WHITE PAPER Non-NFC Based Mobile SEPA Card Proximity Payments
Total Page:16
File Type:pdf, Size:1020Kb
WHITE PAPER Non-NFC based Mobile SEPA Card Proximity Payments EPC109-19 2019 Version 1.0 Date issued: 7 June 2019 Reason for issue: Publication on EPC website WHITE PAPER Non-NFC based Mobile SEPA Card Proximity Payments EPC109-19 / Version 1.0 / Date of publication: 7 June 2019 © 2019 Copyright European Payments Council (EPC) AISBL: Subject to EPC’s prior written approval, reproduction for non-commercial purposes is authorised, with acknowledgement of the source. www.epc-cep.eu 1 / 49 WHITE PAPER Non-NFC based Mobile SEPA Card Proximity Payments EPC109-19 2019 Version 1.0 Date issued: 7 June 2019 Reason for issue: Publication on EPC website Abstract This document provides insights into non-NFC based Mobile SEPA Card Proximity Payments (MCPPs). www.epc-cep.eu 2 / 49 WHITE PAPER Non-NFC based Mobile SEPA Card Proximity Payments EPC109-19 Version 1.0 Table of Contents Executive Summary ..................................................................................................................5 0 Document Information.......................................................................................................7 0.1 Structure of the document ......................................................................................................... 7 0.2 References ................................................................................................................................... 7 0.3 Definitions ................................................................................................................................... 9 0.4 Abbreviations ............................................................................................................................ 13 1 General ............................................................................................................................ 15 1.1 Introduction .............................................................................................................................. 15 1.2 Vision ......................................................................................................................................... 15 1.3 Scope ......................................................................................................................................... 15 1.4 Objectives and rationale ........................................................................................................... 16 1.5 Audience ................................................................................................................................... 16 2 Mobile card proximity payments overview ....................................................................... 17 2.1 Introduction .............................................................................................................................. 17 2.2 Different types of MCPPs .......................................................................................................... 17 2.3 Proximity technologies .............................................................................................................. 18 QR-code ........................................................................................................................................... 18 Bluetooth and Bluetooth Low Energy ............................................................................................. 19 2.4 MCPP use cases ......................................................................................................................... 20 Introduction .................................................................................................................................... 20 Use case 1: Merchant-presented QR-code at POI – customer authentication using fingerprint .. 21 Use case 2: Merchant-presented QR-code on a poster – customer authentication with mobile code ................................................................................................................................................. 24 Use case 3: Consumer-presented QR-code including chip card data – customer authentication with mobile code ............................................................................................................................ 26 Use case 4: Consumer-presented QR-code including cardholder identifier – low value transaction ......................................................................................................................................................... 28 Use case 5: Merchant initiated BLE-based transaction at POI – customer authentication with mobile code ..................................................................................................................................... 30 3 MCPP transaction characteristics ..................................................................................... 33 3.1 Introduction .............................................................................................................................. 33 3.2 Cardholder verification ............................................................................................................. 33 3.3 Transaction authorisation ......................................................................................................... 34 3.4 Strong customer authentication ............................................................................................... 35 3.5 Transaction authentication ....................................................................................................... 35 3.6 Transaction processing ............................................................................................................. 37 4 POI characteristics ........................................................................................................... 40 5 MCPP standards, specifications and white papers ............................................................ 41 Bluetooth Special Interest Group (SIG) ........................................................................................... 41 ECSG ................................................................................................................................................ 41 EMVCo ............................................................................................................................................. 41 GSMA ............................................................................................................................................... 41 ISO ................................................................................................................................................... 41 www.epc-cep.eu 3 / 49 WHITE PAPER Non-NFC based Mobile SEPA Card Proximity Payments EPC109-19 / Version 1.0 PCI ................................................................................................................................................... 41 6 Challenges and opportunities ........................................................................................... 43 7 Conclusions ...................................................................................................................... 45 8 Annex A: Overview regulatory documents ........................................................................ 47 9 Annex B: The multi-stakeholder group ............................................................................. 49 List of tables Table 1: References ........................................................................................................................... 8 Table 2: Terminology ...................................................................................................................... 13 Table 3: Abbreviations .................................................................................................................... 14 Table 4: Overview Mobile Card Payments ...................................................................................... 18 Table 5: Overview MCPP Use cases ................................................................................................ 20 Table 6: Overview CDCVM usage .................................................................................................... 33 Table 7: Overview MCPP transactions ............................................................................................ 34 Table 8: Overview regulatory documents ....................................................................................... 48 Table 9: The multi-stakeholder group ............................................................................................ 49 List of figures Figure 1: MCPP with merchant-presented QR-code at POI ............................................................ 21 Figure 2: MCPP with QR-code scanned from a poster ................................................................... 24 Figure 3: MCPP with consumer-presented QR-code (including chip data) .................................... 26 Figure 4: MCPP with consumer-presented QR-code (including cardholder identifier) .................. 28 Figure 5: Merchant initiated BLE-based MCPP at POI .................................................................... 30 Figure 6: Merchant-presented mode transaction flow .................................................................. 37 Figure 7: Consumer-presented mode transaction flow .................................................................. 39 4 / 49 WHITE PAPER Non-NFC based