transactions per month. 3 The Requirements 3.1 Scope of the Project The International Card Payment Total Solution requires the implementation of a Central Card Management Infrastructure to operate in parallel with the current Iranian card processing retail payments infrastructure. The current Iranian card processing retail payments infrastructure will later be merged or migrated into the proposed parallel retail payments infrastructure. The main components of the proposed parallel card management infrastructure are considered to build the new domain -called Iran Network for Electronic Transactions ( INET )-which will fulfill the purpose of this request. INET should be consisted of components as described in technical requirements (section 3.2). Important Note: Local banks and PSPs will have the option of connecting to the international card schemes through INET; however they can keep running their own CMS and MMS. Further to this option, they may even run their own (or independent) ACS and Switch as long as they comply with the required CBI oversight and its mandatory provisions. Version 0.1, Copyright 2016, Confidential Page 4

Figure 2 Scope of the Project The proposed infrastructure at a high level should support the following requirements: All transactions processed by both INET and the ICSs should be passed through the Central Switch covering single messages, authorizations and clearing transactions. The POS devices should be connected directly into the new International Card Enablement Domain s (INET) central switch. The new INET switch should become the consolidated fully functional central switch, considered as the core infrastructure. Merchant management which is split between SHAPARAK and the PSP under the existing infrastructure, should be consolidated within the INET domain. Merchant management may, in the longer term, be evolved out to the acquiring banks. The PSP domain retains the Internet Payment Gateway (IPG) services. It is suggested that a 3D Secure Central Access Control Server be managed within the INET domain, updated by the issuer banks, and accessed by the PSPs IPG systems. An integrated risk assessment of each transaction should be performed by INET endto-end, with individual card issuers optionally performing their own assessment. The INET platform should support a mobile gateway as a component of the Central Switch. The infrastructure components should also include high volume EMV card production. 3.2 Technical Requirements INET solution should include but not be restricted to the following modules: Version 0.1, Copyright 2016, Confidential Page 5

A Central Card Management System (Supporting Issuing and acquiring modules) A Central Merchant acquiring System A Central EFTPOS / ATM switch (INET Switch) Access Control Server (ACS) 3D Secure Fraud/Risk Management System The sub-modules of INET should include at least the following functionalities (in addition to basic functionalities): Switching capabilities International card schemes' interfaces Channel Management Merchant and device management Authorization Online / Offline transaction management Clearing and settlement mechanism Dispute resolution / Charge-back Loyalty management Fraud & Risk Management and AML Data Analytics and BI Issuing module functionalities (activated in next phases) including High volume EMV card production 3.3 Important Features Security: Please describe the security technologies and infrastructure which will be adopted for the proposed solution. The security infrastructure should cover protections on payment messages, user authentication data, PIN, card information, etc., using technologies which are compliant with international information system security standards such as ISO27001, PA DSS, PKI, PCI DSS, EMV, 3D Secure, HCE, etc. Encryption and Tokenisation Supporting Omni-channel capabilities in all delivery channels (In-App. Payments, In- Store payments, online payments, m-pos and etc.) Supporting variety of cards (Or other payment tools) like credit, debit, gift cards, etc. Supporting different payment methods (card present, card not present, with PIN, no PIN and etc.) Connectivity to 3 rd party systems Connectivity to other National Payment systems like RTGS, ACH and etc. Connectivity to other systems like bill payments, top-up charge and etc. Connectivity to other ACS and switches, if any; and other MMS and CMS, if required. Multi-currency Scalability to national scope Version 0.1, Copyright 2016, Confidential Page 6

3.4 Respondents Qualifications Respondents must meet the following qualifications in order to be considered and they must provide detailed evidence to prove that they meet each of the following criteria: The Respondents must have at least 10 years of experience in providing similar solutions to the required utilizations, mentioned in this request. The system must be already operational in at least two different countries, preferably similar to or larger than Iran's scale, with more than 70 million transactions per day and minimum TPS of 3000. The system must have been certified by at least two of the main international card payment networks (MasterCard, Visa, JCB, and Union Pay International). The respondent must be able to offer in-house developed solution (as product owner) for this RFI. If the respondent cannot provide all the requested modules and components (as illustrated in figure 2) and is using the other respondents products; the ability of integrating the modules and components is mandatory and the evidence of at least two successful projects should be provided. The respondents must confirm their capacity to deliver the Solution in full compliance with all applicable international and local laws and regulations ISC shall decide in its free discretion if a Supplier is invited to submit responses to this RFI and ISC shall have the right at any time and its free discretion to discontinue the discussions and/or the procedure with a Supplier, without incurring any liability towards such non selected or discontinued Supplier(s). 4 Format of Responses to RFI Via this RFI, ISC wishes to gather information on the functional and technical possibilities for installing and operating an integrated national switch for merchant acquiring, supporting different types of payments in all channels. Responses should be in accordance with the requirements described above and structured as below: 4.1 Corporate Overview Description of company Description of the respondent s business (Note: The aspects of the business which has no relevance to the subject of this RFI are not needed to be described in detail but should be mentioned) Registered office address and company registration number Location of the headquarters Details about the ultimate holding company, their shareholders along with their nature and nationalities, and any other identification and related information such as that listed on a publicly traded stock exchange Number and location of the offices worldwide Version 0.1, Copyright 2016, Confidential Page 7

Number of the staff worldwide Awards and recognitions related to the project Assurance about the financial stability of the company Name and full contact details for a nominated individual dealing with the response to this RFI and any further communications Any other legal or trading names used in the past five years Certified partners Other information as requested in the requirement section 4.2 Product Information Responses should contain a short, but informative, description of the required solution, including mandatory and optional modules, which may satisfy the requirements outlined above in this document. The technical description should outline the system architecture, modular design and the list of operational functions available for use to meet the high level requirements of all the system components in the International Cards Payment System INET. Description of the technical solution should provide the following information: a) System functions of the solution for each component b) Payment message flows, routing and processing scheme for all types of card payments and administration transactions, including clearing and settlement c) Message formats supported d) System interfaces available for Central Bank of Iran, banks and PSPs to connect with various components e) The available system interfaces, including message and file formats, for clearing and settlement with RTGS system should be included in this description. 4.3 Project-Related Information The standards/procedures for project management and quality assurance applied in similar projects Disaster recovery scenario for the solution The approaches for training (in development, implementation, administration, operation, etc.), knowledge transfer, and source-code delivery Proposed delivery models Certifications of the project team members The solution deployment time (ISC's desired time for launching the 1st phase of the project (in which up to 30.000 POS are operational, and up to 3 banks may issue the cards) is 6 months and not later than the end of March 2017) Version 0.1, Copyright 2016, Confidential Page 8

4.4 Success Stories Experiences in implementing similar solutions in other countries shall be mentioned by the respondents. Implementation of the solution as a national acquiring platform would be considered as a positive point. This section should include: Number of this RFI related customers Number of National Payment acquiring and switch implementations Contacts of three reference customers similar to the RFI business area and requirement scale 4.5 Technical Environment Technical characteristics which describe the IT system infrastructure, hardware platform, database system, operating system, third party software, security equipment/software, LAN networks, network management system and telecommunication links required, to be supplied and established for the operations of the solution should be outlined by the respondents. Please provide examples of a MINIMUM system configuration, with the indicative models of the hardware, database, system software, security device and network equipment, which will be required for implementation of the International Card Payment Systems infrastructure. The configuration should be scalable for the system to expand and cope with future increase of multi-regional payment volumes. The system configuration should be separately described as required by various stakeholders in the international payment card processing, including: Hardware, software and network required by Central Bank of Iran (operating the INET platform) Hardware, software and network required by banks in order to connect with the proposed INET platform Hardware, software and network required by the third party PSPs in order to connect with the proposed INET platform Please provide the value of operational performance metrics, including scalability, resilience, data centralization, availability, TPS, etc. as well as related benchmark results. 5 Preparation of Responses Any respondent to this RFI is requested to fill in the tables attached as an Excel File here in this document and submit it altogether with other supportive documents to the mailing address mentioned in section 6. 6 Submission Deadline and Address Respondents should submit their responses to this RFI on or before 21/October/2016. Respondents may submit their response information in via E-mail or by hardcopy to the following addresses: Version 0.1, Copyright 2016, Confidential Page 9

Contact Person: Ms. Maryam Mohamadian E-mail address: m_mohamadian@isc.co.ir Postal Address: No.6 Madadkaran Str., Shahnazari Str., Madar Sq., Mirdamad Blvd., Tehran, P.O. Box: 1545654311, Iran 7 Disclaimer 7.1 Non-Binding This RFI is (i) issued and being sought strictly for information and planning purposes (ii) does not constitute a solicitation, a request for proposal (RFP) or a promise to issue an RFP in the future and (iii) should not be construed as intent, commitment, or promise to acquire services, supplies, or solutions offered. A response to this RFI is not an offer and cannot be accepted by ISC to form a binding contract. 7.2 Costs All costs in relation with responding to this RFI, holding discussions and pursuing the procedure in relation with the Project shall be solely at the respondent s expense. No reimbursement of costs or expenses of any type whatsoever shall be paid to respondents or any other persons or entities expressing interest in the initiative for purposes of submitting an RFI response and to this end, no respondent shall have a claim against ISC, its staff or its advisors, or any other organ of state related to ISC, arising out of any matter relating to this RFI document or to the Project, of any nature whatsoever whether or not any circumstances arising as a result of, such claim is based on any act or omission by ISC or any organ of state related to ISC whatsoever and/or the content of this RFI or the Project. 7.3 No liability While ISC has taken due care in the preparation of information contained herein, neither ISC, its staff, or its advisors or any other organ of state related to ISC gives any warranty or makes any representations, express or implied, as to the completeness for purpose or accuracy of the information contained in this document or any information which may be provided in connection therewith. The information contained herein is not intended to be exhaustive. Respondents are required to make their own enquiries and they shall not solely rely on the information provided in this RFI in submitting their response. Version 0.1, Copyright 2016, Confidential Page 10

7.4 Amendment ISC may at any time prior to the deadline for lodging response to this RFI, amend the RFI or extend the time for lodging responses. Any amendment under this clause will become part of the request for information. 7.5 Acceptance of the terms and conditions of this RFI Submission of a response constitutes acknowledgement that the respondent has read and agrees to be bound by the terms and conditions of this RFI. Version 0.1, Copyright 2016, Confidential Page 11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information