www.europeanpaymentscouncil.eu SEPA goes Mobile Dr. Marijke De Soete ETSI Security Workshop 2011 19-20 January 2011 Sophia Antipolis, France
Global mobile subscribers (millions) Mobile phone: some statistics Most successful communication device in history 5,000 4,500 4,000 Over a million new subscribers a day Many developed countries over 100% penetration Rising fast in developing countries Estimated 4.5 billion subscribers 3,500 3,000 2,500 2,000 1 billion subscribers 4 billion subscribers 1,500 2 billion subscribers 1,000 500 0 2003 2004 2005 2006 2007 2008 2009 2010 2011 Actual Projected Data source: Wireless Intelligence
A personal device.. Mobile phones: an interactive access device for financial services. that gives instant communications to everyone, anytime, any place. that supports multimedia... that supports a variety of interactive services. that is easy to use The mobile is expected to become one of the strongest channels for accessing payments and bank services in the future. Need for cooperation on standards, security features and business models across industries (banks, MNOs, etc). Convenience for end-users is absolutely key! 18 January 2011
e-id e-signature login Trust Services Banking Mobile financial services information account management bill payments trading alerts tickets Remote payments Contactsless payments POS vending top Up content ticketing fast food parking ATM Source: Mobey Forum 18 January 2011
EUROPEAN PAYMENTS COUNCIL (EPC) 74 members from 32 countries represent all credit sectors on payments (approximately 8000 banks) see www.europeanpaymentscouncil.eu IS THE DECISION-MAKING AND COORDINATION BODY OF THE EUROPEAN BANKING INDUSTRY IN RELATION TO PAYMENTS Who are EPC? REPRESENTS THE EUROPEAN BANKING INDUSTRY IN PAYMENTS EPC develops the payment schemes and frameworks necessary to realise the Single Euro Payments Area (SEPA) Specifies business and security requirements and standards to facilitate the initiation of SEPA payments via e- & mobile channels
SEPA Payments SEPA is the area where customers of payment services will be able to make and receive payments in Euro domestically and cross-border under the same basic conditions, rights and obligations, regardless of their location. The SEPA area comprises the EU, Iceland, Liechtenstein, Monaco, Norway and Switzerland. SEPA payment instruments are: SEPA Credit Transfer SEPA Direct Debit SEPA Cards. The mobile handset is expected to become an important enabler for SEPA payments in the future. 6
EPC Roadmap on M-Payments The European banking industry (EPC) has created a Strategy and Roadmap on Mobile-Payments that in 1-2 years will Enable more efficient and faster adoption of payments via the Mobile Channel while leveraging existing SEPA instruments Using a mobile phone ( handset ) as a payment initiation device Will entail both Contactless (Proximity) and Remote Payments Mobile Contactless Payment (SEPA card-based): handset interacts (contactless) with Point Of Sale (POS) terminal to perform payment transaction ( Tap-and-Go ) Mobile Remote Payment (SEPA card or SEPA Credit Transfer-based): handset can be used to purchase goods and services via internet/web browser, telephone voice/data call or to perform account to account payments in different market segments: P2B, B2B, 7
EPC s focus in the mobile payments ecosystem In line with its scope and roadmap the EPC has focused over the past year on the Mobile Contactless Payments (MCP) and Remote Payments. Standarisation and Industry Bodies Certification Providers SE Manufacturers SE Issuers (Including MNOs) The following documents are specified: App Developers TSMs White paper on Mobile Payments covering contactless and remote payments Requirements and specifications for MCP Service Management Roles (TSM document) in cooperation with GSMA Interoperability Implementation Guidelines (under preparation) Schemes POS Providers Customers Merchants Handset Manufact. Other Stakeholders
EPC White paper on M-payments EPC published a White paper on M-Payments aimed to create awareness on the subject in the banking community and beyond. http://www.europeanpaymentscouncil.eu/knowledge_bank_detail.cf m?documents_id=402 The 1 st release includes a high level overview on M-payments as new channel to existing SEPA payment instruments. Through the description of use cases in a daily life of a customer with a mobile phone it is shown how m-payments can provide efficiency, convenience and cost-effectiveness. Also introduced are the main characteristics of the m-payments categories (contactless and remote payments) as prioritised by EPC as well as the payment service provisioning. A further section provides more details on MCP including some business, technical infrastructure, user experience and standardisation aspects. 9
EPC-GSMA collaboration 30 th June 2008: EPC and GSMA announced a co-operation agreement (http://www.europeanpaymentscouncil.eu/news_detail.cfm?news_id=65) Cross Industry cooperation enable banks to deliver more efficiently mobile payments services leveraging the mobile operator's infrastructure for the benefits of customers of the banks and MNOs Initial focus of GSMA-EPC co-operation is on Mobile Contactless Payments (MCPs)
MCP Service Management (1) Joint work has focused initially on developing a set of requirements and specifications for MCP Service Management Roles (SMRs) and related processes covering functional, technical, security and legal aspects while ensuring interoperability. Hereby the MCP, issued by the Banks (Issuers) is stored on the UICC into the mobile phone. These SMRs cover the full life cycle management of MCP applications including loading, personalisation, activation, maintenance, blocking, etc... and deletion of the MCP. These SMRs can be fulfilled by MNOs, Issuers or dedicated Third Parties: Trusted Service Managers (TSMs), or a combination thereof.
MCP Service Management (2) The TSM acts as an aggregator for stakeholders in the mobile value chain. B2C NFC-enabled handset Customer = Cardholder & Mobile Subscriber B2C Issuing Bank B2B TSM B2B MNO
MCP Service Management (3) from chaotic, slow MCP ecosystem development smooth and safe, quickly built-up MCP ecosystem The joint work aims to facilitate the development of commercial relationships between the MNOs, Issuers and TSMs which are the key stakeholders in the MCP ecosystem. EPC and GSMA published the document October 21 st 2010 with a press release. http://www.europeanpaymentscouncil.eu/knowledge_bank_detail.cfm?d ocuments_id=423
MCP Service Management (4) Request Issuing Bank Request for Payment Application TSM Customer Load Payment Application to UICC UICC MNO NFC Mobile Phone Provisioning and life cycle management of MCP Payment Application on a UICC owned by an MNO (for matter of simplicity, the TSM has been depicted as an independent entity; however SMRs can be implemented in different ways depending on the market situation).
Trusted Service Management General & Logical architecture Trusted Service Management Roles - MNO Technical roles Issuing Bank Commercial Roles (Performed either directly between MNO and Bank or by a Third Party) MNO Domain of responsibilities Bank Domain of responsibilities
TSM roles operational implementation 3-Party Issuing and Lifecycle Model Commercial actors are the Customer, the Issuer and the MNO. SM technical roles are the set of technical functions performed on behalf of the Issuer and/or the MNO. The TSM is not involved in the commercial relationship between the Issuer and MNO. There is a direct commercial relationship between the Issuer and MNO.
TSM roles operational implementation 4-Party Issuing and Lifecycle Model MNO Domain of Responsibility MNO - SMTechnical Roles TSM for SM Commercial Roles Issuer Domain of Responsibility Issuer Commercial actors are the Customer, the Issuer, the MNO and the TSM performing SM commercial roles on behalf of Issuers and MNOs in addition to SM technical roles The TSM has a commercial relationship with the Issuer and MNO. Customer MNO Issuer Customer TSM for SM Technical Roles There is no direct commercial relationship between the Issuer and MNO. Technical Relationship Commercial Relationship TSM for SM Commercial Roles SM Technical Roles.
Trusted Service Management - Multi-TSM Model Commercial actors are the Customer, the Issuer, the MNO and the TSM performing both SM commercial and technical roles. Multiple TSMs are involved. There is no direct commercial relationship between Issuers and MNOs
Next EPC M-Payments deliverables EPC White paper for Mobile Payments 2 nd edition expected September 2011 Additions to 1st edition to cover in more detail Mobile Remote Payments EPC Interoperability Implementation Guidelines for Mobile Contactless Payments expected September 2011 Business and Service aspects Technical aspects & infrastructure Security & risk management aspects Aims to cover three types of SE: UICC, embedded SE and SD card EPC Interoperability Implementation Guidelines for Mobile Remote SCT Payments expected 2012 Will cover both Mobile Remote Card Payments and Mobile Remote SEPA Credit Transfers Business and Service aspects Technical aspects & infrastructure Security & risk management aspects 18 January 2011 Slide 19
What to be expected? The EPC work in the Mobile Payments area will pave the way for efficient launches of SEPA interoperable mobile payments schemes within the next 2-5 years. This will entail both contactless and remote SEPA payments via the Mobile Channel. This will be an important building block helping fostering the evolution towards Digital Europe. 18 January 2011 Slide 20
Information EPC website: http://www.europeanpaymentscouncil.eu/ All documentation can be freely downloaded or contact: marijke.desoete@pandora.be 21