1、PD ISO/TS 12812-5:2017 Core banking Mobile financial services Part 5: Mobile payments to businesses BSI Standards Publication WB11885_BSI_StandardCovs_2013_AW.indd 1 15/05/2013 15:06PD ISO/TS 12812-5:2017 PUBLISHED DOCUMENT National foreword This Published Document is the UK implementation of ISO/TS
2、 12812-5:2017. The UK participation in its preparation was entrusted to Technical Committee IST/12, Financial services. A list of organizations represented on this committee can be obtained on request to its secretary. This publication does not purport to include all the necessary provisions of a co
3、ntract. Users are responsible for its correct application. The British Standards Institution 2017. Published by BSI Standards Limited 2017 ISBN 978 0 580 82899 7 ICS 03.060 Compliance with a British Standard cannot confer immunity from legal obligations. This British Standard was published under the
4、 authority of the Standards Policy and Strategy Committee on 30 April 2017. Amendments/corrigenda issued since publication Date T e x t a f f e c t e dPD ISO/TS 12812-5:2017 ISO 2017 Core banking Mobile financial services Part 5: Mobile payments to businesses Oprations bancaires de base Services fin
5、anciers mobiles Partie 5: Paiements mobiles entreprises TECHNICAL SPECIFICATION ISO/TS 12812-5 Reference number ISO/TS 12812-5:2017(E) First edition 2017-03PD ISO/TS 12812-5:2017ISO/TS 12812-5:2017(E)ii ISO 2017 All rights reserved COPYRIGHT PROTECTED DOCUMENT ISO 2017, Published in Switzerland All
6、rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested fro
7、m either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Ch. de Blandonnet 8 CP 401 CH-1214 Vernier, Geneva, Switzerland Tel. +41 22 749 01 11 Fax +41 22 749 09 47 copyrightiso.org www.iso.orgPD ISO/TS 12812-5:2017ISO/TS 12812-5:2017(E)Foreword iv I
8、ntroduction v 1 Scope . 1 2 Normative references 1 3 Terms and definitions . 2 4 Requirements of a mobile payments-to-businesses system . 2 4.1 Device, network and application selection requirements . 2 4.2 Security requirements 3 4.3 Logging requirements . 3 4.4 Notice requirements 4 4.5 Receipt re
9、quirements 4 4.6 Data privacy requirements . 4 5 Types of mobile payments 5 5.1 Mobile proximate payments 5 5.2 Mobile remote payments . 6 5.3 Other mobile payments technologies 6 5.3.1 Quick response (QR) based payments 6 5.3.2 Mobile payments through short messaging service (SMS) . 6 5.3.3 Mobile
10、payments through mobile airtime . 6 5.3.4 Mobile wallet . 6 6 Payment instruments 7 6.1 Direct debit . 8 6.2 Credit transfer . 8 6.3 Payment card 8 6.4 Other payment instruments 8 6.4.1 Mobile bill account . 9 6.4.2 Stored value account (SVA) . 9 7 Use cases . 9 7.1 Proximate card payments use cases
11、 . 9 7.1.1 User verification method 9 7.1.2 Single tap: Analysis of UVMs .10 7.1.3 Double tap: Analysis of UVMs 14 7.1.4 Mobile contactless payment transaction .16 7.1.5 Risk management in mobile proximate payments (MPPs) 26 7.1.6 Additional features . .31 7.1.7 Interoperability and MPP service avai
12、lability .32 7.2 Remote payments use cases .33 7.2.1 Mobile remote card payments 33 7.2.2 Mobile remote credit transfer .39 7.2.3 Mobile remote transactions using remote secured server .47 7.2.4 Interoperability model based on a centralized common infrastructure 49 7.2.5 Mobile remote payments using
13、 other payment instruments .50 7.2.6 Risk management in mobile remote payments (MRPs) .51 8 Requirements in the consumer environment .51 8.1 General 51 8.2 Requirements in the consumer environment .52 Annex A (informative) Host card emulation 53 Annex B (informative) Procedures for redress and dispu
14、te resolution .54 Bibliography .55 ISO 2017 All rights reserved iii Contents PagePD ISO/TS 12812-5:2017ISO/TS 12812-5:2017(E) Foreword ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing Internatio
15、nal Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO
16、, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization. The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Par
17、t 1. In particular the different approval criteria needed for the different types of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives). Attention is drawn to the possibility that some of t
18、he elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations
19、received (see www .iso .org/ patents). Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement. For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and expressions related to conformity asses
20、sment, as well as information about ISOs adherence to the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following URL: w w w . i s o .org/ iso/ foreword .html. This document was prepared by Technical Committee ISO/TC 68, Financial services, Subcommittee S
21、C 7, Core banking. A list of all the parts in the ISO 12812 series can be found on the ISO website.iv ISO 2017 All rights reservedPD ISO/TS 12812-5:2017ISO/TS 12812-5:2017(E) Introduction The use of mobile devices to conduct financial services is occurring following the steady rise of the number of
22、customers using the Internet for these services. As an evolving market, mobile financial services (MFSs) are being developed and implemented on various bases throughout different regions of the world and also among the various providers of such MFSs (MFSPs). Given these conditions, then, the purpose
23、 of this document is to facilitate and promote interoperability, security and quality of MFSs, while providing an environment where all stakeholders can benefit from the evolution, and MFSPs remain as commercially free and competitive as possible to design their own implementations in pursuing their
24、 own business strategies. The intentions of this document are: a) to advance interoperability of MFSs globally by building an international vision of this environment and by defining requirements based on a common terminology and basic principles for the design and operation of MFSs (see ISO 12812-1
25、:2017, Clause 5); b) to define technical components and their interfaces, as well as roles that may be performed by different MFSPs (e.g. financial institutions, mobile network operators, trusted service managers). These components and their interfaces, as well as roles, are defined according to ide
26、ntified use cases, although future use cases may be considered during the maintenance of the standard; c) to identify existing standards on which MFSs should be based, as well as possible gaps. Standardization effort in this area is beneficial for a sound development of the MFSs market as it will: f
27、acilitate and promote interoperability between the different components or functions developing and/or providing MFSs (see ISO 12812-1:2017, 4.3 and 4.4), including consideration of the impact of new components and/or i n t e r f a c e s c r e a t e d b y t h e i n t r o d u c t i o n o f a m o b i
28、l e d e v i c e i n t o t h e payment chain; build a secure environment so that payers and payees (see ISO/TS 12812-4) and consumers and merchants (this document) can trust MFSs and allow the MFSPs to manage their risks; promote consumer protection mechanisms, including fair contract terms, rules on
29、 transparency of charges, clarification of liability, and procedures for complaints and dispute resolution; enable the consumer to choose from different providers of devices or MFSs, including the possibility to contract with several MFSPs for services on the same device; enable the consumer to tran
30、sfer MFSs from one device to another one (portability); promote a consistent consumer experience among various MFSs and MFSPs, with easy-to-use interfaces. To achieve these objectives, each part of the ISO 12812 will specify the necessary technical mechanisms and, when relevant, refer to existing st
31、andards in the area of each part. The ISO 12812 (all parts) provides a framework flexible enough to accommodate new mobile device technologies, as well as to allow various business models, while enabling compliance with applicable national regulations (e.g. data privacy, protection of personally-ide
32、ntifiable data, consumer protection, anti-money laundering and prevention of financial crime) (see ISO 12812-1:2017, 6.3.4). It is not the intention of the ISO 12812 (all parts) to duplicate or to seek to replace any existing standard in the area of MFSs (e.g. communication protocols, mobile devices
33、). It is also not the intention of the ISO 12812 (all parts) to drive technology to any specific application or to restrict the development of future technologies or solutions. The ISO 12812 (all parts) does not define messages and data elements to be exchanged at the interfaces between the differen
34、t components or actors of the system; instead identified messages and data elements are already specified (e.g. ISO 8583, ISO 20022) and are referenced by the standard. Mobile devices have communication capabilities that are sufficient for exchanging transaction data conforming to appropriate ISO st
35、andards (e.g. ISO 8583, ISO 20022), as ISO 2017 All rights reserved vPD ISO/TS 12812-5:2017ISO/TS 12812-5:2017(E) well as delivering the required transaction authorization information to the POS via other formats (e.g. bar codes, SMS). The ISO 12812 (all parts) recognizes the need for unbanked or un
36、der-banked consumers to access MFSs. It also recognizes that these services may be provided by MFSPs who are not financial institutions according to the applicable regulation(s). NOTE For this document, the terms and definitions from ISO 12812-1 apply; where a term is abbreviated in this document, t
37、he abbreviation is associated with the initial use of the term. Figures 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 and 18 or part thereof are courtesy of the European Payments Council.vi ISO 2017 All rights reservedPD ISO/TS 12812-5:2017TECHNICAL SPECIFICATION ISO/TS 12812-5:2017(E) Core banking Mobile fin
38、ancial services Part 5: Mobile payments to businesses 1 Scope This document focuses on mechanisms by which a person (“consumer”, “payer” or “business”) uses a mobile device to initiate a payment to a business entity (“merchant” or “payee”). Such a payment may use the traditional merchant point of in
39、teraction (POI) system, where the manner of settling the payment follows well-established merchant services paradigms. Additionally, there are other ways for a consumer to make a payment to a merchant, using the mobile device to initiate, authorize and process transactions outside of traditional pay
40、ment networks using secure payment instruments. Accordingly, this document supports both “push” and “pull” payments (i.e. transactions that are pushed or transmitted from a mobile device into a POI or pulled or received into a mobile device or POI), which are initiated and/or confirmed by a consumer
41、 to purchase goods and or services, including proximate payments, remote secure server payments, as well as mobile payments that leverage other technologies e.g. cloud computing, quick response (“QR”) codes, biometrics, geo-location and other methods to authenticate and authorize the transaction. On
42、e of the most important aspects of the MFS environment is mobile payments to businesses. There are many ways a consumer, or a business as a consumer, can make a payment to a merchant. ISO 12812 provides a comprehensive standard for using the mechanisms involved in mobilizing the transfer of funds re
43、gardless of who is involved in the process. This document is intended to be used by potential implementers of mobile retail payment solutions, while ISO 12812-4 is intended for potential implementers of solutions for mobile payments to persons. NOTE ISO 12812-1:2017, 5.4 explains the differences in
44、the use of these terms. As such, the ISO 12812 (all parts) seeks to support all possible technologies and is not designed to highlight or endorse specific technologies in the competitive marketplace. Although this document deals with mobile payments made by a consumer or a business acting as a consu
45、mer, which transactions are subject to a variety of consumer protection requirements, in terms of the relationship to the MFSP, the consumer (or business) is the customer of the MFSP. Nevertheless, this document will use the term “consumer.” 2 Normative references The following documents are referre
46、d to in the text in such a way that some or all of their content constitutes requirements of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO 12812-1, Core banking Mobile
47、 financial services Part 1: General framework ISO/TS 12812-2, Core banking Mobile financial services Part 2: Security and data protection for mobile financial services ISO/TS 12812-3, Core banking Mobile financial services Part 3: Financial application lifecycle management ISO/IEC 18004, Information
48、 technology Automatic identification and data capture techniques QR Code 2005 bar code symbology specification ISO 2017 All rights reserved 1PD ISO/TS 12812-5:2017ISO/TS 12812-5:2017(E) ISO/IEC 18092, Information technology Telecommunications and information exchange between systems Near Field Commu
49、nication Interface and Protocol (NFCIP-1) ISO/IEC 21481, Information technology Telecommunications and information exchange between systems Near Field Communication Interface and Protocol 2 (NFCIP-2) 3 Terms and definitions For the purposes of this document, the terms and definitions given in ISO 12812-1 apply. ISO and IEC maintain terminological databases for use in standardization at the following addresses: IEC Electropedia: available at h t t p :/ www .electropedia .org/ ISO Online browsing pl