Embed Size (px)
Citation preview
www.europeanpaymentscouncil.eu
SEPA goes Mobile
Dr. Marijke De Soete
ETSI Security Workshop 2011
19-20 January 2011
Sophia Antipolis, France
Mobile phone: some statistics
• Over a million new subscribers a day
• Many developed countries over 100% penetration
• Rising fast in developing countries
Data source: Wireless Intelligence
1 billion
subscribers
2 billion
subscribers
4 billion
subscribers
Actual Projected
Estimated 4.5
billion
subscribers
0
500
1,000
1,500
2,000
2,500
3,000
3,500
4,000
4,500
5,000
2003 2004 2005 2006 2007 2008 2009 2010 2011
Glo
bal m
ob
ile s
ub
scri
bers
(m
illio
ns)
Most successful communication device in history
18 January 2011
Mobile phones: an interactive access device
for financial services
A personal device…..
…. that gives instant communications to everyone, anytime, any place
…. that supports multimedia
.... that supports a variety of interactive services
…. that is easy to use
The mobile is expected to become one of the strongest
channels for accessing payments and bank services in
the future .
Need for cooperation on standards, security features and
business models across industries (banks, MNOs, etc).
Convenience for end-users is absolutely key!
18 January 2011
Mobile financial services
Banking
information
account management
bill payments
trading
alerts
Contactslesspayments
POS
vending
ticketing
fast food
parking
ATM
Remotepaymentstickets
top Up
content
TrustServices
e-ID
e-signature
login
Source: Mobey Forum
74 members from 32 countries represent all credit sectors on payments
(approximately 8000 banks)
see www.europeanpaymentscouncil.eu
IS THE DECISION-MAKING AND COORDINATION BODY
OF THE EUROPEAN BANKING INDUSTRY IN RELATION
TO PAYMENTS
EPC develops the payment schemes and frameworks necessary
to realise the Single Euro Payments Area (SEPA)
Specifies business and security requirements and standards
to facilitate the initiation of SEPA payments via e- & mobile
channels
EUROPEAN PAYMENTS COUNCIL (EPC)
REPRESENTS THE EUROPEAN BANKING INDUSTRY IN PAYMENTS
Who are EPC?
6
SEPA Payments
SEPA is the area where customers of payment services will be able to make and receive payments in Euro domestically and cross-border under the same basic conditions, rights and obligations, regardless of their location. The SEPA area comprises the EU, Iceland, Liechtenstein, Monaco, Norway and Switzerland.
SEPA payment instruments are:
• SEPA Credit Transfer
• SEPA Direct Debit
• SEPA Cards.
The mobile handset is expected to become an important enabler for SEPA payments in the future.
7
EPC Roadmap on M-Payments
The European banking industry (EPC) has created a Strategy and Roadmap on Mobile-Payments that in 1-2 years will
• Enable more efficient and faster adoption of payments via the Mobile Channel while leveraging existing SEPA instruments
• Using a mobile phone (“handset”) as a payment initiation device
• Will entail both Contactless (Proximity) and Remote Payments
Mobile Contactless Payment (SEPA card-based): handset interacts (contactless) with Point Of Sale (POS) terminal to perform payment transaction (“Tap-and-Go”)
Mobile Remote Payment (SEPA card or SEPA Credit Transfer-based): handset can be used to purchase goods and services via internet/web browser, telephone voice/data call or to perform account to account payments
in different market segments: P2B, B2B,…
EPC’s focus in the mobile payments ecosystem
In line with its scope and roadmap the EPC has focused over the past year on the Mobile Contactless Payments (MCP) and Remote Payments.
The following documents are specified:
White paper on Mobile Payments covering contactless and remote payments
Requirements and specifications for MCP Service Management Roles (TSM document) in co-operation with GSMA
Interoperability Implementation Guidelines (under preparation)
Other
Stakeholders
Standarisation and Industry Bodies
App
Developers
Certification Providers
POS Providers
Schemes
SE Manufacturers
Customers
SE Issuers (Including MNOs)
Handset
Manufact.
TSMs
Merchants
EPC White paper on M-payments
EPC published a White paper on M-Payments aimed to create
awareness on the subject in the banking community and beyond.
http://www.europeanpaymentscouncil.eu/knowledge_bank_detail.cf
m?documents_id=402
The 1st release includes a high level overview on M-payments as
new channel to existing SEPA payment instruments.
• Through the description of use cases in a daily life of a customer with a
mobile phone it is shown how m-payments can provide efficiency,
convenience and cost-effectiveness.
• Also introduced are the main characteristics of the m-payments
categories (contactless and remote payments) as prioritised by EPC as
well as the payment service provisioning.
• A further section provides more details on MCP
including some business, technical infrastructure,
user experience and standardisation aspects.
9
EPC-GSMA collaboration
30th June 2008: EPC and GSMA announced a co-operation agreement
(http://www.europeanpaymentscouncil.eu/news_detail.cfm?news_id=65)
Cross Industry cooperation
enable banks to deliver more efficiently mobile payments services
leveraging the mobile operator's infrastructure
for the benefits of customers of the banks and MNOs
Initial focus of GSMA-EPC co-operation is
on Mobile Contactless Payments (MCPs)
MCP Service Management (1)
Joint work has focused initially on developing a set of requirements
and specifications for MCP Service Management Roles (SMRs)
and related processes covering functional, technical, security and
legal aspects while ensuring interoperability.
Hereby the MCP, issued by the Banks (Issuers) is stored on the
UICC into the mobile phone.
These SMRs cover the full life cycle management of MCP
applications including loading, personalisation, activation,
maintenance, blocking, etc... and deletion of the MCP.
These SMRs can be fulfilled by MNOs, Issuers or dedicated Third
Parties: “Trusted Service Managers” (TSMs), or a combination
thereof.
MCP Service Management (2)
MNOIssuing
Bank
NFC-enabled handset
Customer =
Cardholder
& Mobile
Subscriber B2C
TSM
B2C
B2B B2B
The TSM acts as an aggregator for stakeholders in the
mobile value chain.
MCP Service Management (3)
The joint work aims to facilitate the development of commercial
relationships between the MNOs, Issuers and TSMs which are the key
stakeholders in the MCP ecosystem.
EPC and GSMA published the document October 21st 2010 with a
press release.
http://www.europeanpaymentscouncil.eu/knowledge_bank_detail.cfm?d
ocuments_id=423
smooth and safe, quickly built-up
MCP ecosystem
from chaotic, slow MCP
ecosystem development
Provisioning and
life cycle
management of
MCP Payment
Application on a
UICC owned by
an MNO
(for matter of
simplicity, the
TSM has been
depicted as an
independent
entity; however
SMRs can be
implemented in
different ways
depending on the
market situation).
MCP Service Management (4)
MNO
Request
for Payment
Application
Load Payment
Application to UICCRequest
NFC Mobile Phone
Customer
UICC
Issuing Bank
TSM
Trusted Service Management
General & Logical architecture
Bank Domain of responsibilitiesMNO Domain of responsibilities
Trusted Service Management Roles
-
Technical roles
MNOIssuing
Bank
Commercial Roles(Performed either directly between MNO and Bank
or by a Third Party)
TSM roles operational implementation
3-Party Issuing and Lifecycle Model
Commercial actors are the
Customer, the Issuer and
the MNO.
SM technical roles are the
set of technical functions
performed on behalf of the
Issuer and/or the MNO.
The TSM is not involved
in the commercial
relationship between the
Issuer and MNO.
There is a direct
commercial relationship
between the Issuer and
MNO.
TSM roles operational implementation
4-Party Issuing and Lifecycle Model
Commercial actors are
the Customer, the Issuer,
the MNO and the TSM
performing SM
commercial roles on
behalf of Issuers and
MNOs in addition to SM
technical roles
The TSM has a
commercial relationship
with the Issuer and MNO.
There is no direct
commercial relationship
between the Issuer and
MNO.
.
MNO Domain of
Responsibility
Issuer Domain of
Responsibility
-
Customer
MNO Issuer
Technical Relationship
Commercial Relationship
MNO
Issuer
Customer
TSM for SM Technical Roles
TSM for SM Commercial Roles
SM Technical Roles
TSM for SM
Commercial
Roles
SMTechnical
Roles
Trusted Service Management - Multi-TSM Model
Commercial actors
are the Customer,
the Issuer, the MNO
and the TSM
performing both SM
commercial and
technical roles.
Multiple TSMs are
involved.
There is no direct
commercial
relationship between
Issuers and MNOs
18 January 2011
Next EPC M-Payments deliverables
EPC White paper for Mobile Payments 2nd edition – expected September 2011
• Additions to 1st edition to cover in more detail Mobile Remote Payments
EPC Interoperability Implementation Guidelines for Mobile Contactless Payments – expected September 2011
• Business and Service aspects
• Technical aspects & infrastructure
• Security & risk management aspects
• Aims to cover three types of SE: UICC, embedded SE and SD card
EPC Interoperability Implementation Guidelines for Mobile Remote SCT Payments – expected 2012
• Will cover both Mobile Remote Card Payments and Mobile Remote SEPA Credit
Transfers
• Business and Service aspects
• Technical aspects & infrastructure
• Security & risk management aspects
Slide 19
18 January 2011
What to be expected ?
The EPC work in the Mobile Payments area will pave the way for efficient launches of SEPA interoperable mobile payments schemes within the next 2-5 years.
This will entail both contactless and remote SEPA payments via the Mobile Channel.
This will be an important building block helping fostering the evolution towards ”Digital Europe”.
Slide 20
Information
21
EPC website: http://www.europeanpaymentscouncil.eu/
All documentation can be freely downloaded
or contact:
