BS ISO 12812-1-2017 Core banking Mobile financial services General framework《核心银行系统 移动金融服务 通用框架》.pdf

1、BS ISO 12812-1:2017Core banking Mobile financial servicesPart 1: General frameworkBSI Standards PublicationWB11885_BSI_StandardCovs_2013_AW.indd 1 15/05/2013 15:06BS ISO 12812-1:2017 BRITISH STANDARDNational forewordThis British Standard is the UK implementation of ISO 12812-1:2017. The UK participa

2、tion in its preparation was entrusted to TechnicalCommittee IST/12, Financial services.A list of organizations represented on this committee can be obtained on request to its secretary.This publication does not purport to include all the necessary provisions of a contract. Users are responsible for

3、its correct application. The British Standards Institution 2017.Published by BSI Standards Limited 2017ISBN 978 0 580 79571 8 ICS 03.060 Compliance with a British Standard cannot confer immunity from legal obligations.This British Standard was published under the authority of the Standards Policy an

4、d Strategy Committee on 30 April 2017.Amendments/corrigenda issued since publicationDate T e x t a f f e c t e dBS ISO 12812-1:2017 ISO 2017Core banking Mobile financial services Part 1: General frameworkOprations bancaires de base Services financiers mobiles Partie 1: Cadre gnralINTERNATIONAL STAND

5、ARDISO12812-1First edition2017-03Reference numberISO 12812-1:2017(E)BS ISO 12812-1:2017ISO 12812-1:2017(E)ii ISO 2017 All rights reservedCOPYRIGHT PROTECTED DOCUMENT ISO 2017, Published in SwitzerlandAll rights reserved. Unless otherwise specified, no part of this publication may be reproduced or ut

6、ilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISOs member body in the country of the requester.ISO copyri

7、ght officeCh. de Blandonnet 8 CP 401CH-1214 Vernier, Geneva, SwitzerlandTel. +41 22 749 01 11Fax +41 22 749 09 47copyrightiso.orgwww.iso.orgBS ISO 12812-1:2017ISO 12812-1:2017(E)Foreword vIntroduction vi1 Scope . 12 Normative references 13 Terms and definitions . 14 Abbreviated terms 85 Concept of i

8、nteroperability . 95.1 General . 95.2 Concept of interoperability for payments: the business layer . 95.3 Concept of interoperability for payments: the technical layer 95.4 Interoperability objectives 96 Relationships between customers and MFSPs .106.1 General 106.2 Legal status of the customer 106.

9、3 Role played by the customer 106.4 Contractual relationship between the customer and the institution 116.5 Choice of wording for ISO 12812 (all parts) . 117 Rationale for ISO 12812 (all parts) 117.1 General 117.2 Environment description 117.2.1 General. 117.2.2 Increased dematerialization of financ

10、ial services 127.2.3 Increased use of financial services 127.2.4 Increased cross-border payments . 127.2.5 Remote management of applications 127.2.6 Enhanced proximate functionalities 127.2.7 Enhanced multi-application environment 137.3 Standardization challenges . 137.3.1 General. 137.3.2 Adaptatio

11、n of mobile financial services to a fast evolving technology 137.3.3 Complexity of ecosystems . 137.3.4 Complexity of regulatory systems .137.3.5 Consumer expectation for accessing all services using the same device .137.3.6 Risk management in the mobile environment 147.3.7 Certification programs .1

12、47.3.8 Role of the mobile device . 148 Mobile payments .148.1 General payment functions . 148.1.1 General. 148.1.2 Payment service issuance . 148.1.3 Payment service activation 148.1.4 Payment service selection by the payer 158.1.5 Application selection by the POI or the payment gateway .158.1.6 App

13、lication data retrieval . 158.1.7 Customer identification 158.1.8 Payer authentication .158.1.9 Application authentication 158.1.10 Payer authorization/confirmation 158.1.11 Transaction data authentication . 158.1.12 MFSP authorization 158.1.13 Completion of the transaction . 16 ISO 2017 All rights

14、reserved iiiContents PageBS ISO 12812-1:2017ISO 12812-1:2017(E)8.1.14 Clearing and settlement 168.1.15 End of service 168.2 Mobile proximate payment . 168.2.1 General. 168.2.2 Mobile contactless payment . 168.2.3 Mobile proximate payment based on bar code 178.3 Mobile remote payment . 178.3.1 Genera

15、l. 178.3.2 Payment to businesses .178.3.3 Payment to persons 189 Mobile banking 199.1 General 199.2 General mobile banking functions 199.2.1 General. 199.2.2 Enrolment . 199.2.3 Customer profile management . 209.2.4 Banking service issuance . 209.2.5 Customer identification 209.2.6 Customer authenti

16、cation . 209.2.7 Customer authorization/confirmation 209.2.8 Transaction data authentication . 209.2.9 Financial institution authorization .209.2.10 Completion of the banking operation .209.2.11 End of service 209.3 Channels for mobile banking . 209.3.1 General. 209.3.2 Mobile Internet browser 219.3

17、.3 Mobile application .219.3.4 Short Messaging Service (SMS) 2110 Mobile financial services supporting technologies .2110.1 Mobile device . 2110.2 Mobile communication . 2210.3 Mobile device local interface 2210.4 Applications 2210.5 Mobile wallet . 2210.6 Secure element . 2310.7 User interface 2410

18、.8 Trusted execution environment 2410.9 Secured server 2410.10 Service management . 2511 Stakeholders involved in the mobile payment ecosystems .2512 Implementations of ISO 12812 (all parts) 26Annex A (informative) Organizations involved in mobile standardization and guidance .27Annex B (informative

19、) Mobile payment ecosystems and related business models for MFSPs .28Annex C (informative) Payment instruments .30Bibliography .33iv ISO 2017 All rights reservedBS ISO 12812-1:2017ISO 12812-1:2017(E)ForewordISO (the International Organization for Standardization) is a worldwide federation of nationa

20、l standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. Internation

21、al organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.The procedures used to develop this document and those intended f

22、or its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www .iso

23、.org/ directives).Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will

24、 be in the Introduction and/or on the ISO list of patent declarations received (see www .iso .org/ patents).Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement.For an explanation on the voluntary nature of standards, the meani

25、ng of ISO specific terms and expressions related to conformity assessment, as well as information about ISOs adherence to the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following URL: www .iso .org/ iso/ foreword .html.This document was prepared by Tec

26、hnical Committee ISO/TC 68, Financial services, Subcommittee SC 7, Core banking.A list of all the parts in the ISO 12812 series can be found on the ISO website. ISO 2017 All rights reserved vBS ISO 12812-1:2017ISO 12812-1:2017(E)IntroductionThe use of mobile devices to conduct financial services (i.

27、e. payments and banking) is occurring following the steady rise in the number of customers using the Internet for these services. As an evolving market, mobile financial services are being developed and implemented on various bases throughout the different regions of the world and also among the var

28、ious providers of such services. In these conditions, the purpose of the ISO 12812 (all parts) is to facilitate and promote interoperability, security and quality of mobile financial services. At the same time, it is important that stakeholders in the services can benefit from the evolution and serv

29、ice providers remain commercially free and competitive in order to pursue their own business strategies. ISO 12812 (all parts) addresses the interoperability only at the technical layer by considering the impact of new components and/or interfaces induced by the introduction of a mobile device in fi

30、nancial services. The intentions of ISO 12812 (all parts) are as follows.a) To advance interoperability of mobile financial services globally by defining requirements based on a common terminology and basic principles for the design and operation of mobile financial services.b) To define technical c

31、omponents and their interfaces, as well as roles that may be performed by different actors in addition to mobile financial service providers (e.g. mobile network operators, trusted service managers). These components and their interfaces, as well as roles, are defined according to identified use cas

32、es. Future use cases may be considered during the maintenance of ISO 12812 (all parts).c) To identify existing standards on which mobile financial services should be based, as well as possible gaps.Standardization in this area is beneficial for the sound development of the mobile financial services

33、market because it will: facilitate and promote interoperability between the different components or functions building mobile financial services; build a safe environment so that consumers and merchants can trust the service and allow the mobile financial service providers to manage their risks; pro

34、mote consumer protection mechanisms including fair contract terms, rules on transparency of charges, clarification of liability, complaints mechanisms and dispute resolution; enable the consumer to choose from different providers of devices or mobile financial services including the possibility to c

35、ontract with several mobile financial service providers for services on the same device; enable the consumer to transfer a mobile financial service from one device to another one (portability); promote a consistent consumer experience among various mobile financial services and mobile financial serv

36、ice providers with easy-to-use interfaces.To achieve these objectives, each part of ISO 12812 (all parts) will specify the necessary technical mechanisms and, when relevant, refer to existing standards as appropriate.ISO 12812 (all parts) provides a framework flexible enough to accommodate new mobil

37、e device technologies, as well as to allow various business models. At the same time, it enables compliance with applicable regulations including data privacy, protection of personally-identifiable data, consumer protection, anti-money laundering and prevention of financial crime.It is not the inten

38、tion of ISO 12812 (all parts) to duplicate or to seek to replace any existing standard in the area of mobile financial services (e.g. communication protocols, mobile devices). It is also not the intention to drive technology to any specific application or to restrict the development of future vi ISO

39、 2017 All rights reservedBS ISO 12812-1:2017ISO 12812-1:2017(E)technologies or solutions. Messages and data elements to be exchanged at the interfaces between the different components or actors of the system may be those already specified e.g. ISO 20022, ISO 8583 (all parts).ISO 12812 (all parts) re

40、cognizes the need for unbanked or under-banked consumers to access mobile financial services. It also recognizes that these services may be provided by diverse types of institutions in accordance with the applicable regulation(s).The ISO 12812 series consists of the following parts: Part 1: General

41、framework The introduction of the standard with descriptions of some fundamental bases on which the other parts are built; Part 2: Security and data protection for mobile financial services Definition of a general framework for the secure execution of mobile financial services; Part 3: Financial app

42、lication lifecycle management The lifecycle of the application including roles and infrastructure for secure provisioning; Part 4: Mobile payments to persons Use cases and requirements for interoperability; Part 5: Mobile payments to businesses Use cases and requirements for interoperability. ISO 20

43、17 All rights reserved viiBS ISO 12812-1:2017BS ISO 12812-1:2017Core banking Mobile financial services Part 1: General framework1 ScopeThis document defines the general framework of mobile financial services (payment and banking services involving a mobile device), with a focus on:a) a set of defini

44、tions commonly agreed by the international financial industry;b) the opportunities offered by mobile devices for the development of such services;c) the promotion of an environment that reduces or minimizes obstacles for mobile financial service providers who wish to provide a sustainable and reliab

45、le service to a wide range of customers (persons and businesses), while ensuring that customers interests are protected;d) the different types of mobile financial services accessed through a mobile device including mobile proximate payments, mobile remote payments and mobile banking, which are detai

46、led in other parts of ISO 12812;e) the mobile financial services supporting technologies;f) the stakeholders involved in the mobile payment ecosystems.This document includes the following informative annexes: an overview of other standardization initiatives in mobile financial services (Annex A); a

47、description of possible mobile payment business models (Annex B); a description of typical payment instruments which may be used (Annex C).2 Normative referencesThere are no normative references in this document.3 Terms and definitionsFor the purposes of this document, the following terms and defini

48、tions apply.ISO and IEC maintain terminological databases for use in standardization at the following addresses: IEC Electropedia: available at http:/ www .electropedia .org/ ISO Online browsing platform: available at http:/ www .iso .org/ obp3.1acquirerinstitution (3.17) that has contracted with th

49、e merchant (3.19)/payee (3.38) in order to process the payment transaction (3.40) data and transmit onwards in the payment system (3.45)Note 1 to entry: This role might or might not be performed by the merchant/payee institution.INTERNATIONAL STANDARD ISO 12812-1:2017(E) ISO 2017 All rights reserved 1BS ISO 12812-1:2017ISO 12812-1:2017(E)3.2aliaspseudonym for the payer (3.39) and/or the payee (3.38) uniquely linked to the name and account associated to the payment instrument (3.43)EXAMPLE Mobile phone number.3.3app