Page 122 - ITU-T Focus Group Digital Financial Services – Technology, innovation and competition
P. 122
ITU-T Focus Group Digital Financial Services
Technology, Innovation and Competition
identity and/or to confirm a large payment transaction. However, interception of OTP SMSs is prevalent through
phishing attacks and interception of SMSs via IMSI Catchers – devices which can undertake man in the middle
attacks on user handsets to illegally capture data ‒ and attacks on the SS7 network layers. 72
8.4 USSD
As noted above, USSD has been used as the payment instrument, UI, and technology bearer for both VAS and
DFS transactions.
As an SP’s service bouquet expands, menu tree structures can be created in real time by the USSD server
at the MNO or aggregator at very little cost. This means that any calculations for DFS transaction costs can
be dynamically generated per transaction, for example if the transaction cost is a percentage of the total
transaction value. Other DFS interface methods such STK or Java applets may not necessarily have those real-
time capabilities built in.
8.5 NFC
NFC is popular contactless payment system. A device with an integrated NFC chip and antenna, or a NFC
73
tag/sticker is required to facilitate payment. This eliminates the need to carry all credit or debit cards in a
74
physical wallet.
To facilitate a payment transaction at a merchant using an NFC-enabled phone, the phone is held against a
merchant POS device. Since the majority of phones in use today in all classes do not have NFC, an alternative
is to retrofit NFC through the use of NFC ‘stickers’ stuck on the back of a phone.
8.6 Quick response (QR) codes
QR codes have emerged as a DFS payment mechanism in a number of countries. In a typical payment
environment, the QR code will uniquely identify the user and the payment, and a POS scanner or QR-enabled
phone will read the data and process the payment.
8.7 Magstripe and chip card readers
MNOs and DFS SPs are now providing companion GPR Visa/MasterCard/Unionpay-branded cards, following
a big push by card associations to provide GPR cards to augment the card-less DFS systems. Some may be
magstripe only, with an increasing number of cards with EMV chips embedded for added security. These cards
75
are aspirational products for those who have never had a Visa or Mastercard product. Most GPR cards are
debit-based magstripe cards, with some linking to DFS accounts. However, this may raise consumer protection
concerns as loss or theft of the card may give bad actors full access to the full value in a DFS account. Fault
for loss of the value through card loss or theft, and subsequent use by bad actors usually fastens fully on the
customer.
72 See further Perlman (2015b) ibid and Perlman (2016a) ibid
73 NFC complements many popular consumer level wireless technologies, by utilizing the key elements in existing standards for
contactless card technology. See NFC Forum (2016) About the Technology, available at http:// nfc- forum. org/ what- is- nfc/ about-
the- technology
74 Google and its partners have devised an alternative mechanism called Host Card Emulation that replaces for the most part the
internal phone processes NFC uses.
75 EMV is a technical standard for smart payment cards and for payment terminals and ATMs that can accept them. Europay,
MasterCard, and Visa, are the three entities that originally created the standard. The standard is now managed by EMVCo, a
consortium with control split equally among Visa, MasterCard, JCB, American Express, China UnionPay, and Discover.
106
