1、Core banking Mobile financial services Part 4: Mobile payments-to-persons PD ISO/TS 12812-4:2017 BSI Standards Publication WB11885_BSI_StandardCovs_2013_AW.indd 1 15/05/2013 15:06National foreword This Published Document is the UK implementation of ISO/TS 12812- 4:2017. The UK participation in its p
2、reparation was entrusted to Technical Committee IST/12, Financial services. A list of organizations represented on this committee can be obtained on request to its secretary. This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correc
3、t application. The British Standards Institution 2017. Published by BSI Standards Limited 2017 ISBN 978 0 580 82846 1 ICS 03.060 Compliance with a British Standard cannot confer immunity from legal obligations. This Published Document was published under the authority of the Standards Policy and Str
4、ategy Committee on 30 April 2017. Amendments/corrigenda issued since publication Date Text affected PUBLISHED DOCUMENT PD ISO/TS 12812-4:2017 ISO 2017 Core banking Mobile financial services Part 4: Mobile payments-to-persons Oprations bancaires de base Services financiers mobiles Partie 4: Paiements
5、 mobiles personnes TECHNICAL SPECIFICATION ISO/TS 12812-4 Reference number ISO/TS 12812-4:2017(E) First edition 2017-03 ISO/TS 12812-4:2017(E)Foreword v Introduction vi 1 Scope . 1 2 Normative references 2 3 Terms and definitions . 2 4 Abbreviated terms 3 5 Specific characteristics for mobile paymen
6、ts-to-persons . 3 5.1 General . 3 5.2 Mobile payments-to-persons concepts 3 5.3 User expectations . 4 5.4 Stakeholders involved in a mobile payments-to-persons program 4 5.4.1 Mobile financial service provider 4 5.4.2 Mobile network operator . 4 5.4.3 Agent 4 5.4.4 Electronic money service provider
7、4 6 Requirements for mobile payments-to-persons . 5 6.1 General . 5 6.2 Device, network, and application selection requirements 5 6.2.1 General 5 6.2.2 Requirements . 5 6.3 Logging requirements . 6 6.3.1 General 6 6.3.2 Requirements . 6 6.4 Notice requirements 6 6.4.1 General 6 6.4.2 Requirements .
8、6 6.5 Authentication and authorization requirements 7 6.5.1 General 7 6.5.2 Requirements . 7 7 Scenarios for interoperability 7 7.1 General . 7 7.2 Scenario for interoperability 1 7 7.2.1 General 7 7.2.2 Three-corner model 8 7.2.3 Four-corner model . 8 7.3 Scenario for interoperability 2 (cross-syst
9、em payment) . 8 7.4 Interoperability models for payment facilitation 9 7.4.1 General 9 7.4.2 Direct interoperability model . 9 7.4.3 Common infrastructure 10 8 Implementation models 11 8.1 General 11 8.2 High-level architecture and network technologies.11 8.2.1 Layer 1: Infrastructure used to convey
10、 payment initiation and authorization messages 11 8.2.2 Layer 2: Common infrastructure used for payment facilitation 12 8.2.3 Layer 3: Value transfers and funds movement12 8.3 Classification of mobile payments-to-persons .12 8.3.1 General.12 8.3.2 Mobile credit transfer payment .13 8.3.3 Mobile card
11、 payment . 13 ISO 2017 All rights reserved iii Contents Page PD ISO/TS 12812-4:2017 ISO/TS 12812-4:2017(E)8.3.4 Electronic money transfer 13 8.4 Mobile remittances .13 8.5 High-level description for significant use cases 14 8.5.1 General.14 8.5.2 Mobile payments-to-persons by card .14 8.5.3 Payments
12、-to-persons by credit transfer .16 9 Detailed payments-to-persons transaction flows .20 9.1 General 20 9.2 Models for the processing of mobile payments-to-persons 20 9.3 Bank-centric payments-to-persons models 21 9.3.1 Split payment over the ACH system .21 9.3.2 Bank-centric single payment over the
13、ACH system consortium model 23 9.4 Non-bank-centric models .25 9.4.1 General.25 9.4.2 Three-corner non-bank-centric methods funded by non-bank account 26 9.4.3 Split non-bank centric model funded by bank account .27 9.4.4 Three-corner non-bank-centric single model funded by bank account 29 9.5 Card-
14、based payments .30 9.5.1 Processing functionalities .30 9.5.2 Detailed transaction flow 30 Annex A (informative) Financial inclusion for mobile payments-to-persons 33 Annex B (informative) Intra-jurisdictional versus inter-jurisdictional aspects for mobile payments-to-persons 35 Bibliography .36 iv
15、ISO 2017 All rights reserved PD ISO/TS 12812-4:2017 ISO/TS 12812-4:2017(E) Foreword ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO t
16、echnical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates clos
17、ely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization. The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria
18、needed for the different types of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives). Attention is drawn to the possibility that some of the elements of this document may be the subject of
19、patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www .iso .org/ patents). Any trade na
20、me used in this document is information given for the convenience of users and does not constitute an endorsement. For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISOs adherence
21、to the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following URL: w w w . i s o .org/ iso/ foreword .html. This document was prepared by Technical Committee ISO/TC 68, Financial services, Subcommittee SC 7, Core banking. A list of all the parts in the I
22、SO 12812 series can be found on the ISO website. ISO 2017 All rights reserved v PD ISO/TS 12812-4:2017 ISO/TS 12812-4:2017(E) Introduction The ISO 12812 series is a multi-part standard addressing interoperable and secure systems for the provision, operation and management of Mobile Financial Service
23、s (MFSs). This document addresses how a payer interacts with a person to initiate and complete a mobile payment. A “person” can be either a natural individual or a small business entity legally recognized as a “person” but where the payment is casual in nature (e.g. where the purpose is to transfer
24、funds between people who know each other, such as family members, friends or neighbours, or where the relationship between two people is casual, such as to pay the babysitter, nanny, handyman, etc.). Payment instruments used for mobile payments-to-persons are rendered by appropriate MFS applications
25、 that are available in or accessed through a mobile device. This mobile device, using an appropriate secure environment, stores or provides access to sensitive data. Such sensitive data include application configuration information, personal account data and user authentication data (authentication
26、credentials), including cryptographic keys. This document includes a set of requirements and some recommendations intended to facilitate the interoperability of mobile payments-to-persons. This document also outlines the need for consumer protection mechanisms (e.g. including fair contract terms, ru
27、les on transparency of charges, clarification of liability, complaints mechanisms and dispute resolution). The objective of this document is to provide MFSPs with technical provisions to enable the development of interoperable mobile payments-to-persons services, where either the payer or the payee
28、uses a mobile device to transact a payment to a person. Mobile payments-to-persons may require the payer to input a unique identifier of the payee. The payee of a mobile payments-to-persons transaction (e.g. family member, friend) should be able to verify the received amount and the reason for the p
29、ayment. Although the standard focuses on mobile payments- to-persons resulting in account-to-account payments, mobile payments-to-persons systems have also been deployed in scenarios where payer and/or payee are unbanked. From a wider perspective, then mobile payments-to-persons and especially remit
30、tances may facilitate later financial inclusion (see Annex A). This document differentiates between proximate mobile payments-to-persons and remote mobile payments-to-persons: Proximate mobile payments-to-persons refers to a payment conveyed from one mobile device to another mobile device, where the
31、 payer and the payee are physically present in the same location. In this document, such mobile devices are assumed to enable a contactless or other communication channel to be established. One example is the Near Field Communication Interface (see ISO 18092), present on an NFC-enabled Mobile Device
32、. NFC technology in the mode called peer-to-peer establishes such a contactless channel between the two communicating devices. This document does not preclude the use of other proximity technologies like (e.g. bluetooth low energy, QR codes). Remote mobile payments-to-persons refers to payments in w
33、hich both the payer and the payee may be not physically present at the same location, meaning that the mobile device establishes a communication channel using a wireless network. Regarding the implementation of mobile payments-to-persons, the following factors should be considered: Technology innova
34、tion is dynamic, especially for mobile devices and their operating systems, mobile wallets and payment infrastructures. Thus, requirements should be flexible to handle current and future technologies. Regulatory and policy issues should be addressed for the operation of payment systems by ensuring c
35、onformance with national and multi-national legislation and regulation, (e.g. Know Your Customer (KYC), Anti-Money Laundering (AML), the U.S. Office of Foreign Assets Control (OFAC) and Combating the Financing of Terrorism (CFT), data protection/privacy and customer protection).vi ISO 2017 All right
36、s reserved PD ISO/TS 12812-4:2017 ISO/TS 12812-4:2017(E) Global utilization of mobile payments-to-persons in the two following areas: a) The deployment of mobile devices in developing countries that are often challenged by geographical boundaries, a lack of a centralized banking infrastructure, and
37、a need for the provision of MFS to under-banked and/or unbanked individuals. b) Social networks are used by millions or even billions of people in systems relying on interpersonal services (e.g. music, games, relationships). Many of these services generate direct payments-to- persons relationships w
38、hich may involve the use of mobile payments-to-persons. Mobile payments-to-persons constitute one type of MFS. The contents of this document are closely related with other parts of the standard. Potential implementers of mobile retail payment solutions should look at part 5. Both parts 4 and 5 of IS
39、O 12812 seek to support all possible technologies and are not intended to favour any specific technology. Therefore, individual implementations of a mobile payments-to-persons service may be highly dependent upon or require the application of other parts of the ISO 12812 standard. In particular: ISO
40、 12812-1 describes the general framework and definitions for the standard; ISO 12812-2 specifies requirements and recommendations for security and data protection; ISO 12812-3 specifies requirements and recommendations for the management of mobile financial applications. Figures 1 to 6 or part there
41、of are courtesy of the European Payments Council. ISO 2017 All rights reserved vii PD ISO/TS 12812-4:2017PD ISO/TS 12812-4:2017 Core banking Mobile financial services Part 4: Mobile payments-to-persons 1 Scope This document provides comprehensive requirements and recommendations, as well as specific
42、 use cases for implementation of interoperable mobile payments-to-persons. The emphasis is placed on the principles governing the operational functioning of mobile payments-to- persons systems and processes, as well as the presentation of the underlying technical, organizational, business, legal and
43、 policy issues, leveraging legacy infrastructures of existing payment instruments (see ISO 12812-1:2017, Annex C). This document includes the following items: a) requirements applicable to mobile payments-to-persons; b) recommendations regarding mechanisms involved in the operation of interoperable
44、mobile payments-to-persons; c) a description of the different use cases for mobile payments-to-persons; d) a generic interoperability model for the provision of different mobile payments-to-persons; e) recommendations for the technical implementation of the generic architectures for the mobile payme
45、nts-to-persons program; f) recommendations for mobile remittances; g) use cases with the corresponding transaction flows; h) discussion of the financial inclusion of unbanked and underbanked persons (Annex A); i) some legal aspects to consider for mobile payments-to-persons (Annex B). The document i
46、s structured as follows: Clause 6 sets forth the requirements that a mobile payments-to-persons program must comply with. Clauses 7, 8 and 9 provide the different levels of implementation for the interoperability of mobile payments-to-persons. Clause 7 describes the interoperability principles for m
47、obiles payments-to-persons. Clause 8 describes: 1) a three-layer high-level architecture for mobile payments-to-persons programs; 2) payments instruments sustained by these programs; 3) processing details for a series of significant use cases of mobile payments-to-persons using these payment instrum
48、ents. Clause 9 provides a step-by-step data flow description for different mobile payments-to-persons implementations: bank-centric, non-bank centric and card-centric. They can be mapped into the TECHNICAL SPECIFICATION ISO/TS 12812-4:2017(E) ISO 2017 All rights reserved 1 PD ISO/TS 12812-4:2017 ISO
49、/TS 12812-4:2017(E) processing use cases of Clause 8, where abstraction is made in the nature of the payment service providers. 2 Normative references The following documents are referred to in the text in such a way that some or all of their content constitutes requirements of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO 128121, Core banking Mobile financial services Part 1: General
