ISO/TS 12812-5:2017

TECHNICAL ISO/TS
SPECIFICATION 12812-5
First edition
2017-03
Core banking — Mobile financial
services —
Part 5:
Mobile payments to businesses
Opérations bancaires de base — Services financiers mobiles —
Partie 5: Paiements mobiles à entreprises
Reference number
©
ISO 2017
© ISO 2017, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO 2017 – All rights reserved

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 2
4 Requirements of a mobile payments-to-businesses system . 2
4.1 Device, network and application selection requirements . 2
4.2 Security requirements . 3
4.3 Logging requirements . 3
4.4 Notice requirements . 4
4.5 Receipt requirements . 4
4.6 Data privacy requirements . 4
5 Types of mobile payments . 5
5.1 Mobile proximate payments . 5
5.2 Mobile remote payments . 6
5.3 Other mobile payments technologies . 6
5.3.1 Quick response (QR) based payments . 6
5.3.2 Mobile payments through short messaging service (SMS) . 6
5.3.3 Mobile payments through mobile airtime . 6
5.3.4 Mobile wallet . 6
6 Payment instruments . 7
6.1 Direct debit . 8
6.2 Credit transfer . 8
6.3 Payment card . 8
6.4 Other payment instruments . 8
6.4.1 Mobile bill account . 9
6.4.2 Stored value account (SVA) . 9
7 Use cases . 9
7.1 Proximate card payments use cases . 9
7.1.1 User verification method . 9
7.1.2 Single tap: Analysis of UVMs .10
7.1.3 Double tap: Analysis of UVMs .14
7.1.4 Mobile contactless payment transaction .16
7.1.5 Risk management in mobile proximate payments (MPPs) .26
7.1.6 Additional features . . .31
7.1.7 Interoperability and MPP service availability .32
7.2 Remote payments use cases .33
7.2.1 Mobile remote card payments .33
7.2.2 Mobile remote credit transfer .39
7.2.3 Mobile remote transactions using remote secured server .47
7.2.4 Interoperability model based on a centralized common infrastructure .49
7.2.5 Mobile remote payments using other payment instruments .50
7.2.6 Risk management in mobile remote payments (MRPs) .51
8 Requirements in the consumer environment .51
8.1 General .51
8.2 Requirements in the consumer environment .52
Annex A (informative) Host card emulation .53
Annex B (informative) Procedures for redress and dispute resolution .54
Bibliography .55
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www .iso .org/ patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO’s adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following
URL: w w w . i s o .org/ iso/ foreword .html.
This document was prepared by Technical Committee ISO/TC 68, Financial services, Subcommittee SC 7,
Core banking.
A list of all the parts in the ISO 12812 series can be found on the ISO website.
iv © ISO 2017 – All rights reserved

Introduction
The use of mobile devices to conduct financial services is occurring following the steady rise of the
number of customers using the Internet for these services. As an evolving market, mobile financial
services (MFSs) are being developed and implemented on various bases throughout different regions
of the world and also among the various providers of such MFSs (MFSPs). Given these conditions,
then, the purpose of this document is to facilitate and promote interoperability, security and quality
of MFSs, while providing an environment where all stakeholders can benefit from the evolution, and
MFSPs remain as commercially free and competitive as possible to design their own implementations
in pursuing their own business strategies.
The intentions of this document are:
a) to advance interoperability of MFSs globally by building an international vision of this environment
and by defining requirements based on a common terminology and basic principles for the design
and operation of MFSs (see ISO 12812-1:2017, Clause 5);
b) to define technical components and their interfaces, as well as roles that may be performed by
different MFSPs (e.g. financial institutions, mobile network operators, trusted service managers).
These components and their interfaces, as well as roles, are defined according to identified use
cases, although future use cases may be considered during the maintenance of the standard;
c) to identify existing standards on which MFSs should be based, as well as possible gaps.
Standardization effort in this area is beneficial for a sound development of the MFSs market as it will:
— facilitate and promote interoperability between the different components or functions developing
and/or providing MFSs (see ISO 12812-1:2017, 4.3 and 4.4), including consideration of the impact
of new components and/or interfaces created by the introduction of a mobile device into the
payment chain;
— build a secure environment so that payers and payees (see ISO/TS 12812-4) and consumers and
merchants (this document) can trust MFSs and allow the MFSPs to manage their risks;
— promote consumer protection mechanisms, including fair contract terms, rules on transparency of
charges, clarification of liability, and procedures for complaints and dispute resolution;
— enable the consumer to choose from different providers of devices or MFSs, including the possibility
to contract with several MFSPs for services on the same device;
— enable the consumer to transfer MFSs from one device to another one (portability);
— promote a consistent consumer experience among various MFSs and MFSPs, with easy-to-use
interfaces.
To achieve these objectives, each part of the ISO 12812 will specify the necessary technical mechanisms
and, when relevant, refer to existing standards in the area of each part.
The ISO 12812 (all parts) pro
...