Page 18 - FIGI Digital Financial Services security assurance framework
P. 18
Figure 7 below shows an ecosystem that is based on applications and digital wallets.
Figure 7 - DFS ecosystem based on applications and digital wallets
o
n
k
i
g
a
i
a
k
n
s
b
F
n
n
a
i
c
a
t
M Mobile Network D Digital Financial l B Banks and Financial l
l
a
i
F
e
a
e
n
n
i
t
c
o
d
a
i
r
w
N
i
l
s
O
d
i
e
o
r
P Provider s s S Services Operator r i institutions s
r
e
r
v
c
i
v
e
s
r
i
t
t
a
n
o
o
e
n
p
u
t
t
i
Network access Services Digital Wallet, E-Money & Custody accounts and
T
S
K
S Sim Tool Kit (STK) ) for DFS apps Account profile Services escrow accounts
i
(
o
l
T
o
m
i
t
K
s
m
.
N
t
n
e
o
a
w
k
P
r
y
e
e
t
(
n
s
k
r
a
s
n
B
e
u
a
r
d
a
g
t
e
y
s
m
I
i
M Mobile Payment C Card Issuers (e.g Banks P Payment Network
e
l
o
b
s
i
a
F
r
o
d
v
r
d
o
P Providers a and Financial l P Provider r
n
r
n
e
c
i
v
d
n
i
i
a
e
t
s
u
o
n
I Institutions) )
i
s
t
n
t
i
Digital Wallet & Account Token Services Payment
profile Services Cardholder Identity, card Clearing & Settlemet
Validation &
Authorization Services
n
m
e
P Payment t
y
a
e
W
a
ll
Wallet t C Cloud Services s
r
e
c
i
d
v
e
u
l
S
o
w
t
(
s
k
o
r
d
a
e
r
N
p
p
l
t
A Application n C Card Network(s) )
io
ic
a
ev
c
Device OS S
e O
i
D
m
r
e
u
ec
E
l
Secure Element t
S
e
en
e
.
(
h
e
M Merchants (e.g. . P Payment Service A Acquirers (e.g Banks
r
g
c
t
s
a
n
y
u
r
a
i
m
e
s
q
c
k
n
B
e
g
.
(
e
a
r
s
r
i
n
e
v
e
S
t
c
c
t
C
l
e
r
F
ol
N NFC controller r
on
i
n
e
i
r
d
F
i
s
a
o
v
a
n
t
c
S Stores) ) P Providers a and Financial l
s
r
e
d
o
r
n
s
t
u
i
o
t
n
t
s
n
i
S
e
NFC Antenna a M MST T I Institutions) )
nt
C
F
N
A
nn
Hosting of POS Payment Service Provider Payment Processing
User QR Contactless Terminals & Services For Merchants Authorisation Service to/
QR
POS Servers
from Issuers
de
Mobile Device Code
C
o
are specific to the device and the software and
Figure 8 - Mobile device components can be used as a replacement for credit and deb-
it cards. On the other hand, other mobile/digital
wallets are device agnostic and securely store the
user’s payment information and passwords for
numerous payment methods and websites which
Wallet Application enables completion of transactions easily and
quickly and allows the use stronger authentication
like biometrics, examples of other digital wallets
Operating System are Google Pay, WeChat pay, Paypal, Alipay.
SIM/UICC
b) Merchant
E
e
m
S Secure Element t Secure Memory Card
e
u
n
r
c
l
e
e
Merchants accept payments from customers for
Device embedded SE goods or services, through a point of sale termi-
NFC controller nal or other means like a customer scanning a QR
code or input of the merchant number into their
payment application. Mobile devices are also used
NFC Antenna by merchants for payments, hence another inherent
source of vulnerabilities.
c) Point of Sale Terminals
A Point of Sale (POS) terminal is an electronic device
used to process mobile payments at the merchant
location. The communication channels between the
the wallet holder to securely access, manage POS terminal and the Mobile device for proximity
and perform financial transactions like payments. payments is through contactless Near Field Commu-
Mobile Wallets like Samsung Pay and Apple Pay nication (NFC), Quick Response (QR) codes or
16 Digital Financial Services Security Assurance Framework