Page 125 - ITU-T Focus Group Digital Financial Services – Technology, innovation and competition
P. 125
ITU-T Focus Group Digital Financial Services
Technology, Innovation and Competition
11 DFS payment infrastructure
11.1 Overview
Access to and integration with existing payments infrastructure for non-bank payment SPs is an evolving
technical enhancement to DFS, especially as services between SPs become interoperable, some integrate
into national payment switches, and some are given access to Real Time Gross Settlement Systems run by
central banks. And, as stored value account holders are given companion GPR cards, DFS SP integration into
card switches is also emerging.
A number of international technical standards ensure seamless technical implementation into payments
infrastructure across the integration types.
11.2 Technical standards
Most payment infrastructures utilize a suite of standardized protocols for payment data messaging formats
and security. These include: Device and infrastructure standards such as EMV standards; account numbering
standards such as IBAN; data security standards such as Payment Card Industry Data Security Standard (PCI
DSS), and SSL; data formats such as Simple Object Access Protocol (SOAP); IS0 20022, ISO 15022 , and
91
90
92
93
89
ISO 8583 ; and SWIFT Messaging Standards; and ISO 12812.
94
95
11.3 Technical implementations
At a technical or infrastructure level, the options for connecting non-bank SPs to each other are via a direct
(bilateral) connection between the entities, or an indirect connection via an intermediary that sits between
the entities. The latter may be a central processor, indirect connection to a switch, and direct connection to
a national switch.
Bilateral connectivity could take the form of APIs that may include standard financial messaging such as ISO
8583 or ISO20022 and security protocols, or combined with proprietary APIs developed by platform vendors
contracted to each party. 96
In the central processor model, participants may form a consortium to build and possibly also operate a single
transaction processing hub that will provide clearing and possibly also settlement. The technical specifications
will be for their purposes and/or to fulfill any regulatory mandates where applicable. These specifications may
include processing time, messaging formats, and security protocols.
As an example, the Central Bank of Egypt (CBE), the Egyptian Banks Company, and MasterCard in 2013 partnered
to interconnect bank and non-bank DFS providers through a new central processing platform provided by
89 The major credit card issuers created PCI compliance standards to protect personal information and ensure security when
transactions are processed using a payment card. The standards include including PCI DSS, Payment Application Data Security
Standard (PA-DSS), and PIN transaction security (PTS) requirements.
90 SOAP is an acronym for Simple Object Access Protocol, a specification for exchanging structured information in the implementa-
tion of web-based services.
91 An ISO standard is an international harmonized standard, agreed by consensus. Governments can adopt an ISO standard as a
National Standard or may reference it in technical regulations. Businesses can use standards to promote interoperability and
increase markets, reduce risk, and build customer confidence.
92 ISO 20022 is an ISO standard for electronic data interchange between financial institutions. It describes a metadata repository
containing descriptions of messages and business processes, and a maintenance process for the repository content. The reposi-
tory contains a huge amount of financial services metadata that has been shared and standardized across the payments industry.
93 ISO 15022 is the standard for the format of electronic message exchange as used in banking and commerce.
94 ISO 8583 specifies a common interface by which financial transaction card originated messages may be interchanged between
acquirers and card issuers. It specifies message structure, format and content, data elements and values for data elements.
95 See for example, SWIFT MT message implementation guidelines available at http:// www. swift. com/ solutions/ factsheet_
downloads/ SWIFT_ Trade_ Extract_ Standards_ Messages_ Implementation_ Guidelines_ 200811. pdf
96 Tigo Tanzania, for example, uses the ISO 8583 standard and variants for its interoperability.
109