Mobile Transaction Payment Processing

Mobile Transactions and Payment Processing
Ashok Goudar Senior Enterprise Architect
White Paper
Contents
Introduction Mobile Commerce Business Context Mobile Commerce Strategy Mobile Channel Strategy Mobile Marketing Mobile Sales Mobile Service Mobile Payment Mobile Wallets Mobile Commerce Transaction Mobile Banking and Mobile Money Mobile Commerce Transformation Roadmap Mobile Commerce Payment Business Scenarios Card based Mobile User to Business Payments (CM2B) Mobile Wallet User to Business Payments (M2B) Mobile Wallet Mobile Users to Mobile User Payments (M2M) Remittance Services Mobile Wallet CrossBorderM2M Mobile Wallet Cross Border M2Account. Mobile Commerce Payment Processing Models Card based Mobile Payments
Direct Card Based Mobile Payments Indirect Card Based Mobile Payments
4 5 6 7 7 8 8 9 9 10 10 11 11 11 12 13 14 15 16 16 16 16 16 16 17 17 18 18 19 22
Cardless Mobile Payments

M-Wallet Mobile Account Based Payments Contactless Mobile Payments
Sync and Async Payment Transactions Mobile Commerce Solution Architecture Mobile Commerce Transaction Scope - flows Mobile Client Presentation Layer Mobile Commerce Transaction Layer
Payment Messaging Authorisations, Settlements and Reconciliations. Payment Gateway Integrations Telco Operator Integrations
SMS Integration USSD Integration WAP/ WML Content Integration
23 24 24 25 25 26 26 27 27 28 28 30 30 31 31 32 33 34 35 38
B2B Mobile Commerce Content Integrations

Back Office Integrations Business Intelligence
Business Activity Monitoring Mobile Commerce Payment Security Tokenisation and End to End Security for PA-DSS compliance NFC- Based Mobile Commerce Payments NFC Card Based Payment Processing NFC Mobile Wallet Processing NFC Sales and Marketing Content Model Application Architecture Mobile Transaction Processing Deployment Architecture - Indicative Network Connectivity Conclusions
Introduction
Usage of mobile devices to conduct day-to-day communications, collaborations and business transactions, is growing exponentially. More and more users are opting for mobile channels, as part of their daily routines, to manage various aspects of their both business and personal activities. Business organizations have recognized this significant shift in their customer choices and preferences, which indicates the constant increase in customer affinity for mobile based transactions. At the same time, mobile technology itself has undergone tremendous levels of innovations and evolutions, resulting in more and more powerful mobile devices and communication channels being made available, that are capable of handling a variety of practical communication and business transactions. In the recent past, the computing power and network bandwidth of mobile devices and mobile communication channels have advanced to such an extent that the difference between mobile and desktop computing is drastically diminishing. Many business organizations, across all industry sectors, have quickly identified the emergence of business grade mobile technology and have strategically adopted mobile channel as one of their key eCommerce business channel to conduct their sales, service, and marketing operations and business processes, relating to their mobile commerce business models. As mobile technology is growing, so is the payment technology, which now enables end-to-end payment processing in context of associated business (sales) transactions, making it possible to conduct an entire business transaction along with associated end-to-end payment processing, over the mobile channels, offering enormous flexibility to customers, as to how, where, and when they can initiate their business transactions in real time. The payment processing industry, keeping in line with the potential and constantly increasing growth of the mobile commerce, has floated a variety of mobile payment processing solutions and models, that can be leveraged to relevant mobile communication services such as GPRS, USSD, NFC, Wi-Fi, Bluetooth, SMS, WAP etc. The increase in wireless bandwidth and highly available mobile network infrastructure backbone provided by various mobile network operators, have further increased the stability, reliability, and quality of service in wireless mobile transactions, making the mobile channel more and more reliable for business critical mobile commerce models. Keeping with the growth in the mobile communication technology, the software vendors, service providers and industry forums, have been offering newer and enhanced mobile operating systems (Windows mobile 7.0, Android OS, Symbian, Blackberry OS, Apple IOs4 etc), APIs (J2ME, Window 7 mobile SDK, Android SDK etc), development tools (along with emulators) and technology standards for mobile computing, making it possible to develop and host a variety of mobile transaction processing solutions for mobile commerce. In this context, this paper further discusses solution architecture of a target mobile transaction and payment processing framework for mobile commerce transaction processing. The paper also briefly touches upon various mobile commerce business models and solution architecture for business scenarios (conducted on different mobile communication technologies), that are addressed by the target mobile transaction and payment processing solution framework.
4 I Mobile Transactions and Payment Processing I White Paper
Mobile Commerce Business Context

Mobile commerce is not only an extension of an eCommerce business model but also an innovative commerce model, where in a variety of commerce transactions are conducted over mobile channels. In mobile commerce, many business organizations, in addition to traditionally established channels (field sales, branch offices, front offices, web channel etc) use mobile channels to conduct their business operations in sales, service, and marketing areas. A typical mobile commerce ecosystem, in addition to end-customers, comprises of multiple participants including business organizations, retailers, telecom network service providers, mobile transaction processing service providers, payment gateway service providers, acquirers, intermediaries, issuer banks, and a variety of settlement service providers. In a mobile commerce business model, end users will be able to buy the products and services from the merchants (or business organizations) and make payments for services and products through their mobile devices. The services and products are either directly delivered to the customers through their mobile devices (if they are content based services) or else shipped to their addresses through shipment and fulfilment processes. As part of the mobile commerce model, users will be able make the payment in a variety of ways over the mobile channels, either using their credit/debit cards or through cardless
Figure 1: Mobile Commerce Transaction Processing Context
Mobile Transactions and Payment Processing I White Paper I 5
(contactless) payment mechanisms through their mobile wallet accounts. The mobile commerce services (products and saleable services) are presented to the customers either directly through the mobile channel or through other channels (mediums) depending upon the nature of the services sold. Once the business transaction is completed, the users can make payments directly through their mobile devices. One of the key aspects of mobile commerce model is that, the services and products are offered to the customer through mobile friendly commerce transaction services, through mobile channels, which can enable the users to make their purchases directly through their mobile devices. Mobile commerce can provide great flexibility to the end users in the way, in which they conduct their purchasing operations.
Mobile Commerce Strategy

A well formulated mobile commerce business transformation strategy is essential to achieve the mobile commerce (m-business) business goals. Typically in many organizations across industry verticals, the mobile commerce model is seen as an augmentation or an extension to the existing brick-mortar, ecommerce and e-business models, taking the business services to the consumers over mobile channels. In some other small and medium business organizations and start-ups, the mobile commerce model could be the main business service model, which will enable those organizations to reach their customers, effectively through mobile channels. Due to the shifting habits of the consumers and flexibility associated with mobile enabled business interactions, the mobile commerce model is taking a prominent place in the business strategies of many organizations. A mobile commerce strategy defines the outlook of the proposed mobile commerce model (in other words m-business model), across key aspects of the mobile commerce business model. The scope of the strategy for mobile commerce includes the following:
Figure 2: Mobile Commerce Strategy Transformations
Mobile Channel Strategy

Mobile channels play a critical role in successful acceptance and adoption of mobile commerce, mobile payment, and mobile banking solutions. The technology of the mobile devices, users knowledge on the mobile technology, users familiarity, and comfort with mobile channels, will impact the levels of adoption of mobile business models. The following are the key mobile channels, through which target mobile services are delivered to the consumers. SMS Channels SMS messages are widely supported by wide array of basic as well as most advanced mobile devices, and majority of the customers (both educated and uneducated) can use SMS messages to conduct mobile transactions through their phones. However the costs associated with SMS channel based mobile transaction processing can be relatively higher compared to other mobile channels. Also the mobile transaction security with SMS channels can pose few challenges from regulatory compliance perspective. In certain geographies, the SMS channel is the only viable channel that can reach large number of mass mobile users. The SMS channel strategies evaluates the pros and cons of SMS channel with respect to the business model and formulates a solution strategy that can leverage to SMS messages. USSD Channel This is a more secured channel compared to the SMS channels, requiring higher levels of Telcos participation (USSD gateway service provider) in the mobile transaction model. USSD channel is supported by a wide range of mobile devices; however the USSD command model itself differs from one Telco carrier to another Telco carrier, resulting in higher levels solution implementation costs. As with SMS texts, USSD mobile commands are relatively easy to use and hence can appeal to a wide range of customers. The strategy for USSD channel, determines how, where, and when the USSD based mobile commerce solution can adopted to realize the underlying mobile commerce business models. Mobile Browser Channel (mobile optimized and WAP sites) The mobile device resident mobile browser is used to access the mobile customized WAP or web applications, with which customers can engage in various types of mobile business transactions. This channel can be widely used by educated users (technically savvy) and at the same time many uneducated or under-educated customers may find this channel difficult to use. This channel is relatively easier to adopt, since the existing web channels and web applications can be quickly customized for mobile devices. Mobile Application Channel In this channel, the mobile device specific (APIs, OS) mobile applications are used to conduct the mobile transactions. The mobile applications are device specific and are OS specific, and usually provide rich user interfaces for the mobile devices. The cost associated with mobile application channel is relatively high, as the applications needs to be developed to a specific set of devices and also the customer coverage is some what restricted to those specific devices, upon which the specific mobile applications can run. The rich user interfaces and secured transaction processing capabilities offered by application APIs, can be very useful to bring tailored mobile solutions to target customers. NFC and contactless mobile channel This channel is supported on NFC enabled mobile devices, and can be used to realize contactless mobile based business transactions, such as mobile marketing, mobile payments, and various types of mobile promotions, including location based services. In case of payment processing, the NFC channel also requires NFC enabled POS devices at the merchant locations. This is one of the key an emerging mobile channels that needs to be considered while defining an organizations mobile commerce business strategies.
Mobile Marketing
Mobile marketing is a business strategy as to how, where, and when the marketing services can leverage to mobile channels to achieve maximum marketing effectiveness. Effective mobile marketing strategies include the following:
Mobile Campaigns Campaigns targeted to selected customer segments over mobile channels. In-Store Promotions Promotional campaigns aimed at customers when they are within a store, offering discounts through mobile channels. Location Based Services Services, promotions, and coupons etc offered, based on the customers current location. Such campaigns can influence customer buying habits. Coupon Offerings Coupons and discounts offered through mobile channels. The mobile commerce strategy will also ensure mobile based coupon redemptions during point sale transactions. Mobile Barcode Campaigns A marketing strategy where the mobile bar codes are used for product and service promotions. User devices, when they scan the mobile barcode, will receive the mobile content often consisting of product details, promotions, discounts, vouchers, and coupons. Mobile Personalization Tailored marketing campaigns over mobile channels, which are based on users profile, preferences, habits, and affinities.
Mobile Sales
Mobile sales strategy for various products and services, to be sold either directly over the mobile channels or through the support of mobile channels with other sales channels. A mobile sales strategy can include the following: Mobile point of sales strategy How the potential end users can use their mobile devices to make purchases at the point of sales locations. Mobile catalog services How the products and services can be presented to the customers through mobile customized product and service catalogs. Mobile coupon redemptions How, where, and when user can use their coupons, discounts in the context of their purchases over mobile channels. Mobile optimized commerce sites How the commerce websites can be optimized and delivered to the customers over mobile channels. Cross and up-selling models How mobile channels can be used to increase revenues through cross selling and up-selling models. Event and geography location based selling How event and users location based sales can be increased over mobile channels.
Mobile Service
A mobile service strategy addresses the service model that needs to be adopted in the context of mobile channel enabled business models. A service strategy for a mobile commerce business model includes the following: Fulfillments Strategy for post sales delivery and shipments of the products and services sold over mobile channels. Returns Strategies for handling post sales return for the products and services sold over mobile channels. This will include processing of payment returns. Inventory Management Deals with the inventory management of a mobile commerce business model.
Contact and Call Centers Post sales help and call centers for the customers.
Mobile Payment
This is a mobile strategy for accepting and processing of payments over the mobile channels, in the context of mobile commerce sales transactions. The mobile payment strategies can include: Card based mobile payments How the mobile commerce business model and strategy supports card based payment acceptance. The card based payment strategy outlines the model for supported cards types, geography based payment gateway services, and cross border card based payments over mobile channels. Contactless card based mobile payments Deals with the contactless card based mobile payments using mobile devices (with NFC technology). Cardless mobile payments Include the strategies for accepting the payments through cardless payment models such as mobile wallets. Carrier Billing A mode of payment strategy where in the mobile sales transactions are charged against the user carrier billing, which are paid by the users either with pre-paid or post-paid contracts.
Mobile Wallets
A mobile wallet based payment strategy deals with how, where and when the payments, can be accepted and processed using the users mobile wallet accounts. The strategy also defines how the mobile wallet accounts are integrated with the commerce transactions to process the associated transaction payments. The mobile wallet payment options include the following: Prepaid Here the users top up their mobile wallet accounts upfront and such mobile wallet accounts are used to make the payments in context of the mobile sales transactions. Post-paid In this case, a users mobile wallet account is linked to his or her carrier billing account. The mobile sales transactions are paid with the users mobile wallet account, which in turn is charged to the associated mobile billing account that is usually paid on a monthly or quarterly basis. Card linked mobile wallets In this mobile wallet strategy, the mobile wallet accounts are linked to users debit or credit cards. In a mobile sales transaction, with card linked mobile wallet payment, the final payment is made from the wallet account that is linked to users cards. Carrier hosted Wallet Service In this wallet payment strategy, the wallet services are primarily provisioned by a carrier (telecom network operator or mobile service provider), in partnership with participating banks and financial institutions to link mobile wallets with users card services. The payment settlements are done between the carrier and participating financial institutions. The carrier alone maintains the mobile users wallet accounts and provides complete mobile payment transaction support. Financial institution hosted wallet service In this strategy, the mobile wallet services are hosted by financial institutions (such as payment service providers, and payment network service providers, banks) in partnership with related Telco or carrier service providers. The FIs will maintain the users mobile wallet accounts in relation with their card accounts. In such a model, the telco (carriers) will be maintaining the user mobile accounts and will be participating in the mobile payment transaction.
Business hosted mobile wallet service In this strategy, the mobile wallet services are hosted by an independent mobile payment transaction service provider(s), along with the participation from telecom carriers and financial institutions.
Mobile Commerce Transaction

This strategy defines the mobile transaction based business model in which various services both internal and external (partner content services) are offered to the customers. In this model, a variety of industry specific mobile commerce transaction services are sold to the customers over mobile channels and associated payments are also processed over mobile channels. It also formulates mobile application strategy that can support various mobile commerce transactions. The mobile transaction processing strategy further includes the following: Content based mobile commerce transactions - In this model, the mobile device and channel compliant content services such as music, games, videos, movies, gigs etc., are sold to the customers using mobile channels and associated payments are processed either through card based accounts or through wallet accounts including carrier billing models. Mobile bill payment transactions This mobile commerce business model enables the end users to make their bill payments (various types) directly through their mobile devices, using their card accounts or mobile wallet accounts. Mobile ticketing services In this mobile commerce business strategy, various types of ticketing services (movies, entertainments, concerts, games, sporting events etc) are sold over the mobile channels and payments for such sales transactions are processed with card accounts or with mobile wallet accounts through mobile channels. Travel booking services This business model offers various types travel (bus, air, train, taxi, ships, ferries etc) and hotel related booking services are offered over mobile channels. payments for such sales transactions are processed with card or mobile wallet accounts. Industry specific mobile commerce transactions - These are the industry specific mobile commerce business transaction models, where in industry specific services are sold to the customers over the mobile channels. Such services are very specific to the concerned industry such as insurance, retails, telco, finance, government etc.
Mobile Banking and Mobile Money

The strategy for mobile banking and mobile money transfers, involves formulating the business models and approaches to extend the banking services and money transfer facilities over mobile channels. A mobile banking strategy aims at providing complete banking facilities to the customers through their mobile devices. The following are the key flavours of this strategy: Mobile retail banking This business strategy aims at bringing the key retail banking services such as statements, balance enquiry, check deposits, money transfers, bill payments, direct debits etc to the customers over the mobile channels. Mobile cheque deposits This business service allows the customers to make cheque deposits remotely. Mobile peer to peer payments Allows the users to make money transfers or payments directly to one an other, using mobile channels, either using their mobile wallet accounts or with their bank accounts including card accounts. Mobile money transfers Mobile enabled local and cross border money transfers can help many customers to make money transfers easily from their mobile devices, either using their card/bank
accounts or through their mobile wallet accounts. This strategy defines the mobile enabled money transfer business models and associated solutions. The cross border international money transfers can involve multiple local and international participants including FIs, banks, and cross border settlement solutions. The mobile banking services can be provisioned through user chosen (compatible) mobile channels such as text/sms, dedicated mobile application, and mobile customized web application sites that are accessible through mobile hosted browsers.
Mobile Commerce Transformation Roadmap

A well planned mobile commerce transformation roadmap can help the organizations to realize their mobile commerce business goals and achieve their target mobile commerce business strategies. A mobile commerce transformation roadmap in an organization depends upon business priorities, business sponsorships, and several internal and external dependencies. In a mobile commerce business model, such a transformation can also depend upon technical feasibility and technology options available. A mobile commerce transformation roadmap can differ from organization to organization depending upon the current state of business and technology models, business priorities, and target markets. In general, in many organizations a typical mobile commerce journey starts with mobile marketing services, and gradually moving towards a complete set of mobile commerce business model, offering full services over mobile channels. In some other organizations such as banking, the priority would be mainly on customer reach and satisfaction, which may put priority on mobile self service models for payments and retail banking. Likewise, the transformation roadmap depends upon multiple factors, and hence such a mobile transformation roadmap definition and planning needs to take all influencing factors in to account. The following figure shows an indicative mobile commerce transformation roadmap. It is important to note that there no one common transformation roadmap for all mobile commerce initiatives in different organizations. It may be noted that the key mobile commerce initiative are not necessarily be taken in sequential manner, many times such initiatives are handled in parallel within the scope of an overall mobile commerce transformation programme for the organization.
Mobile Commerce Payment Business Scenarios

In the context of mobile commerce transactions, the usage of the mobile technology, in order to facilitate flexible payment options, can be envisioned to support multiple mobile payment scenarios, practically seen in a variety of day-to-day business operations.
Figure 3: Mobile commerce - Payment business scenarios
In this section, based on the context of the mobile payments and the associated mobile commerce transactions, the following key mobile payment business scenarios are discussed.
Card based Mobile User to Business Payments (CM2B)

In this payment scenario, the mobile users make payments to the businesses or the merchants, through their payment cards (credit, debit, etc) through the mobile channel.
Figure 4: Card based Mobile User to Business
In this mode, the users actually conduct their mobile commerce transactions and make the payments against the bills (invoices) generated, through their mobile devices, using their payment cards. Following are the key steps performed in this scenario. (Depicted in Figure 4) 1. Users invoke the mobile commerce application from their devices. 2. Users are presented with the products and services along with their prices. 3. Users select products and services and add them to the shopping cart. 4. After verification of the bills, users perform checkout operation. 5. After checkout, user are presented with either a payment screen where users will enter their card details and pin number (securely- login pins), to make the payments, or pre-stored payment card details along with pin number are automatically taken for payments, based on user approvals. 6. The users payment details along with card details are passed to the respective payment service provider (through mobile transaction service provider), for payment authorization and subsequent settlement (payment is authorized against users account held in the issuer bank). 7. Upon authorization, the payment is either directly deposited merchant account or settled based on pre-agreed settlement period, by the acquirer.
Mobile Wallet User to Business Payments (M2B)

In this scenario, the mobile users will directly use their mobile phones as wallets to make payments. In this mode, there is no direct usage of the payment cards involved. The following are the key steps performed in this scenario.
Figure 5: Mobile Wallet for Payments (M2B)
1. Users invoke the mobile commerce application from their device. 2. Users are presented with the products and content services along with their prices. 3. Users select products and services and add them to the shopping cart.
4. After verification of the bills (invoices), users perform checkout operation. 5. After checkout, users are presented with a screen to enter their mobile wallet entry pin, to make the payments. 6. Upon receipt of the wallet account pin, the users mobile SIM number or any such uniquely identifiable numbers (and any pre-stored wallet number) along with pin is propagated to mobile wallet service provider through mobile transaction processing service provider. Upon authentication and authorization of the user wallet credentials, the mobile wallet service provider makes the payments to associated merchant account, through standard acquirer, payment gateway service provider networks. The merchant account is deposited with transaction amount based on the preagreed settlement periods. 7. Payment confirmation is sent back to the mobile user. 8. Mobile transaction is closed.
Mobile Wallet Mobile Users to Mobile User Payments (M2M) Remittance Services
This is a mobile wallet based peer-to-peer payment scenario; where in the mobile users can make direct payments other mobile users through their m-wallet accounts. No card based payment is involved in this scenario. The recipient (beneficiary) may either receive the payment into their m-wallet account or into their back accounts, based on the payment instructions.
Figure 6: Mobile Wallet M2M Remittance Services
The following are the key steps involved in this type of payment scenario: 1. User invokes a special purpose mobile commerce application for peer-to-peer payments, in their device. This application facilitates payments either directly to the recipients (beneficiary) m-wallet account or to the associated bank account. 2. User is prompted to enter the payment instruction details in the application including the peers wallet or bank account identification details. 3. User is prompted for the m-wallet pin number. 4 Mobile payment transaction details along with m-wallet credential details are passed to the m-wallet service provider through the mobile transaction service provider. 5. Upon validation of the payment instructions along with users credential details, the following payment deposit actions are performed: a. If the recipients m-wallet details are provided, then the payments are made directly to the recipients m-wallet account. Payment confirmation is sent back to the user.
b. If the recipients bank account details are provided, then the payments are made directly to the recipients bank accounts, through settlement networks. Payment confirmation is sent back to the user. Upon deposits into the recipients bank account, the recipient is notified of the deposits either through mobile channel or through other relevant channels which the recipient has opted for. 6. Mobile transaction is closed.
Mobile Wallet Cross Border M2M

This is an international cross border mobile-to-mobile payment scenario, where in both payer and the beneficiary use their m-wallet accounts during the payment transaction. It is almost similar to the previous scenario, except that in this scenario, there is an international cross border settlement component involved.
Figure 7: Mobile - Wallet Cross Border M2M Services
The following are the key steps of this mobile payment scenario: 1. User invokes a special purpose mobile commerce application for peer-to-peer payments, in their device. This application facilitates payments directly to the recipients m-wallet account. 2. User enters the payment instruction details in the application including the peers wallet details. 3. User is prompted for the m-wallet pin number. 4. Mobile payment transaction details along with m-wallet credential details are passed to the m-wallet service provider through the mobile transaction service provider. 5. Upon validation of the payment instructions along with users credential details, the following payment deposit actions are performed: a. The cross border settlement transaction is initiated between the m-wallet service providers bank account and the recipients m-wallet service provider bank account. b. Upon settlement, the recipients m-wallet service provider deposits the money into recipients wallet service account. 6. Payment confirmation message is sent back to the payment initiator.
Mobile Wallet Cross Border M2Account.

This is a slight variant of the previous scenario, where in the payment transfer is done to the recipients bank account or the transferred amount is directly paid to the end recipient (beneficiary). The following are the key steps on this scenario 1. User invokes a special purpose mobile commerce application for peer to peer payments, in their device. This application fa-cilitates payments directly to the recipients m-wallet account. 2. User enters the payment instruction details in application including the peers wallet details. 3. User is prompted for the m-wallet pin number. 4. Mobile payment transaction details along with m-wallet credential details are passed to the m-wallet service provider through the mobile transaction service provider.
Figure 8: Mobile Wallet Cross Border M2Account
5. Upon validation of the payment instructions along with users credential details, the following payment deposit actions are performed: a. The cross border settlement transaction is initiated between the m-wallet service providers bank account and the recipients bank account and the recipient end user is notified of the transfer. b. For the cases, where the recipient is not having a bank account, the money is transferred to an intermediary (based on the pre-agreed arrangement) account, from where the amount is disbursed to the recipient through direct channels.
Mobile Commerce Payment Processing Models

In many of the industry sectors, such as retail, telco, insurance, finance etc, the adoption of mobile commerce business models depends upon the ability to securely process the payments through mobile channels, over multiple mobile devices, built on different technologies. The key mobile payment schemes that can enable a variety of mobile commerce business models, can be grouped into following models:
Card based Mobile Payments

In these types of mobile payment schemes, the actual payment cards, such as debit cards, credit cards, prepaid cards, post paid cards, gift cards, vouchers etc, are used make the payments through mobile devices. Based on the context of business sales transaction, users are required to furnish the card details along with the pin verification to make the payments. Card based mobile payments can be further classified into direct and indirect card based payment schemes. The card details can be also stored directly into memory or smart cards of the mobile devices.
Direct Card Based Mobile Payments

In this type of payment mode, the users will directly provide the card details at the point of making payments. The user card details along with pin verification are used to make the payments, to the concerned merchant accounts.
Indirect Card Based Mobile Payments

In an indirect card based mode, the users card details are registered with the payment service provider upfront, either through web or mobile channels, and subsequent user payments are made with a secure pin entry provided by the users. The users do not have to enter the card details at the point sales step of the process.
Cardless Mobile Payments

Cardless mobile payment options provide the end users, to make payments without the need to have the payment cards such as credit or debit cards. In these types of payment modes, primarily, the payment is made against the users mobile wallet accounts, which are monetarily replenished though various online or mobile payment modes. Cardless mobile payments can be broadly arranged into following categories:
M-Wallet Mobile Account Based Payments

In this mode, basically the users mobile accounts are charged against the bills (for the services and goods), generated during mobile sales transactions. Such mobile wallet account based payments can have further flavours such as: Pre-Paid mobile payment accounts In this type of contract, the users will buy the pre-paid mobile wallet account value, by using top-up services, to which the payment is made by using a variety of channels, including online, ATM etc. Such pre-paid wallet accounts are further used during the mobile commerce transactions to make actual payments.
Post-Paid Mobile payment accounts Post-paid contracts enable the users to pay their mobile charges along with any other mobile commerce charges on a periodical basis (monthly, quarterly etc), based on the contract type chosen with the mobile wallet operator. During the mobile commerce transactions, the payments are initiated against the post-paid mobile account, and regular bills are forwarded to the customer (users) as per the billing arrangements.
Contactless Mobile Payments

The contactless mobile payments work more or less same as other types of cardless mobile payments, except that the payment details appear on the mobile devices automatically, in the context of a business transaction, when a mobile device is brought in the close vicinity of a concerned point of sales (PoS) device. The NFC based mobile devices and contactless credit cards can engage with PoS devices, to enable contactless payments. The ISO/IEC 14443 standards define the framework to manage the contactless payment communications between a payment card reader (or NFC capable POS device) and an associated payment card device (either card based or NFC device based). Near Field Communication (NFC) Contactless payment Near field communication technology leverages to the short range wireless technology that can enable the communication between two devices whenever they come in the close vicinity of each other. In the context of mobile transactions, this communication technology is further used to initiate payments from a NFC enabled mobile client device with a corresponding NFC enabled PoS device.
Sync and Async Payment Transactions

Mobile commerce payment transactions can be conducted either in a synchronous or in asynchronous mode. In a synchronous payment transaction, the users payment transaction is completed , along with the underlying business sales transactions, which usually have atomic transaction scope. Usually, card based mobile payments are processed though synchronous integration patterns. The mobile transactions can also be handled in an asynchronous fashion using SMS, USSD mobile, and other technologies, where in the entire mobile commerce transaction is conducted through a set of related, but asynchronous business transactions.
Mobile Commerce Solution Architecture

A mobile commerce solution architecture, that can support mobile transaction processing capabilities, needs to address the requirements that are unique (in addition to business requirements) to mobile commerce, such as performance, security and relative instability of the mobile wireless networks, constantly emerging mobile technologies and wide range of mobile client technology specifications. It is also important that the solution architecture addresses all the non functional requirements such as scalability, availability, PCI-DSS compliance, DPA compliance, and any other associated regulatory compliance requirements. In this section we further discuss architectural details of the mobile transaction processing solution framework that can support end to end mobile commerce business models in many organizations.
Figure 9: Mobile Transaction Processing Solution Framework
Mobile Commerce Transaction Scope - Flows

A typical mobile commerce transaction can be viewed as either as an atomic or a long lived composite transaction (depending on the requirements), comprising of multiple participating sub transactions (services) such as an order management transaction and an associated payment transaction. The following diagrams shows a general transaction scope of a mobile commerce business transaction In order to ensure a successful mobile transaction and to maintain transaction integrity, all the individual steps in the scope are required to be completed; else appropriate rollback (compensation) is required to be issued. In order to maintain payment transactional integrity, it is important to ensure
that the rollback of payments is achieved (by issuing payment rollback instructions), incase any part of the transaction fails to go ahead. However, for practical reasons, it is also feasible to update the orders manually, incase the payment is successful, but order updation has failed. However, if order is cancelled for some reasons (usually by end users), then a corresponding payment rollback transaction needs to be initiated (depending upon the logic).
Figure 10: Mobile Commerce Transaction Scope
In order to improve performance, in some use cases it may be useful to introduce asynchronous mobile commerce transaction processing, wherever it is feasible to achieve. This can be achieved by breaking the entire mobile transaction into manageable sub transactions that can be meaningfully preformed in an asynchronous manner, and still achieving the completion of overall mobile commerce transaction.
Figure 11: End-to-End Full Transaction
Mobile Client Presentation Layer

The client application layer of the solution provides the mobile user interfaces, using which the end user can conduct their mobile commerce transactions. The key mobile commerce client functions can be grouped into the following modules, which are implemented using different mobile client technologies User Module provides the full functionality to manage the user profile, which can provide all the necessary information regarding the user, which is essential to conduct mobile payment transactions. The information can include user id, user certificates, user card details including pin (through secured storage), billing address, shipping address etc. The following are some of the key mobile use cases of this module:
Figure 12: mCommerce Transactions Presentation Layer Modules
Login - Enables the user to login into their mobile payment accounts. Manage User Profile - Allows user to update and manage their mobile account. Fillup Wallet Account - Make deposits to mobile account wallet account. Make Mobile P2P Payments - Allows the user to make person-to-person mobile payments using card or m-wallet account. Make Mobile Money Transfers - Allows the users to make mobile money transfers. Make P2P Payments / Money Transfers with SMS Allows the users perform P2P payment with SMS based communication. Make P2P Payments/ Money Transfers with USSD Enables the user to pay using USSD messages. Product and Service Module This module provisions the mobile commerce product and service catalog services, using which users can browse the available services and products along with their pricing details. The following key use cases are included as a part of this module. Search Products and Service Catalog Allows the users to perform a quick search on available products and services. View products and service catalog Enables the users to view the products and services available in a particular category. Buy selected services with M-wallet account Enables the users to buy the selected product or service with their M-wallet account. Buy selected services with card payments Enables the users to buy the selected product or service with credit or debit payment cards. Buy selected services with M-wallet account using SMS Enables the users to buy the selected product or service with their M-wallet account, using SMS messages. Buy selected services with M-wallet account using USSD Enables the users to buy the selected product or service with their M-wallet account, using USSD messages. Buy selected services with M-wallet account on NFC channel Enables the users to buy the selected product or service with their M-wallet account, using NFC channel. Orders management module (with payment processing) This is one of the key module, using which, users can select the products and services and add to their shopping cart and subsequently initiate mobile commerce orders. Internally, this module will use the mobile payment module to initiate the mobile payments in the context of a placed order. This module includes the following main use cases Create shopping cart for an order Allows the users to create an order (shopping cart) by selected products and services. Add products and services to an order Users can add, delete, and update the order with selected products and services. Pay the order with M-wallet account Enables the users to pay the order with their M-wallet account.
Pay the order with card payments Enables the users to pay the order with their credit or debit card accounts. System Admin Module Includes the mobile commerce application management functions, to set up various systems configurations that are used during live transactions. This module also enables the users to maintain their address details, payment contacts, and any voucher and coupons which they can use during payments. The following are some of the sample use cases included this module. Manage user account Enables the users to maintain their mobile account details. Manage user address Allows the users to manage their various addresses such billing address, shipping address etc. Manage users contacts To manage users payment contact details. Manage user coupons and vouchers Enables the users to manage their coupons and loyalty points etc. The UI layer can be built using multiple mobile client technologies depending upon the operating system and API supported by the individual mobile devices. Currently, multiple mobile operating systems and mobile client apis (SDKs) are provided by major mobile software vendors in the market. Following are some of the key mobile client (micro edition) apis (SDKs) (supported on respect mobile OS) that can be used for developing the mobile client application layer: Java ME Java Platform Micro Edition is a complete java based design time and run time platform, supporting mobile technology with java run time. Java ME provides multiple APIs and JSRs to support mobile application development. For the mobile client application development, one can use some of the key apis such Java ME web service java ME Swing, Java ME Socket to develop appropriate java mobile client applications. A set of mobile technology JSR APIs are bundled, as a part of the latest Java ME, to support a wide array of mobile applications. Windows Mobile OS7 Window SDK is latest window operating system and SDK for window mobile devices. Windows mobile SDK can support full cycle development of windows mobile commerce clients, which can connect with the mobile commerce services hosted in the ser-vice layer. Windows OS7 client will be able to run on mobile client devices that run windows Os7 Android Android Mobile OS is another major mobile operating system along with relevant SDK that can support full cycle development of mobile commerce clients, which can interface with mobile commerce services hosted in the service layer. ISo7 Is an Apple OS for Apple mobile devices and smartphones supporting full cycle development of the mobile commerce clients that can interact with the mobile commerce services hosted on the service layer. SMS SMS based mobile commerce connectivity has been successfully used, where in the SMS messages are used to process the mobile payment transactions in the context of a mobile commerce transactions.
Figure 13: Mobile Commerce Service Layers
WAP clients: Wireless Application Protocol is a GPRS based protocol, using which WML based mobile client application can be displayed in the mobile devices using WAP enabled browsers. WAP enabled mobile clients can interact with the mobile commerce services including mobile payment services, hosted on the mobile commerce service layer. WAP clients are supported by majority of the client devices and WAP gateway is required for converting the WML content to HTML content before being posted to the application server (Web server) in the mobile commerce service layer. Majority of the WAP sites are accessible from wide array of the mobile devices. As of now WAP based mobile service is slowly declining, as more and more powerful mobile browsers are now being supported by recent mobile devices. Mobile HTTP client (http 5.0/ CSS 3.0) Recent mobile devices and smartphones are enabled with micro browsers which are capable of rendering many of the modern day web application content. Some of these micro browsers now support client side computing (mobile ajax) and can successfully render the complete web content that is developed on http 5.0 / CSS 3.0 standards. The mobile commerce clients can be developed on http 5.0/ CSS 3.0 specification standards, just as any other standard web application. The server side components of the web applications can invoke the services hosted on the mobile commerce service layer.
Mobile Commerce Transaction Layer

The mobile commerce transaction layer of the solution comprises of mobile commerce key process (workflows) layer and mobile commerce service layer. This layer can host a variety of required mobile commerce and payment processing processes and services. The following diagram depicts a representative set of mobile transaction services hosted in this layer.
Figure 14: Mobile Commerce Transaction Layer
Process and human workflow Layer The process layer of the solution consists of key mobile commerce business processes that will support the end-to-end processing of mobile transactions involving human workflows. The processes (workflows) hosted in the process layer can be long lived processes or atomic short lived transaction processes. The human interfaces of these processes (which also termed as human workflow services) can be implemented as mobile client applications, using which the end users will be interacting with the mobile commerce process workflows.
Service Layer In this layer, key mobile commerce services are created, composed and aggregated and are exposed as services, which can be invoked by various consumers with supported service bindings. The Basically, the services created in this layer include the business services, utility services, application services that can facilitate the integration between internal applications as well as external sources. The services in this layer are created as service composites compliant with SCA standards. The services can also be accessed by the mobile presenation layer components over REST protocol, via a "REST Adaptor" Components. The service calls over REST protocol are likely to improve performance in some scenarios. Service Bus The service bus hosts service end points for the mobile commerce services. The mobile client applications as well as mobile business processes and any other service consumer clients can invoke the service end points through the service bus. The service bus provides standard functionality such as service routing, service mediation, service protocol transformation, service auditing and logging and quality of service (QoS) features to the service end points.
Payment Messaging Authorizations, Settlements, and Reconciliations.

The payment processing services, in the mobile transaction solution framework, can leverage to the following types of payment integrations 1. Payment gateway service provider integration Any third party payment gateway service providers are directly integrated from the mobile transaction processing solution framework. Such integrations are developed with multiple integration protocols such as web services, TCP/IP socket interfaces, secured file transfers, secured message transfers, depending upon the integration support provided by the service provider. The messages exchanged through such gateway service
Figure 15: Payment Messaging Interfaces
providers are usually customized in nature, as per the specifications determined by the service provider. 2. Authorization and verification integrations (with acquirer or payment authorisation service provider) In this mode of integration, the mobile transaction framework directly integrates with relevant acquirer or card authorizsation service provider, for securing the authorizations (pre, post and partial authorizations), payment reversals, and also relevant card holder verifications, for card based transactions. The authorization and verification messages exchanged are usually ISO8583 compliant, supporting the required authorization cycles.
3. Settlement integrations with settlement service providers These are the interfaces with payment settlement services providers, to ensure timely settlements of conducted payment transactions. The settlement integrations are usually implemented as asynchronous secure file exchange (SFTP, SSH) based interfaces. The settlement files are created as per the settlement file specifications, such as apacs29b formats. 4. Authorisation and settlement interfaces with mobile wallet service providers These are the interfaces between the mobile transaction solution framework and relevant mobile wallet service providers to authorize and settle the mobile wallet account based transactions. Such interfaces are usually implemented as real time sync integrations, but can be also implemented in batch mode, depending upon the arrangements with the involved mobile wallet service providers. The messages exchanged with the mobile wallet service providers are usually proprietary in nature. 5. Reconciliation Interfaces These are various interfaces developed in the mobile transaction solution framework, to facilitate payment transaction reconciliations between various participants involved in the payment eco system. Such participants may include merchant locations, retailers POS locations, payment authorization service providers, payment settlement service providers, issuer banks, acquirer banks and any associated card network service providers. ISO8583 Message interfaces The payment interfaces between mobile transaction solution framework and various associated payment authorisation service providers are based on ISO 8583 messaging standards. The key message types of ISO8583 messages, exchanged between the MPTS frameworks and respective payment authorisation service providers, are depicted in the diagram below.
Figure 16: ISO 8583 Payment Messaging
Payment Gateway Integrations

Payment gateways provide market specific payment authorization and settlement services, supporting multiple types of card based payment processing, such as debit cards, credit cards, visa, master card and euro pay cards. The mobile transaction processing framework includes the integration services for external payment gateways. Based on the nature of the payment transaction, card type and geography, respective payment processing gateway services are integrated with. Usually, the payment gateways can be integrated over https (secured SSL) using soap as well as name value pair based payment interfaces.
Telco Operator Integrations

Telco operators including both network operators and mobile service providers are integral and most important participants in the mobile commerce ecosystem. The mobile transaction processing solution framework requires extensive integration with concerned Telco operators, depending upon the nature
of the mobile transactions involved. In this section, we briefly look into various integration scenarios that are required to be supported as a part of the transaction processing solution. SMS Integration SMS messages constitute a key part of the mobile transaction processing model, they are widely used to implement asynchronous com-munication pattern with the end users. From the transaction processing layer, the inbound and outbound messages are usually received and sent by a SMS gateway which is generally located in the Telco operators premises. But in order to support multiple Telco operator messages, an SMS gateway can also be hosted within the mobile transaction processing service providers domain. Basically, SMS gateway server acts as an interface between the end user and the processing server. The inbound SMS messages are received by the SMS gateway and stored in a database, from where such messages are read by transaction processing layer. The outbound SMS messages are written into a data base table from the where the SMS gateway sends the messages to the end users. A pictorial representation of SMS gateway is shown in the figure above.
Figure 17: Mobile Commerce SMS Integration
USSD Integration USSD (unstructured supplementary service data) is another communication mechanism mechanism supported by many Telco operators. Using USSD command, the end mobile devices can send and receive messages with USSD servers hosted in the Telco operator domain. Such USSD commands are used as a part of the mobile commerce transaction flow, to implement certain part of the overall transactions. The USSD messages can be sent and received by interfacing with a USSD gateway which is usually hosted in the Telco operators domain. Mobile transaction processing services can send and receive such USSD messages using XML interface via USSD gateway. The following diagram depicts the flow of USSD integration.
Figure 18 Mobile Commerce USSD Message Integration:
WAP/ WML Content Integration WAP is one of the mobile communication standards, using which mobile devices, through WAP browsers can access WAP enabled information content. The WAP browsers are able to recognize the WML content over wireless and display the content on the mobile devices. The WAP technology is leveraged to enable a veriety of mobile commerce transactions which are hosted through WAP enabled sites. The WAP content (through WML) is sent and received through a WAP gateway usually hosted in the Telco operators domain. The WAP gateway serves as an exchange/transformer for converting WAP (WML / XHTML wap 2.0) to Http/HTTPS (HTML) content between the WAP gateway and the web server hosted in the mobile transaction processing service providers domain. The following diagram depicts the flow of WAP Gateway integration from the web server.
Figure 19: Mobile Commerce WAP Content Integration
B2B Mobile Commerce Content Integrations

The mobile commerce transaction processing framework supports integration of multiple partner hosted mobile content services, which are offered to the end users as a part of the mobile commerce business model. The users will be able browse and shop these services that are listed in mobile commerce content catalog. For example, users will be able to browse the music services, to buy and download interested songs. The mobile transaction processing solution framework enables the integration of such externally provisioned content services, through its service layer, using services bus components. Subsequently, such external services are further invoked by various aggregation services hosted in the service layer, or in some cases directly by the mobile commerce client applications. The following diagram depicts the external mobile commerce content integration scenario.
Figure 20: Partner Mobile Commerce Content Integration
Back Office Integrations The mobile commerce solution framework is devised to integrate with key back office applications, such as financial accounting, HR, admin, MIS and analytical applications in the organization. The transaction records are further fed into the enterprise applications, which in turn process those mobile transaction records as per business need and requirements. Upon creation and modification of a mobile transaction records in the framework, respective record events (along with record details) are generated and written in to subscribed message queues. Subsequently the transaction records read from those queues and updated to respective enterprise applications such as SAP, ORACLE EBS, Reporting and MIS etc. The following diagram depicts the back office integration scenario, supported in the solution.
Figure 21: Mobile transactions - Back Office processing
Business Intelligence The business intelligence functionality is an essential part of the mobile commerce transaction processing solution, and this subsystem is devised to provide complete insight into operational and analytical reporting on mobile commerce transactions conducted through the framework. Whenever a mobile transaction record is created or modified, an associated business intelligence event is generated (consisting of records details) and is written to subscribed business intelligence message queues. The day-to-day transaction records, from the mobile commerce transaction BI queues are extracted, by ETL processes to load into the mobile commerce staging, ODS, and SW data sources. The purpose built mobile commerce specific business intelligence data mart is populated with the data extracted and aggregated from the ODS and EDW data stores. The mobile commerce analytical and operational reports are generated against ODS and Mobile commerce data marts and are provisioned through a dedicated reporting dashboard. The following diagram depicts the data extraction flows for business intelligence.
Figure 22: Mobile Commerce - Business Analytics Mobile Transactions and Payment Processing I White Paper I 27
Business Activity Monitoring

The business activity monitoring services in the mobile transaction solution framework provides the visibility on the key performance indicators of the executed mobile commerce transaction processes and services in the run time. The business activity monitoring services provide a complete dashboard that can provide full visibility on the performance of deployed mobile commerce processes and services. When the mobile commerce service layer is implemented and is enabled for the BAM reporting, the out of the box BAM reports and dashboard can provide end-to-end visibility on the KPIs of the deployed mobile transaction services.
Mobile Commerce Payment Security

Security is an important and integral part of the mobile commerce transaction processing model and is very critical to achieve required regulatory compliance for the regulatory standards such as PCI-DSS, DPA, SOX etc. The mobile payment security scope, at the minimum, includes authentication, encryption/decryption, authorization and non repudiation (digital signatures) aspects associated with mobile transactions. In the context, mobile commerce transactions which inherently involve payment transactions, its extremely critical that the solution is PCI-DSS compliant, in all its services and functional paths. The mobile transaction processing solution framework ensures end-to-end security of the sensitive data (PAN and sensitive authentication data SAD) using strong encryption across all paths of the transactions. The point to point encryption practice is known to reduce the scope of PCI-DSS assessment and hence P2PE encryption practices are widely being used for securing the card holder data (CHD) during transmission. Encryption functions in mobile devices (NFC clients) ensure that the card holders data (CHD) and any other sensitive data is encrypted at the point of entry itself using strong encryption algorithms (SSL V3) and high strength public keys. The corresponding decryption functions are located at destination points, where the ciphertext (unreadable) content is decrypted using private key components. Public and private keys (Asymmetric encryption) are securely managed through key management solutions, which will ensure key generation, secure key distribution to encryption and decryption points. Content Encryption or message level security The symmetric key based encryption technologies such as DES, 3DES (Triple data encryption security), blowfish and DUKPT (derived unique key per transaction) are used to encrypt the content (to provide message level security) from source point to destination point (decryption point). A symmetric key is a common secret key used for encrypting and decrypting the content and hence such a key needs to be managed securely. External encryption apis or inbuilt apis (windows mobile edition) can be used to implement 3DES encryptions. In order to provide additional security for the common symmetric key, DUKPT mechanism can be used, which will provide a unique key (from the master key) to encrypt each and every transaction. Transport Layer Security The following section describes how various paths in the mobile transaction processing are secured with transport layer security protocols (SSL/TLS). 1. Mobile Devices to Telecom Operator HTTPS/ SSL, WTLS a. The communication between J2ME mobile clients and telecom operator is encrypted using HTTPS/SSL which is PCI-compliant.
b. When WAP sites and WAP clients are used, the communication between WAP browser and Telcos WAP gateway is secured through WTLS (Wireless transport layer security) protocol.
Figure 23: Mobile Transaction Processing: End-to-End Security
The encrypted card holder data (CHD) is passed to the mobile commerce transaction service providers where the same data is decrypted (using private keys) and further processed for authorizations. 2. Telco Operator to Internet HTTPS/ SSL The communication segment between Telco operators network and the connected internet is secured through HTTPS/SSL. The Telco operator network is connected either with secured VPN or with dedicated secured leased lines which are secured through SSL encryp-tion. 3. Internet to Mobile transaction providers Intranet HTTPS/SSL. The communication in this segment of the network is secured through HTTPS/SSL. 4. Mobile Transaction Processor and Mobile Commerce Content Provider HTTPS/SSL. The communications between the service layer of the solution and the respective external mobile commerce content provider is secured through HTTPS/SSL encryption. 5. Mobile Transaction Processor and Payment Gateway Service Provider HTTPS/SSL. The communication path between the mobile transaction processing platform and the respective payment gateway service providers is secured through HTTPS/SSL. 6. Transmission of card holder data over the entire network (public network) is encrypted using strong cryptography and security protocols such as SSL v3/TLS for https, SSL/IPSEC for VPN, SSH for file transfers. The solution framework is devised not to hold or store any customers credit card data during transaction processing; no credit card information is stored during the entire course of mobile transaction processing in the framework. Any personally identifiable information (PII) stored in the solution, will be encrypted during storage. The tokenized CHD (PAN) data is stored in the system after authorization.
PCI DSS compliance for wireless networks The PCI-DSS 2.0 guidelines for wireless networks (WLANS Bluetooth or Wi-Fi) stipulate a definitive set of requirements for wireless networks. All the WLANs connected to the mobile transaction processing framework run time environment, are required to be secured as per the PCI-DSS requirements. The WLANS are subjected to physical and logical inspections (planned) and are also tested through regularly planned wireless vulnerability scanning tasks. The firewall are configured to identify the authorized wireless traffic (if any) and block any unauthorized wireless traffic entering in to the core processing zone, the servers in which may hold the customer sensitive data including card data. Any WI-FI WLAN connected to the run time environment is required to adhere to enterprise mode WPA/ WPA (WI-FI Protected Access) 2.0 authentications and is required to employ AES (Advanced Encryption Standard) encryption standards for wireless encryption.
Tokenization and End-to-End Security for PA-DSS Compliance

Tokenization approaches, are used to protect the sensitive card and PII data during payment processing and subsequent storage of payment related data storage. PA-DSS (along with PCI-DSS) compliance framework, necessitates the need for end to end encryption of card, pin and other personally identifiable data of the customers, during the entire path of payment transaction processing. The following diagram briefly depicts on tokenization flows used in the context payment processing. The encrypted credit/debit or wallet account data from the mobile client application is passed to the mobile commerce transaction processor, where the credit/debit or wallet account data is tokenized using tokenization services and actual card or wallet account data is used for authorizations and tokenized card/wallet (not actual card details) data is stored in the transaction store. For all subsequent processing including reporting, analytics, POS services etc, the tokenized data is used. Tokenization approach reduces the effort required to manage the PCI-DSS compliance requirements, by reducing the places where the actual card/wallet and any other PII data is stored.
Figure 24: Tokenization Flows in Context Payment Processing
NFC- Based Mobile Commerce Payments

Near field communication (NFC) is another short distance radio communication technology, enabling communication between two devices when they are in the close vicinity of each other (4 cms). This technology is being increasingly considered to be used in the contactless payment processing models. In context of mobile payment processing, an NFC enabled mobile device can interact with an NFC enabled Point of sales (POS) device and engage in performing payment functions through NFC connectivity. The NFC implementation leverages to ISO/IEC 14443 standards for NFC card reader (PCD) and NFC device (NFC client - PICC) communications. In order to complete a mobile commerce transaction, it is essential that the mobile devices and POS equipments are both NFC enabled. There
are different scenarios, as to how the NFC enabled mobile devices can be used to perform payment operations in the context of an overall mobile commerce transaction. The following section briefly discusses different NFC technology based mobile payment transaction scenarios.
NFC Card Based Payment Processing

In this payment transaction scenario, an NFC enabled mobile device is used to make card based (credit or debit) payments with an associated NFC enabled POS device. In this scenario, the actual card details along with the pin details are stored in the mobile device NFC controller (like an NFC enabled smartcard). When a commerce transaction is completed in an NFC enabled POS, the subsequent payments can be made by a NFC mobile device, by bringing into the contact of the concerned NFC POS. On close contact, the bill details are passed to mobile device, users will be able see the bill and press required button to make the payments, the card details along with pin are passed to NFC enabled POS, which will further process the card details to complete the payment transaction. The payment
Figure 25: NFC - Card based Payment Processing
transaction between the NFC Pos and payment gateway service provider will continue as it is done in a normal payment scenario. Upon completion of payment processing, the NFC POS sends a payment confirmation message to NFC mobile device, and the overall mobile transaction is closed.
NFC Mobile Wallet Processing

In this scenario an NFC enabled mobile devices is used to make payments with NFC enabled POS, using users mobile M-Wallet account. Mobile users, instead of using credit cards, use their M-wallet account to make the payments. The NFC enabled POS will present the bill to the users, who will accept
Figure 26: NFC - Mobile Wallet Processing
the same to make payments, sending M-Wallet account details to NFC POS, which will further interact with users M-wallet account service provider, for closing the payment transaction. Upon successful payment processing NFC-POS will send a confirmation message to the mobile device and then the overall transaction is closed.
NFC Sales and Marketing Content Model

NFC technology is widely being considered as sales and marketing channel, where in appropriate tailored, sales coupons, marketing campaigns are pushed to the users NFC enabled mobile devices whenever such device come in the close vicinity of an NFC enabled marketing server, in a shopping or
Figure 27: NFC - Sales and Marketing Content Model
any such commercial environment. Such sales and marketing campaigns will appear in the NFC mobile devices, giving the users with informed options to make their commercial decisions and transactions. The NFC enabled mobile devices are offered with sales and discount coupons (as a part of marketing initiatives) from their mobile operators. Such coupons can be directly used during the mobile commerce transactions, with an NFC enabled POS.
Application Architecture Mobile Transaction Processing

The service layer of the mobile transaction processing solution framework is primary built on service oriented architecture principles, where in the key components of the service layers are designed and developed with service component architecture (SCA) standards. Service End Points: The end services, which are either internal services (created within the organization) or various external services provisioned by business partners, are hosted on the service bus through appropriate service bus implementations. The service bus implementation depends upon the chosen service bus product. These service end points can be directly linked to the service bus or invoked through dynamic binding using a service registry, depending upon the nature of the SOA implementation in an organization. Service bus layer: The service bus layer exposes the service endpoints to the consuming clients, which could be either BPEL components or direct end mobile clients. The service bus layer can support service composition and service routing patterns, which can be used to assemble the services and expose them through service bus. The service bus layer implementation depends upon the chosen service bus product. BPEL layer: The BPEL layer is implemented with BPEL components (SCA architecture) to create composite services in the mobile transaction framework. The BPEL components are exposed through multiple bindings (SOAP/HTTPS, SOAP/REST, TCP, FTP, XML etc) through which mobile clients can invoke these services. In some implementations, in order to improve the performance, the BPEL soap services are interfaced with REST adapters, which will expose those services as REST services.
Figure 28: Application Architecture of Mobile Transaction Processing
Client layer The mobile client components in the solution are implemented using multiple technologies (depending upon the mobile device and OS compatibility) as a J2ME clients, JSP/WML (WAP) enabled clients (WAP enabled sites), USSD clients, SMS clients etc.
Deployment Architecture - Indicative

The functional and non functional requirements of mobile commerce business model, determine the production run time deployment architecture. The service factors such as availability, performance, security, auditing, scalability, business continuity and disaster recovery will have an important influence on the deployment architecture of the mobile transaction processing solution. The network infrastructure is one of the key components of production environment to which the solution is deployed. The network connectivity depends on the partner network (payment gateways, telco operators, FIs, payment service networks etc) which needs to be integrated in the context of the mobile transaction processing. The security and compliance requirements (PCI DSS) are also major factors determining the target deployment architecture. The diagram below depicts indicative architecture for high availability deployment.
Figure 29: Mobile Transaction Processing Solution - Deployments
The following are the salient features of the target deployment architecture 1. All incoming and outgoing traffic is secured through first level IP firewall, with NAT based firewall rules. Incoming traffic is distributed to web server cluster, by a load balancer pair which also acts as an SSL termination appliance. Web server cluster routes service requests to the application server cluster located in the core zone, through a highly available load balancer cluster which will distribute the load on to the application server cluster. The service composite applications for mobile transaction processing
2.
3.
are deployed into the application server runtime environments for BPEL, ESB and Adapters engines. 4. The database server cluster is located in the core zone, separated from application servers with dedicated and secured VLANs. All the personally identifiable data in the database is encrypted at storage. Business continuity and disaster recovery requirements (RTOS, RPOs) are met with a stand by DR center, which is constantly updated with a SAN level replication. The file transfers in the system (for settlement and for internal and external integrations) are carried through secured SSH or SFTP channels. The external partners (telcos, FIs, payment gateway service providers) and external services are connected through dedicated leased lines and secured VPN internet connections depending upon the nature of the connection required. Primary and secondary data centers are deployed with appropriate levels of intrusion detection, audit change management systems, to securely monitor the hosting infrastructure.
5. 6.
7.
8.
9.
10. All servers in primary and secondary data centers are secured through virus protection software. 11. The infrastructure elements in the primary and secondary data centers are constantly monitored, through a well defined monitoring system. 12. The access and authorization to all infrastructure resources are controlled. 13. The deployment environment is inspected by regularly planned system vulnerability scanning tasks, to identify and address any internal and external security threats. 14. Any wireless lans (WLANS wifi or Bluetooth) associated with the deployment environments are assessed as per the PCI-DSS 2.0 requirements for wireless payment networks. 15. The firewall rules are configured to filter out / block any unauthorized wireless traffic entering in to core processing zones.
Network Connectivity
The network and communication infrastructure is an important and critical part of a mobile transaction and payment processing infrastructure. Secured and highly available network communications, between various participants in the ecosystem are necessary to ensure high quality end-to-end mobile transaction processing. The following types of network connectivity links are required to build a network infrastructure that can support a mobile transaction and payment processing services: 1. Network communication link between mobile transaction processor and telco (mobile network operators) service providers. Network connectivity between the mobile clients and mobile transaction service providers (though MNOs). Network connectivity between mobile transaction and payment processing service providers and various payment gateway services providers, acquirers, and any third party aggregators, as required for payment authorizations and settlements. Network connectivity between the organizations data center and any externally located mobile transaction service providers.
2.
3.
4.
5.
Network connectivity between primary and secondary data centers hosting the mobile transaction and payment processing services. Network connectivity between primary and secondary data centers and with external business partners.
6.
Figure 30: Network and Communication Infrastructure
Reliability, bandwidth, network latency (speed), security, quality of service (Qos) and availability of network infrastructure, and network communication costs, are the important factors determining the network architecture and topologies, which needs to be deployed to support real time mobile business and payment transactions. The network connectivity can also be logically categorized as: Merchant and retailer side connectivity Defines, basically how the merchants, retailers, and end users POS, web and mobile devices can connect to the respective processing hosts networks. Host side connectivity How various processing hosts such as mobile transaction processors, mobile wallet service providers, payment authorization providers, acquirers, payment settlement and clearing service providers can connect to the associated merchants, retailers and mobile users devices. The following are some of the key network communication options available to define the target network infrastructure: Public Internet connectivity It is a low cost connectivity option where various participants are connected over the internet through secured protocols such as https, secured TCP/IP secured FTP, secured SSH protocols. This is a low cost connectivity option, with relatively lower level of quality of service (qos) as latency and bandwidth availability depends upon the public network.
Figure 31: Network Connectivity Options
Secure VPN network links With secured VPN connectivity, the communication between two network resources (hosts) is achieved through virtual private network over the Internet. The costs associated with VPN network are relatively lower compared to those of leased lines. Dedicated leased lines These are secured leased lines, enabling the dedicated connectivity between two network resources such as data center networks or data center hosts. The bandwidth, latency, and quality of service (QoS) of dedicated leased lines are usually better compared to those of secured VPN or public Internet lines. Rental and commissioning costs are usually high compared to those of VPN or public Internet connectivity. MPLS connectivity This is a MPLS WAN based connectivity where the data centers (processor host locations), merchants, and retailers locations are connected over MPLS backbones. The end locations are connected to each other over MPLS networks. At the moment, MPLS networks are known to provide higher levels of quality services and adequate redundancy to ensure increased network availability. Frame relay WAN connectivity This is a frame-relay based connectivity where the data centers are connected over a frame relay network. Frame relay based networks are considered to be some what legacy in nature, as newer network connectivity (ex MPLS) options are currently being made available. X.25 network This is a X.25 protocol based connectivity which supports merchant side and host side connectivity to a common x.25 based network, which provides connectivity to multiple participants in the mobile payment processing ecosystem(For example, BTcardway X.25 network). The computing nodes including payment clients and payment hosts are connected to X.25 network through PSE (packet switching devices) devices. The recent PSE devices facilitates connectivity between IP based networks and X.25 network. In context of emerging WAN technologies, X.25 networks are some what considered to legacy in nature.
The above diagram depicts various types of network connectivity link options that can be leveraged to build the required network infrastructure that can support high volume and high quality mobile transaction and payment processing services.
Mobile Payments & MphasiS

Mphasis offers a wide array of services in payment solutions which include consulting, application solution development, payment integrations, payment infrastructure modernization, end-to-end payment testing, PCI-DSS compliance assessments and emerging and innovative payment solutions. Mphasis considers mobile and contactless (NFC) channels as among the key payment channels and provides tailor made, mobile channel focused consulting solutions in mobile commerce transactions and mobile payment processing areas. Mphasiss Mobile transaction processing solution framework is offered as a mobile consulting solution, which can help the organizations accorss industry sectors to deploy mobile channels based transaction processing and payment solutions. Mphasis payment processing offering are well supported by key technology and solution practices such as EAI, SOA, BPM, BI, Testing practices, which can provide complete end to end mobile payment solutions. Over the period Mphasis has strategically invested in UET and web technology practices, which provide wide array of rich client application development services, that are compatible with a variety of mobile devices running on key mobile device platforms such as Google android, apple IOS, window mobile/OS7, Java ME, and HTML 5.0/CSS enabled mobile applications. Mphasis Infrastructure services help the organizations to deploy PCI-DSS, PA-DSS compliant payment infrastructures, that can support both mobile and traditional payment processing solutions.
Conclusions
Fuelled by constant advancements in mobile communication and computing technologies, the mobile commerce is significantly growing, and accordingly many business organizations across industry sectors, have been strategically adopting mobile channel, as one of the key business channel and are floating various mobile commerce models, through which they offer their products and services in the market. The growth in the mobile device technology, mobile communication technology and availability of plethora of mobile operating systems, development apps, emulators etc, have enabled the mobile computing to offer business critical, reliable and high quality mobile business transaction solutions, that can be easily adopted as a part of an organizations mobile commerce business strategy. In context of mobile commerce, due to the increased convenience, customer affinity and practical suitability, the mobile channel is increasingly being used as one of the preferred payment processing channel. The overall transaction costs associated with mobile channels are also relatively lower compared to other channels through which the business transactions are conducted. Leveraging to the stable mobile technology, the payment processing solutions using SMS, GPRS/WAP, USSD, NFC, Mobile web channels are now being offered, which enable the end customers to initiate their mobile business transactions as well as the associated payment transactions, directly from their end devices, ensuring complete end to end business transactions, on pre-paid, post paid, gift, voucher, credit and debit card based payment models. The advancements in mobile wireless technology and communication standards have enabled usage of contactless and NFC based payment models. The mobile wallet based payment model is gaining considerable momentum and is currently being seen as one of the key payment model, to promote contactless payment processing practices. The mobile wallet technology enables the end-users to make payments with their mobile wallet accounts, without having to use credit or debit cards and hence this technology can help many users to conduct mobile commerce transactions, and such users do not have to use credit or debit cards.
A well defined Mobile transaction and payment processing solution framework can enable pragmatic mobile commerce models for various industry verticals, supporting a variety of end to end business transactions (processes), coupled with end to end payment processing, on chosen payment processing channels. Such a mobile transaction solution framework can provide readymade functionality for integration using key integration technologies such as web service, SOA, JMS, FTP etc, with a multiple payment gateways and settlement service providers, across different geographies, including the support for cross border payments. The solution framework can be customized to support various business processes and associated payment transactions, and offers out of the box functionality for integrating with organizations back office applications such as ERP, financials accounting, HR and MIS reporting. Such a target solution needs to be capable of integrating with multiple m-wallet service providers and support multiple m-wallet based contactless payment scenarios. Such a target solution is required to include inbuilt business analytical and reporting modules, which will provide complete 360 degree view on the business transactions along with payment processing details. The solution is required to support secured end to end business and payment transactions, achieving required PCI-DSS, PA-DSS, DPA and other required regulatory compliance. The framework architecture needs to ensure that the framework modules can be used with any other third party mobile payment solutions, so as to support organization specific mobile business transactions. While being reliable and highly scalable, the solution is also extendable, making it open for customization, so as to address any organization specific requirements. The solution also needs to provide a wide array of prebuilt industry specific business transaction services and processes, which can be quickly brought into operations. A well defined mobile transaction and payment processing solution framework can help the business organizations in their mobile commerce journey and leveraging to MTPS framework, organizations, can quickly build and bring into the market, their mobile commerce solutions, supporting a variety of mobile commerce scenarios.
Acknowledgements
The author wishes to thank the following persons for their review contributions: Mohan Joshi and Chinni Prasadh from the MphasiS Payments Practice and Bert Hooyman, Chief Architect of MphasiS in Europe.
About the Author

Ashok Goudar
Senior Enterprise Architect Ashok Goudar is an experienced professional operating in the consultancy services industry for the last 17+ years. He has an in depth experience in business technology/architecture consultancy and program/engagement management services. Prior to joining MphasiS in 2008, Ashok Goudar had worked in EMEA, NA and India regions with two other (TCS, Infosys) consulting service organizations in the capacity of business technology architectural consultancy and IT management roles. His experience includes enterprise solutions.
ABOUTMPHASIS.
MphasiS is a $1 billion global service provider, delivering technology based solutions to clients across the world. With over 40,000 people, MphasiS services clients in Banking and Capital Markets, Insurance, Manufacturing, Communications, Media & Entertainment, Healthcare & Life
MphasiS and the MphasiS logo are registered trademarks of MphasiS Corporation. All other brand or product names are trademarks or registered marks of their respective owners.
Sciences, Transportation & Logistics, Retail & Consumer Packaged Goods, Energy & Utilities, and Governments around the world. Our competency lies in our ability to offer integrated service offerings in Applications, Infrastructure Services, and Business Process Outsourcing. To know more about MphasiS, log on to www.mphasis.com
For more information, contact: sales@mphasis.com.
USA: 460 Park Avenue South, Suite #1101, New York, NY 10016, USA Tel.: +1 212 686 6655, Fax: +1 212 686 2422 UK: 88 Wood Street, London EC2V 7RS, UK Tel.: +44 20 85281000, Fax: +44 20 85281001 AUSTRALIA: 9 Norberry Terrace, 177-199 Pacific Hwy, North Sydney, 2060, Australia Tel.: +61 2 99542222, Fax: +61 2 99558112 INDIA: Bagmane Technology Park, Byrasandra Village, C.V. Raman Nagar, Bangalore 560 093, India Tel.: +91 80 4004 0404, Fax: +91 80 4004 9999
Copyright MphasiS Corporation. All rights reserved.
1111

Mobile Transaction Payment Processing

Загружено:

Сведения о документе

Исходное описание:

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Mobile Transaction Payment Processing

Загружено:

Авторское право:

Доступные форматы

Mobile Transactions and Payment Processing

Ashok Goudar Senior Enterprise Architect

Cardless Mobile Payments

B2B Mobile Commerce Content Integrations

4 I Mobile Transactions and Payment Processing I White Paper

Mobile Commerce Business Context

Figure 1: Mobile Commerce Transaction Processing Context

Mobile Transactions and Payment Processing I White Paper I 5

Mobile Commerce Strategy

Figure 2: Mobile Commerce Strategy Transformations

6 I Mobile Transactions and Payment Processing I White Paper

Mobile Channel Strategy

Mobile Transactions and Payment Processing I White Paper I 9

Mobile Commerce Transaction

Mobile Banking and Mobile Money

Mobile Commerce Transformation Roadmap

Mobile Commerce Payment Business Scenarios

Figure 3: Mobile commerce - Payment business scenarios

Card based Mobile User to Business Payments (CM2B)

Mobile Transactions and Payment Processing I White Paper I 11

Figure 4: Card based Mobile User to Business

Mobile Wallet User to Business Payments (M2B)

Figure 5: Mobile Wallet for Payments (M2B)

12 I Mobile Transactions and Payment Processing I White Paper

Figure 6: Mobile Wallet M2M Remittance Services

Mobile Transactions and Payment Processing I White Paper I 13

Mobile Wallet Cross Border M2M

Figure 7: Mobile - Wallet Cross Border M2M Services

14 I Mobile Transactions and Payment Processing I White Paper

Mobile Wallet Cross Border M2Account.

Figure 8: Mobile Wallet Cross Border M2Account

Mobile Transactions and Payment Processing I White Paper I 15

Mobile Commerce Payment Processing Models

Card based Mobile Payments

Direct Card Based Mobile Payments

Indirect Card Based Mobile Payments

Cardless Mobile Payments

M-Wallet Mobile Account Based Payments

16 I Mobile Transactions and Payment Processing I White Paper

Contactless Mobile Payments

Sync and Async Payment Transactions

Mobile Transactions and Payment Processing I White Paper I 17

Mobile Commerce Solution Architecture

Figure 9: Mobile Transaction Processing Solution Framework

Mobile Commerce Transaction Scope - Flows

18 I Mobile Transactions and Payment Processing I White Paper

Figure 10: Mobile Commerce Transaction Scope

Figure 11: End-to-End Full Transaction

Mobile Client Presentation Layer

Figure 12: mCommerce Transactions Presentation Layer Modules

Mobile Transactions and Payment Processing I White Paper I 19

20 I Mobile Transactions and Payment Processing I White Paper

Figure 13: Mobile Commerce Service Layers

Mobile Transactions and Payment Processing I White Paper I 21

Mobile Commerce Transaction Layer

Figure 14: Mobile Commerce Transaction Layer

22 I Mobile Transactions and Payment Processing I White Paper

Payment Messaging Authorizations, Settlements, and Reconciliations.

Figure 15: Payment Messaging Interfaces

Mobile Transactions and Payment Processing I White Paper I 23

Figure 16: ISO 8583 Payment Messaging

Payment Gateway Integrations

Telco Operator Integrations