oSIST prEN 18184:2025

SLOVENSKI STANDARD
01-julij-2025
Finančne storitve - Specifikacija kod QR za mobilne (takojšnje) kreditne prenose v
skladu z zahtevami PSD2
Financial services - Specification of QR codes for mobile initiated (instant) credit
transfers under PSD2 requirements
Finanzdienstleistungen - Spezifikation von QR-Codes für mobil initiierte
(Echtzeit-)Überweisungen gemäß PSD2-Anforderungen
Services financiers - Spécification des codes QR pour les virements (instantanés) initiés
par un mobile
Ta slovenski standard je istoveten z: prEN 18184
ICS:
35.240.40 Uporabniške rešitve IT v IT applications in banking
bančništvu
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

DRAFT
EUROPEAN STANDARD
NORME EUROPÉENNE
EUROPÄISCHE NORM
May 2025
ICS 35.240.40
English Version
Financial services - Specification of QR codes for mobile
initiated (instant) credit transfers under PSD2
requirements
Finanzdienstleistungen - Spezifikation von QR-Codes
für mobil initiierte (Echtzeit-)Überweisungen gemäß
PSD2-Anforderungen
This draft European Standard is submitted to CEN members for enquiry. It has been drawn up by the Technical Committee
CEN/TC 225.
If this draft becomes a European Standard, CEN members are bound to comply with the CEN/CENELEC Internal Regulations
which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.

This draft European Standard was established by CEN in three official versions (English, French, German). A version in any other
language made by translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC
Management Centre has the same status as the official versions.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway,
Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and
United Kingdom.
Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of which they are
aware and to provide supporting documentation.

Warning : This document is not a European Standard. It is distributed for review and comments. It is subject to change without
notice and shall not be referred to as a European Standard.

EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2025 CEN All rights of exploitation in any form and by any means reserved Ref. No. prEN 18184:2025 E
worldwide for CEN national Members.

Contents Page
European foreword . 3
Introduction . 4
1 Scope . 5
2 Normative references . 5
3 Terms and definitions . 5
4 Abbreviations . 8
5 Interoperability of MCTs. 9
6 Standardization of QR codes for MCTs. 11
6.1 Introduction . 11
6.2 Minimum data set and QR code format for payee-presented QR codes . 11
6.2.1 Introduction . 11
6.2.2 Minimum data sets . 11
6.3 Minimum data set and QR code format for payer-presented QR codes . 12
6.3.1 Introduction . 12
6.3.2 Minimum data sets . 13
6.4 Standardized format of QR codes for MCTs . 14
6.4.1 Introduction . 14
6.4.2 Assumptions for the development of QR codes for MCTs . 14
6.4.3 QR codes for MCTs . 15
6.5 Coding of the QR code data fields . 16
6.5.1 General . 16
6.5.2 Domain name . 16
6.5.3 Version . 16
6.5.4 Type . 16
6.5.5 MCT service provider ID . 17
6.5.6 Payload . 17
6.5.7 Interoperability . 17
7 Security aspects of QR codes and their data . 17
7.1 General . 17
7.2 Payee-presented QR codes . 18
7.3 Payer-presented QR codes . 18
7.4 Additional security measures . 18
Annex A (informative) Examples of payload data in QR codes for MCTs . 19
Annex B (informative) Examples of process flows for interoperability of MCTs based on QR codes
........................................................................................................................................................................... 22
Annex C (normative) QR code properties and quality assessment . 34
Bibliography . 36

European foreword
This document (prEN 18184:2025) has been prepared by Technical Committee CEN/TC 225 “AIDC
technologies”, the secretariat of which is held by TSE.
This document is currently submitted to the CEN Enquiry.
The basis for this document was prepared by the Multi-Stakeholder Group on Mobile Initiated SEPA
(Instant) Credit Transfers, established by the European Payments Council (see
https://www.europeanpaymentscouncil.eu/), called Standardization of QR codes for mobile
initiated SEPA (instant) credit transfers (see EPC024-22v2.10, [5]). The present derived document
has been drafted in accordance to the CEN editorial rules.
Introduction
QR codes are one of the proximate technologies that may be used for the data exchange between a payer
and a payee to enable the initiation of an (instant) credit transfer.
This document specifies the QR code formats for both a payer-presented and a payee-presented QR
code. This document uses as a basis the revised Payment Services Directive (P2D2) [12]. The QR codes
have been defined to support the initiation of (instant) credit transfers by the payer (so-called push
payments) for various payment contexts, including person-to-person, person-to-business, business-to-
person and business-to-business payments, including public services.
1 Scope
This document provides a specification for QR codes for mobile (instant) credit transfers (MCTs)
whereby the payer uses a mobile device to initiate the payment transaction. The QR code is used to
exchange data between the payer and the payee to enable the initiation of the (instant) credit transfer
by the payer.
This document is applicable to both cases where the QR code is presented by the payee or by the payer.
This document excludes the following from its scope:
— The details of technical requirements and the supporting infrastructure to achieve interoperability
amongst mobile (instant) credit transfer (MCT) service providers;
— The detailed implementation specification of the payload included in the QR code.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 18004, Information technology — Automatic identification and data capture techniques — QR
code bar code symbology specification
ISO/IEC 15415, Automatic identification and data capture techniques — Bar code symbol print quality
test specification — Two-dimensional symbols
ISO/IEC 16480, Information technology — Automatic identification and data capture techniques.
Reading and display of ORM by mobile devices
ISO/IEC 19762, Information technology — Automatic identification and data capture (AIDC) techniques
— Harmonized vocabulary
ISO 12812-1, Core banking – Mobile financial services – Part 1: General framework
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 12812-1, ISO/IEC 19762 and
the following apply.
3.1
proxy
pseudonym for the payer or payee uniquely linked to the name and account associated to the payment
instrument
[SOURCE: ISO 12812-1 [7]]
3.2
account servicing payment service provider
ASPSP
PSP providing and maintaining a payment account for a PSU
[SOURCE: ISO 23195: 2021, 3.1.6 [9]]
3.3
business identifier code
8- or 11-character ISO code assigned by SWIFT and used to identify a financial institution
[SOURCE: ISO 9362 [6]]
3.4
consumer device
internet capable device used by the consumer (payer) to conduct an (instant) payment
EXAMPLE mobile phone, tablet.
3.5
2D barcode
machine-readable optical label that contains digital information
EXAMPLE QR codes, tag barcodes.
3.6
MCT service provider
mobile financial service provider that offers or facilitates a mobile initiated (instant) credit transfer to
a payer and /or a payee
3.7
hub
infrastructure ensuring connectivity between MCT service providers
3.8
instant
at once, without delay
3.9
instant payment
electronic retail payment solutions available 24/7/365 and resulting in the immediate or close-to-
immediate interbank clearing of the transaction and crediting of the payee’s account with confirmation
to the payer (within seconds of payment initiation)
3.10
MCT payment application
set of modules (application software) and/or data (application data) needed to provide functionality for
an MCT as specified by the MCT service provider in accordance with the rules of the (instant) credit
payment scheme
3.11
merchant-presented data
data provided by the merchant’s POI to the consumer to enable the initiation of an MCT
3.12
payee-presented data
data provided by the payee to the payer to enable the initiation of an MCT
3.13
payee reference party
person/entity on behalf of or in connection with whom the payee receives a payment
3.14
payer-presented data
data provided by the payer to the payee to enable the initiation of an MCT
3.15
payload issuer
entity responsible for issuing the payload
3.16
payment transaction
act, initiated by the payer or on his/her behalf or by the payee (beneficiary), of placing, transferring or
withdrawing funds, irrespective of any underlying obligations between the payer and the payee
3.17
payment account
account held in the name of one or more PSUs which is used for the execution of
...