Page 18 - Digital Financial Services security assurance framework
P. 18
Figure 7 below shows an ecosystem that is based on applications and digital wallets.
Figure 7 - DFS ecosystem based on applications and digital wallets
Mobile Network Digital Financial Banks and Financial
Provider s Services Operator institutions
Network access Services Digital Wallet, E-Money & Custody accounts and
Sim Tool Kit (STK) for DFS apps Account profile Services escrow accounts
Mobile Payment Card Issuers (e.g Banks Payment Network
Providers and Financial Provider
Institutions)
Digital Wallet & Account Token Services Payment
profile Services Cardholder Identity, card Clearing & Settlemet
Validation &
Authorization Services
Payment
Wallet allet
W Cloud Services
A Applicationpplication Card Network(s)
D Device OSevice OS
Secure Elementecure Element
S
Merchants (e.g. Payment Service Acquirers (e.g Banks
N
NFC controllerFC controller
Stores) Providers and Financial
N NFC AntennaFC Antenna MST Institutions)
Hosting of POS Payment Service Provider Payment Processing
User QR Contactless Terminals & Services For Merchants Authorisation Service to/
QR
from Issuers
POS Servers
Mobile Device C Codeode
the wallet holder to securely access, manage and
Figure 8 - Mobile device components perform financial transactions like payments.
Mobile Wallets like Samsung Pay and Apple Pay
are specific to the device and the software and
can be used as a replacement for credit and deb-
it cards. On the other hand, other mobile/digital
Wallet Application wallets are device agnostic and securely store the
user’s payment information and passwords for
numerous payment methods and websites which
Operating System enables completion of transactions easily and
SIM/UICC
quickly and allows the use stronger authentication
like biometrics, examples of other digital wallets
Secure Element Secure Memory Card
are Google Pay, WeChat pay, Paypal, Alipay.
Device embedded SE
NFC controller b) Merchant
Merchants accept payments from customers for
goods or services, through a point of sale termi-
NFC Antenna nal or other means like a customer scanning a QR
code or input of the merchant number into their
payment application. Mobile devices are also used
by merchants for payments, hence another inherent
source of vulnerabilities.
c) Point of Sale Terminals
A Point of Sale (POS) terminal is an electronic device
used to process mobile payments at the merchant
location. The communication channels between the
16 Digital Financial Services Security Assurance Framework
