M-payments, standards and licensing in Macedonia

advertisement
Micropayment in Macedonia
6-th Conference on Payment and Securities Settlement
Systems, Ohrid, 1-3 July 2013
Legal framework
-
-
Through 2012 there were several meetings with Ministry of Finance and
industry experts (Mobile Telecom Operators and Processing Houses in state)
about possible changes to the current law on payment system operations.
There were several changes proposed and adopted who are essential:
It is allowed institutions who are telecom and network operators or IT system
operators to process micropayments;
Micropayment-shall denote payment of products and services in a single
amount not exceeding Denar 1000 (15 Eur), with the approval for making the
payment being issued through telecommunication, digital or IT devices;
Single amount of the transaction (1000), total month limit per micropayment
user (6000) and total amount of all micropayment transaction by single
micropayments intermediary (100.000.000) are checked before procesing the
micropayment;
National bank have the role to prescribe technical standards for: security ,
operational availability and effective transfer of the assets. If all the standards
are meet license is issued for Micropayment intermediary and is registered.
Participants in micropayments operations
• Micropayment user
(person/in case of a company is every subscriber line particularly;
Sign specialized agreement with the intermediary;
Micropayment transaction is started by telecommunication, digital or other IT
assets;)
• Micropayment intermediary
(gathering, processing, control of the limits of the micropayments
and settlement of the participants)
• Point of sale
(company that should have a agreement with intermediary)
Micropayments
M user
Step 1: Initialization of micropayment
(ex. Pizza Napolitana = 500 MKD)
Merchant POS
Чекор 4: Известување за статусот на
микроплаќањето (500 MKD- ОК/НОК)
Step 1a:
Request and sign a
agreement
Чекор 2:
Чекор 3:
Acceptance of micropayment Confirmation of the
Accountability is confirmed in
micropayment
Чекор 1в:
two ways PIN, MSISDN; Control
PIN is given to the of the limits (500 MKD)
user to confirm the
micropayments
Чекор 5а:
Settlement between
intermediary and
Merchant through
bank through
calculation cycle
Чекор 2а:
Agreement
with Merchants
and spreading
the network of
POS
M Intermediary
Чекор 5б:
Settlement
between user
and intermediary
through billing
cycle.
Direct carrier
billings (DCB)
Чекор 1б
Registering user in the
information system of
the intermediary; PIN
issuing; Approval of the
initial limit per user.
Чекор 2б Registration
of the Merchants in the
information system of the
intermediary
Registration
Micropayment
Settlement
Benefits from Micropayment
• Liberalization in area of payment institution,
because now there is chance another non-bank
institution to perform micro-payment operation;
• Bigger competition will give new innovative and
advanced solutions that will increase security and
cut the cost for payment transaction;
• Fast, easy way to complete payments of goods
from the merchant;
• Users are granted with additional financial credit
assets, depend from credit score of the user and
set by intermediary.
Risk in Micropayments
• Possibilities of losing the device (mobile device) and possibility for
unauthorized micro-payments in the timeframe between losing the
device and blocking the device by the user;
• Insufficient control of the mobile device of the user that allow
negligent, accidental, or malicious mobile user behavior, (including a
lost/stolen phone, frivolous app downloading, and jail-breaking (iOS)
or rooting (Android) a device)
• Possibilities of large amount of complaints from the users of
micropayments or merchants to responsible organization for issuing
license for the intermediary(National bank has a reputational risk);
• Unauthorized attacks from outsiders/insiders of the IT system of the
intermediary that will jeopardize availability of the system.
• Inadequate mobile payment provider fraud controls. Poor
monitoring, detection and prevention tools can also cause
undetected or unauthorized access to financial data and
unauthorized transactions, leading to fraud losses.
Types of micropayment that are considered
• Installation of specialized application on mobile phone
of the user
-
Usage of NFC (Near Field Communication технологија), new generation of smart phones are
equipped with unique NFC chip. These technology in many countries is in phase of pilot or
under monitoring (Austria – А1 telecom and Holland – consortium of several banks ABNAMRO, ING, Rabobank for NFC initiatives, Google Wallet, etc...)
-
-
Strength (the most secure technology for transaction to be processed in these moments of technological
evolution concerning mobile devices; practically is extension of EMV technology that is using in card
processing with antenna in area of mobile devices)
Weaknesses (limitation to only smart phone generation and possibilities to enter the mass market of users of
mobile phones; Also relatively more expensive terminal equipment for merchant for their POS)
Scanning of specialized barcodes (mobile device in this situation should also be equipped with
camera and additional application that can scan a barcode on the POS to initiate the
transaction)
-
Strength(dual authorization of the transaction is also available)
Weaknesses(good internet connection to complete the payments in merchant area/or good coverage of the
network of the telecom operator; phishing scams; little screens on the mobile device are very bad for reading
the screens)
Types of micropayment that are considered
• Without installation of the application
-
With exchange of tones between mobile device of the user and terminal
equipment at the POS (In region successfully is working similar system
called MONETA in Slovenia- based on the MARGENTO technological
solutions. Similair system is announced to be established in Macedonia
-
-
Strength(work with every generation of mobile devices- possibilities to enter the mass
market and good penetration; possibilities to dual confirmation of the identity of the
user)
Weaknesses(The system is working on Direct Carrier Billing and there is a complaints in
several countries for cramming the bills)
Types of micropayment that are considered
• Installation of the application on the digital
receiver(set top box)
-
With remote controller of your TV you are giving the instructions to
process the payment
-
-
Strength(possibilities to order services and pay for goods from your living room; there
is also capability to implement dual confirmation of the identity of the user; encryption
of the data transferred)
Weaknesses(unauthorized usage of the application on your TV; your TV is not mobile
but is standing on just one place and there is no any possibilities to transfer the STB to
another geo-location)
Role of the National Bank
• Prescribed technical standards for security,
operational reliability and efficient transfer of
assets through the process of micropayment –
deadline was 03.04.2013;
• Issue license to a legal entity that has a intention
to be micropayment intermediary, if all the
standards are met;
• Registering the micropayment intermediary;
• Onsite and offsite supervision and oversight on
the intermediary are planned to check if the
standards are met and limits are controled.
DECISION ON
MICROPAYMENT TECHNICAL STANDARDS
• Technical standards for security;
• Technical standards for operational reliability;
• Technical standards for secure and efficient
transfer of the assets.
Security
• Risk analyses and preparing the report
• Information security policy
• Assurance of dual confirmation of the
identity of the user
• Usage of outsourcing services from the
intermediary (cloud services)
Operational reliability
• Indicators for efficiency (time needed for
different status of data processing, time
needed to complete transaction and issue
a acknowledgment to user for the status of
the transaction)
• Operational capacity(planning the capacity
of the IT system needed to operate and
archive the micropayments)
Secure and efficient transfer of assets
• Data processing of the micropayments in
the intermediary
• Responsibilities and complaints (process of
complaints, 24 hour user support, defined
responsibilities)
• Settlement (all the transactions are dynamically
settled through calculation cycle)
• Control of the limits
• Transparency
DECISION ON ISSUING A MICROPAYMENT LICENSE
For the application of the legal entity to
become a micropayment intermediary these
documents are gathered:
•
•
•
•
Certificate from central registry
Rules and procedures for micropayments
Anti money laundering program
Evidence that technical standards for
micropayments are met
DECISION ON ISSUING A MICROPAYMENT LICENSE
In department of Licensing in the National bank
assessment is done through following activities:
• Analyze completeness of the documentations,
according to the demands of the regulation;
• Wheatear documentation that is gathered is valid, up
to date and authentic;
• Wheatear approval to process the micropayment is
done through telecommunication and digital devices or
other IT devices;
• Wheatear technical standards are fulfilled according to
the decision and
• Wheatear conditions are met according to control of
the limits that are described by the Law for payment
operation.
Reports to the NBRM
• Intermediary is obliged to report to the
National bank about micropayments that
are processed;
• Content and form of the reports are
prescribed in separate decision of the
National bank
• Control of the limits and the system that is
used for this assignment will be checked by
supervisors
Info
Thank you
Contact:
National bank of the Republic of the Macedonia
Division of Supervision, Banking Regulations and Financial Stability
Goran Jankoski
head of IT risk group
jankoskig@nbrm.mk
Download