Page 125 - ITU-T Focus Group Digital Financial Services – Technology, innovation and competition
P. 125

ITU-T Focus Group Digital Financial Services
                                              Technology, Innovation and Competition



               11     DFS payment infrastructure


               11.1  Overview

               Access to and integration with existing payments infrastructure for non-bank payment SPs is an evolving
               technical enhancement to DFS, especially as services between SPs become interoperable, some integrate
               into national payment switches, and some are given access to Real Time Gross Settlement Systems run by
               central banks. And, as stored value account holders are given companion GPR cards, DFS SP integration into
               card switches is also emerging.
               A number of international technical standards ensure seamless technical implementation into payments
               infrastructure across the integration types.


               11.2  Technical standards

               Most payment infrastructures utilize a suite of standardized protocols for payment data messaging formats
               and security. These include: Device and infrastructure standards such as EMV standards; account numbering
               standards such as IBAN; data security standards such as Payment Card Industry Data Security Standard (PCI
               DSS),  and SSL; data formats such as Simple Object Access Protocol (SOAP);  IS0  20022,  ISO 15022 , and
                                                                                   91
                                                                               90
                                                                                           92
                                                                                                     93
                    89
               ISO 8583 ; and SWIFT Messaging Standards;  and ISO 12812.
                       94
                                                     95
               11.3  Technical implementations
               At a technical or infrastructure level, the options for connecting non-bank SPs to each other are via a direct
               (bilateral) connection between the entities, or an indirect connection via an intermediary that sits between
               the entities. The latter may be a central processor, indirect connection to a switch, and direct connection to
               a national switch.

               Bilateral connectivity could take the form of APIs that may include standard financial messaging such as ISO
               8583 or ISO20022 and security protocols, or combined with proprietary APIs developed by platform vendors
               contracted to each party. 96

               In the central processor model, participants may form a consortium to build and possibly also operate a single
               transaction processing hub that will provide clearing and possibly also settlement. The technical specifications
               will be for their purposes and/or to fulfill any regulatory mandates where applicable. These specifications may
               include processing time, messaging formats, and security protocols.

               As an example, the Central Bank of Egypt (CBE), the Egyptian Banks Company, and MasterCard in 2013 partnered
               to interconnect bank and non-bank DFS providers through a new central processing platform provided by



               89   The major credit card issuers created PCI compliance standards to protect personal information and ensure security when
                  transactions are processed using a payment card. The standards include including PCI DSS, Payment Application Data Security
                  Standard (PA-DSS), and PIN transaction security (PTS) requirements.
               90   SOAP is an acronym for Simple Object Access Protocol, a specification for exchanging structured information in the implementa-
                  tion of web-based services.
               91   An ISO standard is an international harmonized standard, agreed by consensus. Governments can adopt an ISO standard as a
                  National Standard or may reference it in technical regulations. Businesses can use standards to promote interoperability and
                  increase markets, reduce risk, and build customer confidence.
               92   ISO 20022 is an ISO standard for electronic data interchange between financial institutions. It describes a metadata repository
                  containing descriptions of messages and business processes, and a maintenance process for the repository content. The reposi-
                  tory contains a huge amount of financial services metadata that has been shared and standardized across the payments industry.
               93   ISO 15022 is the standard for the format of electronic message exchange as used in banking and commerce.
               94   ISO 8583 specifies a common interface by which financial transaction card originated messages may be interchanged between
                  acquirers and card issuers. It specifies message structure, format and content, data elements and values for data elements.
               95   See for example, SWIFT MT message implementation guidelines available at http:// www. swift. com/ solutions/ factsheet_
                  downloads/ SWIFT_ Trade_ Extract_ Standards_ Messages_ Implementation_ Guidelines_ 200811. pdf
               96   Tigo Tanzania, for example, uses the ISO 8583 standard and variants for its interoperability.



                                                                                                       109
   120   121   122   123   124   125   126   127   128   129   130