Академический Документы
Профессиональный Документы
Культура Документы
White Paper
Contents
Introduction Mobile Commerce Business Context Mobile Commerce Strategy Mobile Channel Strategy Mobile Marketing Mobile Sales Mobile Service Mobile Payment Mobile Wallets Mobile Commerce Transaction Mobile Banking and Mobile Money Mobile Commerce Transformation Roadmap Mobile Commerce Payment Business Scenarios Card based Mobile User to Business Payments (CM2B) Mobile Wallet User to Business Payments (M2B) Mobile Wallet Mobile Users to Mobile User Payments (M2M) Remittance Services Mobile Wallet CrossBorderM2M Mobile Wallet Cross Border M2Account. Mobile Commerce Payment Processing Models Card based Mobile Payments
Direct Card Based Mobile Payments Indirect Card Based Mobile Payments
4 5 6 7 7 8 8 9 9 10 10 11 11 11 12 13 14 15 16 16 16 16 16 16 17 17 18 18 19 22
Sync and Async Payment Transactions Mobile Commerce Solution Architecture Mobile Commerce Transaction Scope - flows Mobile Client Presentation Layer Mobile Commerce Transaction Layer
Payment Messaging Authorisations, Settlements and Reconciliations. Payment Gateway Integrations Telco Operator Integrations
SMS Integration USSD Integration WAP/ WML Content Integration
23 24 24 25 25 26 26 27 27 28 28 30 30 31 31 32 33 34 35 38
Business Activity Monitoring Mobile Commerce Payment Security Tokenisation and End to End Security for PA-DSS compliance NFC- Based Mobile Commerce Payments NFC Card Based Payment Processing NFC Mobile Wallet Processing NFC Sales and Marketing Content Model Application Architecture Mobile Transaction Processing Deployment Architecture - Indicative Network Connectivity Conclusions
Introduction
Usage of mobile devices to conduct day-to-day communications, collaborations and business transactions, is growing exponentially. More and more users are opting for mobile channels, as part of their daily routines, to manage various aspects of their both business and personal activities. Business organizations have recognized this significant shift in their customer choices and preferences, which indicates the constant increase in customer affinity for mobile based transactions. At the same time, mobile technology itself has undergone tremendous levels of innovations and evolutions, resulting in more and more powerful mobile devices and communication channels being made available, that are capable of handling a variety of practical communication and business transactions. In the recent past, the computing power and network bandwidth of mobile devices and mobile communication channels have advanced to such an extent that the difference between mobile and desktop computing is drastically diminishing. Many business organizations, across all industry sectors, have quickly identified the emergence of business grade mobile technology and have strategically adopted mobile channel as one of their key eCommerce business channel to conduct their sales, service, and marketing operations and business processes, relating to their mobile commerce business models. As mobile technology is growing, so is the payment technology, which now enables end-to-end payment processing in context of associated business (sales) transactions, making it possible to conduct an entire business transaction along with associated end-to-end payment processing, over the mobile channels, offering enormous flexibility to customers, as to how, where, and when they can initiate their business transactions in real time. The payment processing industry, keeping in line with the potential and constantly increasing growth of the mobile commerce, has floated a variety of mobile payment processing solutions and models, that can be leveraged to relevant mobile communication services such as GPRS, USSD, NFC, Wi-Fi, Bluetooth, SMS, WAP etc. The increase in wireless bandwidth and highly available mobile network infrastructure backbone provided by various mobile network operators, have further increased the stability, reliability, and quality of service in wireless mobile transactions, making the mobile channel more and more reliable for business critical mobile commerce models. Keeping with the growth in the mobile communication technology, the software vendors, service providers and industry forums, have been offering newer and enhanced mobile operating systems (Windows mobile 7.0, Android OS, Symbian, Blackberry OS, Apple IOs4 etc), APIs (J2ME, Window 7 mobile SDK, Android SDK etc), development tools (along with emulators) and technology standards for mobile computing, making it possible to develop and host a variety of mobile transaction processing solutions for mobile commerce. In this context, this paper further discusses solution architecture of a target mobile transaction and payment processing framework for mobile commerce transaction processing. The paper also briefly touches upon various mobile commerce business models and solution architecture for business scenarios (conducted on different mobile communication technologies), that are addressed by the target mobile transaction and payment processing solution framework.
(contactless) payment mechanisms through their mobile wallet accounts. The mobile commerce services (products and saleable services) are presented to the customers either directly through the mobile channel or through other channels (mediums) depending upon the nature of the services sold. Once the business transaction is completed, the users can make payments directly through their mobile devices. One of the key aspects of mobile commerce model is that, the services and products are offered to the customer through mobile friendly commerce transaction services, through mobile channels, which can enable the users to make their purchases directly through their mobile devices. Mobile commerce can provide great flexibility to the end users in the way, in which they conduct their purchasing operations.
Mobile Marketing
Mobile marketing is a business strategy as to how, where, and when the marketing services can leverage to mobile channels to achieve maximum marketing effectiveness. Effective mobile marketing strategies include the following:
Mobile Transactions and Payment Processing I White Paper I 7
Mobile Campaigns Campaigns targeted to selected customer segments over mobile channels. In-Store Promotions Promotional campaigns aimed at customers when they are within a store, offering discounts through mobile channels. Location Based Services Services, promotions, and coupons etc offered, based on the customers current location. Such campaigns can influence customer buying habits. Coupon Offerings Coupons and discounts offered through mobile channels. The mobile commerce strategy will also ensure mobile based coupon redemptions during point sale transactions. Mobile Barcode Campaigns A marketing strategy where the mobile bar codes are used for product and service promotions. User devices, when they scan the mobile barcode, will receive the mobile content often consisting of product details, promotions, discounts, vouchers, and coupons. Mobile Personalization Tailored marketing campaigns over mobile channels, which are based on users profile, preferences, habits, and affinities.
Mobile Sales
Mobile sales strategy for various products and services, to be sold either directly over the mobile channels or through the support of mobile channels with other sales channels. A mobile sales strategy can include the following: Mobile point of sales strategy How the potential end users can use their mobile devices to make purchases at the point of sales locations. Mobile catalog services How the products and services can be presented to the customers through mobile customized product and service catalogs. Mobile coupon redemptions How, where, and when user can use their coupons, discounts in the context of their purchases over mobile channels. Mobile optimized commerce sites How the commerce websites can be optimized and delivered to the customers over mobile channels. Cross and up-selling models How mobile channels can be used to increase revenues through cross selling and up-selling models. Event and geography location based selling How event and users location based sales can be increased over mobile channels.
Mobile Service
A mobile service strategy addresses the service model that needs to be adopted in the context of mobile channel enabled business models. A service strategy for a mobile commerce business model includes the following: Fulfillments Strategy for post sales delivery and shipments of the products and services sold over mobile channels. Returns Strategies for handling post sales return for the products and services sold over mobile channels. This will include processing of payment returns. Inventory Management Deals with the inventory management of a mobile commerce business model.
8 I Mobile Transactions and Payment Processing I White Paper
Contact and Call Centers Post sales help and call centers for the customers.
Mobile Payment
This is a mobile strategy for accepting and processing of payments over the mobile channels, in the context of mobile commerce sales transactions. The mobile payment strategies can include: Card based mobile payments How the mobile commerce business model and strategy supports card based payment acceptance. The card based payment strategy outlines the model for supported cards types, geography based payment gateway services, and cross border card based payments over mobile channels. Contactless card based mobile payments Deals with the contactless card based mobile payments using mobile devices (with NFC technology). Cardless mobile payments Include the strategies for accepting the payments through cardless payment models such as mobile wallets. Carrier Billing A mode of payment strategy where in the mobile sales transactions are charged against the user carrier billing, which are paid by the users either with pre-paid or post-paid contracts.
Mobile Wallets
A mobile wallet based payment strategy deals with how, where and when the payments, can be accepted and processed using the users mobile wallet accounts. The strategy also defines how the mobile wallet accounts are integrated with the commerce transactions to process the associated transaction payments. The mobile wallet payment options include the following: Prepaid Here the users top up their mobile wallet accounts upfront and such mobile wallet accounts are used to make the payments in context of the mobile sales transactions. Post-paid In this case, a users mobile wallet account is linked to his or her carrier billing account. The mobile sales transactions are paid with the users mobile wallet account, which in turn is charged to the associated mobile billing account that is usually paid on a monthly or quarterly basis. Card linked mobile wallets In this mobile wallet strategy, the mobile wallet accounts are linked to users debit or credit cards. In a mobile sales transaction, with card linked mobile wallet payment, the final payment is made from the wallet account that is linked to users cards. Carrier hosted Wallet Service In this wallet payment strategy, the wallet services are primarily provisioned by a carrier (telecom network operator or mobile service provider), in partnership with participating banks and financial institutions to link mobile wallets with users card services. The payment settlements are done between the carrier and participating financial institutions. The carrier alone maintains the mobile users wallet accounts and provides complete mobile payment transaction support. Financial institution hosted wallet service In this strategy, the mobile wallet services are hosted by financial institutions (such as payment service providers, and payment network service providers, banks) in partnership with related Telco or carrier service providers. The FIs will maintain the users mobile wallet accounts in relation with their card accounts. In such a model, the telco (carriers) will be maintaining the user mobile accounts and will be participating in the mobile payment transaction.
Business hosted mobile wallet service In this strategy, the mobile wallet services are hosted by an independent mobile payment transaction service provider(s), along with the participation from telecom carriers and financial institutions.
accounts or through their mobile wallet accounts. This strategy defines the mobile enabled money transfer business models and associated solutions. The cross border international money transfers can involve multiple local and international participants including FIs, banks, and cross border settlement solutions. The mobile banking services can be provisioned through user chosen (compatible) mobile channels such as text/sms, dedicated mobile application, and mobile customized web application sites that are accessible through mobile hosted browsers.
In this section, based on the context of the mobile payments and the associated mobile commerce transactions, the following key mobile payment business scenarios are discussed.
In this mode, the users actually conduct their mobile commerce transactions and make the payments against the bills (invoices) generated, through their mobile devices, using their payment cards. Following are the key steps performed in this scenario. (Depicted in Figure 4) 1. Users invoke the mobile commerce application from their devices. 2. Users are presented with the products and services along with their prices. 3. Users select products and services and add them to the shopping cart. 4. After verification of the bills, users perform checkout operation. 5. After checkout, user are presented with either a payment screen where users will enter their card details and pin number (securely- login pins), to make the payments, or pre-stored payment card details along with pin number are automatically taken for payments, based on user approvals. 6. The users payment details along with card details are passed to the respective payment service provider (through mobile transaction service provider), for payment authorization and subsequent settlement (payment is authorized against users account held in the issuer bank). 7. Upon authorization, the payment is either directly deposited merchant account or settled based on pre-agreed settlement period, by the acquirer.
1. Users invoke the mobile commerce application from their device. 2. Users are presented with the products and content services along with their prices. 3. Users select products and services and add them to the shopping cart.
4. After verification of the bills (invoices), users perform checkout operation. 5. After checkout, users are presented with a screen to enter their mobile wallet entry pin, to make the payments. 6. Upon receipt of the wallet account pin, the users mobile SIM number or any such uniquely identifiable numbers (and any pre-stored wallet number) along with pin is propagated to mobile wallet service provider through mobile transaction processing service provider. Upon authentication and authorization of the user wallet credentials, the mobile wallet service provider makes the payments to associated merchant account, through standard acquirer, payment gateway service provider networks. The merchant account is deposited with transaction amount based on the preagreed settlement periods. 7. Payment confirmation is sent back to the mobile user. 8. Mobile transaction is closed.
Mobile Wallet Mobile Users to Mobile User Payments (M2M) Remittance Services
This is a mobile wallet based peer-to-peer payment scenario; where in the mobile users can make direct payments other mobile users through their m-wallet accounts. No card based payment is involved in this scenario. The recipient (beneficiary) may either receive the payment into their m-wallet account or into their back accounts, based on the payment instructions.
The following are the key steps involved in this type of payment scenario: 1. User invokes a special purpose mobile commerce application for peer-to-peer payments, in their device. This application facilitates payments either directly to the recipients (beneficiary) m-wallet account or to the associated bank account. 2. User is prompted to enter the payment instruction details in the application including the peers wallet or bank account identification details. 3. User is prompted for the m-wallet pin number. 4 Mobile payment transaction details along with m-wallet credential details are passed to the m-wallet service provider through the mobile transaction service provider. 5. Upon validation of the payment instructions along with users credential details, the following payment deposit actions are performed: a. If the recipients m-wallet details are provided, then the payments are made directly to the recipients m-wallet account. Payment confirmation is sent back to the user.
b. If the recipients bank account details are provided, then the payments are made directly to the recipients bank accounts, through settlement networks. Payment confirmation is sent back to the user. Upon deposits into the recipients bank account, the recipient is notified of the deposits either through mobile channel or through other relevant channels which the recipient has opted for. 6. Mobile transaction is closed.
The following are the key steps of this mobile payment scenario: 1. User invokes a special purpose mobile commerce application for peer-to-peer payments, in their device. This application facilitates payments directly to the recipients m-wallet account. 2. User enters the payment instruction details in the application including the peers wallet details. 3. User is prompted for the m-wallet pin number. 4. Mobile payment transaction details along with m-wallet credential details are passed to the m-wallet service provider through the mobile transaction service provider. 5. Upon validation of the payment instructions along with users credential details, the following payment deposit actions are performed: a. The cross border settlement transaction is initiated between the m-wallet service providers bank account and the recipients m-wallet service provider bank account. b. Upon settlement, the recipients m-wallet service provider deposits the money into recipients wallet service account. 6. Payment confirmation message is sent back to the payment initiator.
5. Upon validation of the payment instructions along with users credential details, the following payment deposit actions are performed: a. The cross border settlement transaction is initiated between the m-wallet service providers bank account and the recipients bank account and the recipient end user is notified of the transfer. b. For the cases, where the recipient is not having a bank account, the money is transferred to an intermediary (based on the pre-agreed arrangement) account, from where the amount is disbursed to the recipient through direct channels.
Post-Paid Mobile payment accounts Post-paid contracts enable the users to pay their mobile charges along with any other mobile commerce charges on a periodical basis (monthly, quarterly etc), based on the contract type chosen with the mobile wallet operator. During the mobile commerce transactions, the payments are initiated against the post-paid mobile account, and regular bills are forwarded to the customer (users) as per the billing arrangements.
that the rollback of payments is achieved (by issuing payment rollback instructions), incase any part of the transaction fails to go ahead. However, for practical reasons, it is also feasible to update the orders manually, incase the payment is successful, but order updation has failed. However, if order is cancelled for some reasons (usually by end users), then a corresponding payment rollback transaction needs to be initiated (depending upon the logic).
In order to improve performance, in some use cases it may be useful to introduce asynchronous mobile commerce transaction processing, wherever it is feasible to achieve. This can be achieved by breaking the entire mobile transaction into manageable sub transactions that can be meaningfully preformed in an asynchronous manner, and still achieving the completion of overall mobile commerce transaction.
Login - Enables the user to login into their mobile payment accounts. Manage User Profile - Allows user to update and manage their mobile account. Fillup Wallet Account - Make deposits to mobile account wallet account. Make Mobile P2P Payments - Allows the user to make person-to-person mobile payments using card or m-wallet account. Make Mobile Money Transfers - Allows the users to make mobile money transfers. Make P2P Payments / Money Transfers with SMS Allows the users perform P2P payment with SMS based communication. Make P2P Payments/ Money Transfers with USSD Enables the user to pay using USSD messages. Product and Service Module This module provisions the mobile commerce product and service catalog services, using which users can browse the available services and products along with their pricing details. The following key use cases are included as a part of this module. Search Products and Service Catalog Allows the users to perform a quick search on available products and services. View products and service catalog Enables the users to view the products and services available in a particular category. Buy selected services with M-wallet account Enables the users to buy the selected product or service with their M-wallet account. Buy selected services with card payments Enables the users to buy the selected product or service with credit or debit payment cards. Buy selected services with M-wallet account using SMS Enables the users to buy the selected product or service with their M-wallet account, using SMS messages. Buy selected services with M-wallet account using USSD Enables the users to buy the selected product or service with their M-wallet account, using USSD messages. Buy selected services with M-wallet account on NFC channel Enables the users to buy the selected product or service with their M-wallet account, using NFC channel. Orders management module (with payment processing) This is one of the key module, using which, users can select the products and services and add to their shopping cart and subsequently initiate mobile commerce orders. Internally, this module will use the mobile payment module to initiate the mobile payments in the context of a placed order. This module includes the following main use cases Create shopping cart for an order Allows the users to create an order (shopping cart) by selected products and services. Add products and services to an order Users can add, delete, and update the order with selected products and services. Pay the order with M-wallet account Enables the users to pay the order with their M-wallet account.
Pay the order with card payments Enables the users to pay the order with their credit or debit card accounts. System Admin Module Includes the mobile commerce application management functions, to set up various systems configurations that are used during live transactions. This module also enables the users to maintain their address details, payment contacts, and any voucher and coupons which they can use during payments. The following are some of the sample use cases included this module. Manage user account Enables the users to maintain their mobile account details. Manage user address Allows the users to manage their various addresses such billing address, shipping address etc. Manage users contacts To manage users payment contact details. Manage user coupons and vouchers Enables the users to manage their coupons and loyalty points etc. The UI layer can be built using multiple mobile client technologies depending upon the operating system and API supported by the individual mobile devices. Currently, multiple mobile operating systems and mobile client apis (SDKs) are provided by major mobile software vendors in the market. Following are some of the key mobile client (micro edition) apis (SDKs) (supported on respect mobile OS) that can be used for developing the mobile client application layer: Java ME Java Platform Micro Edition is a complete java based design time and run time platform, supporting mobile technology with java run time. Java ME provides multiple APIs and JSRs to support mobile application development. For the mobile client application development, one can use some of the key apis such Java ME web service java ME Swing, Java ME Socket to develop appropriate java mobile client applications. A set of mobile technology JSR APIs are bundled, as a part of the latest Java ME, to support a wide array of mobile applications. Windows Mobile OS7 Window SDK is latest window operating system and SDK for window mobile devices. Windows mobile SDK can support full cycle development of windows mobile commerce clients, which can connect with the mobile commerce services hosted in the ser-vice layer. Windows OS7 client will be able to run on mobile client devices that run windows Os7 Android Android Mobile OS is another major mobile operating system along with relevant SDK that can support full cycle development of mobile commerce clients, which can interface with mobile commerce services hosted in the service layer. ISo7 Is an Apple OS for Apple mobile devices and smartphones supporting full cycle development of the mobile commerce clients that can interact with the mobile commerce services hosted on the service layer. SMS SMS based mobile commerce connectivity has been successfully used, where in the SMS messages are used to process the mobile payment transactions in the context of a mobile commerce transactions.
WAP clients: Wireless Application Protocol is a GPRS based protocol, using which WML based mobile client application can be displayed in the mobile devices using WAP enabled browsers. WAP enabled mobile clients can interact with the mobile commerce services including mobile payment services, hosted on the mobile commerce service layer. WAP clients are supported by majority of the client devices and WAP gateway is required for converting the WML content to HTML content before being posted to the application server (Web server) in the mobile commerce service layer. Majority of the WAP sites are accessible from wide array of the mobile devices. As of now WAP based mobile service is slowly declining, as more and more powerful mobile browsers are now being supported by recent mobile devices. Mobile HTTP client (http 5.0/ CSS 3.0) Recent mobile devices and smartphones are enabled with micro browsers which are capable of rendering many of the modern day web application content. Some of these micro browsers now support client side computing (mobile ajax) and can successfully render the complete web content that is developed on http 5.0 / CSS 3.0 standards. The mobile commerce clients can be developed on http 5.0/ CSS 3.0 specification standards, just as any other standard web application. The server side components of the web applications can invoke the services hosted on the mobile commerce service layer.
Process and human workflow Layer The process layer of the solution consists of key mobile commerce business processes that will support the end-to-end processing of mobile transactions involving human workflows. The processes (workflows) hosted in the process layer can be long lived processes or atomic short lived transaction processes. The human interfaces of these processes (which also termed as human workflow services) can be implemented as mobile client applications, using which the end users will be interacting with the mobile commerce process workflows.
Service Layer In this layer, key mobile commerce services are created, composed and aggregated and are exposed as services, which can be invoked by various consumers with supported service bindings. The Basically, the services created in this layer include the business services, utility services, application services that can facilitate the integration between internal applications as well as external sources. The services in this layer are created as service composites compliant with SCA standards. The services can also be accessed by the mobile presenation layer components over REST protocol, via a "REST Adaptor" Components. The service calls over REST protocol are likely to improve performance in some scenarios. Service Bus The service bus hosts service end points for the mobile commerce services. The mobile client applications as well as mobile business processes and any other service consumer clients can invoke the service end points through the service bus. The service bus provides standard functionality such as service routing, service mediation, service protocol transformation, service auditing and logging and quality of service (QoS) features to the service end points.
providers are usually customized in nature, as per the specifications determined by the service provider. 2. Authorization and verification integrations (with acquirer or payment authorisation service provider) In this mode of integration, the mobile transaction framework directly integrates with relevant acquirer or card authorizsation service provider, for securing the authorizations (pre, post and partial authorizations), payment reversals, and also relevant card holder verifications, for card based transactions. The authorization and verification messages exchanged are usually ISO8583 compliant, supporting the required authorization cycles.
3. Settlement integrations with settlement service providers These are the interfaces with payment settlement services providers, to ensure timely settlements of conducted payment transactions. The settlement integrations are usually implemented as asynchronous secure file exchange (SFTP, SSH) based interfaces. The settlement files are created as per the settlement file specifications, such as apacs29b formats. 4. Authorisation and settlement interfaces with mobile wallet service providers These are the interfaces between the mobile transaction solution framework and relevant mobile wallet service providers to authorize and settle the mobile wallet account based transactions. Such interfaces are usually implemented as real time sync integrations, but can be also implemented in batch mode, depending upon the arrangements with the involved mobile wallet service providers. The messages exchanged with the mobile wallet service providers are usually proprietary in nature. 5. Reconciliation Interfaces These are various interfaces developed in the mobile transaction solution framework, to facilitate payment transaction reconciliations between various participants involved in the payment eco system. Such participants may include merchant locations, retailers POS locations, payment authorization service providers, payment settlement service providers, issuer banks, acquirer banks and any associated card network service providers. ISO8583 Message interfaces The payment interfaces between mobile transaction solution framework and various associated payment authorisation service providers are based on ISO 8583 messaging standards. The key message types of ISO8583 messages, exchanged between the MPTS frameworks and respective payment authorisation service providers, are depicted in the diagram below.
of the mobile transactions involved. In this section, we briefly look into various integration scenarios that are required to be supported as a part of the transaction processing solution. SMS Integration SMS messages constitute a key part of the mobile transaction processing model, they are widely used to implement asynchronous com-munication pattern with the end users. From the transaction processing layer, the inbound and outbound messages are usually received and sent by a SMS gateway which is generally located in the Telco operators premises. But in order to support multiple Telco operator messages, an SMS gateway can also be hosted within the mobile transaction processing service providers domain. Basically, SMS gateway server acts as an interface between the end user and the processing server. The inbound SMS messages are received by the SMS gateway and stored in a database, from where such messages are read by transaction processing layer. The outbound SMS messages are written into a data base table from the where the SMS gateway sends the messages to the end users. A pictorial representation of SMS gateway is shown in the figure above.
USSD Integration USSD (unstructured supplementary service data) is another communication mechanism mechanism supported by many Telco operators. Using USSD command, the end mobile devices can send and receive messages with USSD servers hosted in the Telco operator domain. Such USSD commands are used as a part of the mobile commerce transaction flow, to implement certain part of the overall transactions. The USSD messages can be sent and received by interfacing with a USSD gateway which is usually hosted in the Telco operators domain. Mobile transaction processing services can send and receive such USSD messages using XML interface via USSD gateway. The following diagram depicts the flow of USSD integration.
WAP/ WML Content Integration WAP is one of the mobile communication standards, using which mobile devices, through WAP browsers can access WAP enabled information content. The WAP browsers are able to recognize the WML content over wireless and display the content on the mobile devices. The WAP technology is leveraged to enable a veriety of mobile commerce transactions which are hosted through WAP enabled sites. The WAP content (through WML) is sent and received through a WAP gateway usually hosted in the Telco operators domain. The WAP gateway serves as an exchange/transformer for converting WAP (WML / XHTML wap 2.0) to Http/HTTPS (HTML) content between the WAP gateway and the web server hosted in the mobile transaction processing service providers domain. The following diagram depicts the flow of WAP Gateway integration from the web server.
Back Office Integrations The mobile commerce solution framework is devised to integrate with key back office applications, such as financial accounting, HR, admin, MIS and analytical applications in the organization. The transaction records are further fed into the enterprise applications, which in turn process those mobile transaction records as per business need and requirements. Upon creation and modification of a mobile transaction records in the framework, respective record events (along with record details) are generated and written in to subscribed message queues. Subsequently the transaction records read from those queues and updated to respective enterprise applications such as SAP, ORACLE EBS, Reporting and MIS etc. The following diagram depicts the back office integration scenario, supported in the solution.
Business Intelligence The business intelligence functionality is an essential part of the mobile commerce transaction processing solution, and this subsystem is devised to provide complete insight into operational and analytical reporting on mobile commerce transactions conducted through the framework. Whenever a mobile transaction record is created or modified, an associated business intelligence event is generated (consisting of records details) and is written to subscribed business intelligence message queues. The day-to-day transaction records, from the mobile commerce transaction BI queues are extracted, by ETL processes to load into the mobile commerce staging, ODS, and SW data sources. The purpose built mobile commerce specific business intelligence data mart is populated with the data extracted and aggregated from the ODS and EDW data stores. The mobile commerce analytical and operational reports are generated against ODS and Mobile commerce data marts and are provisioned through a dedicated reporting dashboard. The following diagram depicts the data extraction flows for business intelligence.
Figure 22: Mobile Commerce - Business Analytics Mobile Transactions and Payment Processing I White Paper I 27
b. When WAP sites and WAP clients are used, the communication between WAP browser and Telcos WAP gateway is secured through WTLS (Wireless transport layer security) protocol.
The encrypted card holder data (CHD) is passed to the mobile commerce transaction service providers where the same data is decrypted (using private keys) and further processed for authorizations. 2. Telco Operator to Internet HTTPS/ SSL The communication segment between Telco operators network and the connected internet is secured through HTTPS/SSL. The Telco operator network is connected either with secured VPN or with dedicated secured leased lines which are secured through SSL encryp-tion. 3. Internet to Mobile transaction providers Intranet HTTPS/SSL. The communication in this segment of the network is secured through HTTPS/SSL. 4. Mobile Transaction Processor and Mobile Commerce Content Provider HTTPS/SSL. The communications between the service layer of the solution and the respective external mobile commerce content provider is secured through HTTPS/SSL encryption. 5. Mobile Transaction Processor and Payment Gateway Service Provider HTTPS/SSL. The communication path between the mobile transaction processing platform and the respective payment gateway service providers is secured through HTTPS/SSL. 6. Transmission of card holder data over the entire network (public network) is encrypted using strong cryptography and security protocols such as SSL v3/TLS for https, SSL/IPSEC for VPN, SSH for file transfers. The solution framework is devised not to hold or store any customers credit card data during transaction processing; no credit card information is stored during the entire course of mobile transaction processing in the framework. Any personally identifiable information (PII) stored in the solution, will be encrypted during storage. The tokenized CHD (PAN) data is stored in the system after authorization.
PCI DSS compliance for wireless networks The PCI-DSS 2.0 guidelines for wireless networks (WLANS Bluetooth or Wi-Fi) stipulate a definitive set of requirements for wireless networks. All the WLANs connected to the mobile transaction processing framework run time environment, are required to be secured as per the PCI-DSS requirements. The WLANS are subjected to physical and logical inspections (planned) and are also tested through regularly planned wireless vulnerability scanning tasks. The firewall are configured to identify the authorized wireless traffic (if any) and block any unauthorized wireless traffic entering in to the core processing zone, the servers in which may hold the customer sensitive data including card data. Any WI-FI WLAN connected to the run time environment is required to adhere to enterprise mode WPA/ WPA (WI-FI Protected Access) 2.0 authentications and is required to employ AES (Advanced Encryption Standard) encryption standards for wireless encryption.
are different scenarios, as to how the NFC enabled mobile devices can be used to perform payment operations in the context of an overall mobile commerce transaction. The following section briefly discusses different NFC technology based mobile payment transaction scenarios.
transaction between the NFC Pos and payment gateway service provider will continue as it is done in a normal payment scenario. Upon completion of payment processing, the NFC POS sends a payment confirmation message to NFC mobile device, and the overall mobile transaction is closed.
the same to make payments, sending M-Wallet account details to NFC POS, which will further interact with users M-wallet account service provider, for closing the payment transaction. Upon successful payment processing NFC-POS will send a confirmation message to the mobile device and then the overall transaction is closed.
any such commercial environment. Such sales and marketing campaigns will appear in the NFC mobile devices, giving the users with informed options to make their commercial decisions and transactions. The NFC enabled mobile devices are offered with sales and discount coupons (as a part of marketing initiatives) from their mobile operators. Such coupons can be directly used during the mobile commerce transactions, with an NFC enabled POS.
Client layer The mobile client components in the solution are implemented using multiple technologies (depending upon the mobile device and OS compatibility) as a J2ME clients, JSP/WML (WAP) enabled clients (WAP enabled sites), USSD clients, SMS clients etc.
The following are the salient features of the target deployment architecture 1. All incoming and outgoing traffic is secured through first level IP firewall, with NAT based firewall rules. Incoming traffic is distributed to web server cluster, by a load balancer pair which also acts as an SSL termination appliance. Web server cluster routes service requests to the application server cluster located in the core zone, through a highly available load balancer cluster which will distribute the load on to the application server cluster. The service composite applications for mobile transaction processing
2.
3.
are deployed into the application server runtime environments for BPEL, ESB and Adapters engines. 4. The database server cluster is located in the core zone, separated from application servers with dedicated and secured VLANs. All the personally identifiable data in the database is encrypted at storage. Business continuity and disaster recovery requirements (RTOS, RPOs) are met with a stand by DR center, which is constantly updated with a SAN level replication. The file transfers in the system (for settlement and for internal and external integrations) are carried through secured SSH or SFTP channels. The external partners (telcos, FIs, payment gateway service providers) and external services are connected through dedicated leased lines and secured VPN internet connections depending upon the nature of the connection required. Primary and secondary data centers are deployed with appropriate levels of intrusion detection, audit change management systems, to securely monitor the hosting infrastructure.
5. 6.
7.
8.
9.
10. All servers in primary and secondary data centers are secured through virus protection software. 11. The infrastructure elements in the primary and secondary data centers are constantly monitored, through a well defined monitoring system. 12. The access and authorization to all infrastructure resources are controlled. 13. The deployment environment is inspected by regularly planned system vulnerability scanning tasks, to identify and address any internal and external security threats. 14. Any wireless lans (WLANS wifi or Bluetooth) associated with the deployment environments are assessed as per the PCI-DSS 2.0 requirements for wireless payment networks. 15. The firewall rules are configured to filter out / block any unauthorized wireless traffic entering in to core processing zones.
Network Connectivity
The network and communication infrastructure is an important and critical part of a mobile transaction and payment processing infrastructure. Secured and highly available network communications, between various participants in the ecosystem are necessary to ensure high quality end-to-end mobile transaction processing. The following types of network connectivity links are required to build a network infrastructure that can support a mobile transaction and payment processing services: 1. Network communication link between mobile transaction processor and telco (mobile network operators) service providers. Network connectivity between the mobile clients and mobile transaction service providers (though MNOs). Network connectivity between mobile transaction and payment processing service providers and various payment gateway services providers, acquirers, and any third party aggregators, as required for payment authorizations and settlements. Network connectivity between the organizations data center and any externally located mobile transaction service providers.
2.
3.
4.
5.
Network connectivity between primary and secondary data centers hosting the mobile transaction and payment processing services. Network connectivity between primary and secondary data centers and with external business partners.
6.
Reliability, bandwidth, network latency (speed), security, quality of service (Qos) and availability of network infrastructure, and network communication costs, are the important factors determining the network architecture and topologies, which needs to be deployed to support real time mobile business and payment transactions. The network connectivity can also be logically categorized as: Merchant and retailer side connectivity Defines, basically how the merchants, retailers, and end users POS, web and mobile devices can connect to the respective processing hosts networks. Host side connectivity How various processing hosts such as mobile transaction processors, mobile wallet service providers, payment authorization providers, acquirers, payment settlement and clearing service providers can connect to the associated merchants, retailers and mobile users devices. The following are some of the key network communication options available to define the target network infrastructure: Public Internet connectivity It is a low cost connectivity option where various participants are connected over the internet through secured protocols such as https, secured TCP/IP secured FTP, secured SSH protocols. This is a low cost connectivity option, with relatively lower level of quality of service (qos) as latency and bandwidth availability depends upon the public network.
Secure VPN network links With secured VPN connectivity, the communication between two network resources (hosts) is achieved through virtual private network over the Internet. The costs associated with VPN network are relatively lower compared to those of leased lines. Dedicated leased lines These are secured leased lines, enabling the dedicated connectivity between two network resources such as data center networks or data center hosts. The bandwidth, latency, and quality of service (QoS) of dedicated leased lines are usually better compared to those of secured VPN or public Internet lines. Rental and commissioning costs are usually high compared to those of VPN or public Internet connectivity. MPLS connectivity This is a MPLS WAN based connectivity where the data centers (processor host locations), merchants, and retailers locations are connected over MPLS backbones. The end locations are connected to each other over MPLS networks. At the moment, MPLS networks are known to provide higher levels of quality services and adequate redundancy to ensure increased network availability. Frame relay WAN connectivity This is a frame-relay based connectivity where the data centers are connected over a frame relay network. Frame relay based networks are considered to be some what legacy in nature, as newer network connectivity (ex MPLS) options are currently being made available. X.25 network This is a X.25 protocol based connectivity which supports merchant side and host side connectivity to a common x.25 based network, which provides connectivity to multiple participants in the mobile payment processing ecosystem(For example, BTcardway X.25 network). The computing nodes including payment clients and payment hosts are connected to X.25 network through PSE (packet switching devices) devices. The recent PSE devices facilitates connectivity between IP based networks and X.25 network. In context of emerging WAN technologies, X.25 networks are some what considered to legacy in nature.
The above diagram depicts various types of network connectivity link options that can be leveraged to build the required network infrastructure that can support high volume and high quality mobile transaction and payment processing services.
Conclusions
Fuelled by constant advancements in mobile communication and computing technologies, the mobile commerce is significantly growing, and accordingly many business organizations across industry sectors, have been strategically adopting mobile channel, as one of the key business channel and are floating various mobile commerce models, through which they offer their products and services in the market. The growth in the mobile device technology, mobile communication technology and availability of plethora of mobile operating systems, development apps, emulators etc, have enabled the mobile computing to offer business critical, reliable and high quality mobile business transaction solutions, that can be easily adopted as a part of an organizations mobile commerce business strategy. In context of mobile commerce, due to the increased convenience, customer affinity and practical suitability, the mobile channel is increasingly being used as one of the preferred payment processing channel. The overall transaction costs associated with mobile channels are also relatively lower compared to other channels through which the business transactions are conducted. Leveraging to the stable mobile technology, the payment processing solutions using SMS, GPRS/WAP, USSD, NFC, Mobile web channels are now being offered, which enable the end customers to initiate their mobile business transactions as well as the associated payment transactions, directly from their end devices, ensuring complete end to end business transactions, on pre-paid, post paid, gift, voucher, credit and debit card based payment models. The advancements in mobile wireless technology and communication standards have enabled usage of contactless and NFC based payment models. The mobile wallet based payment model is gaining considerable momentum and is currently being seen as one of the key payment model, to promote contactless payment processing practices. The mobile wallet technology enables the end-users to make payments with their mobile wallet accounts, without having to use credit or debit cards and hence this technology can help many users to conduct mobile commerce transactions, and such users do not have to use credit or debit cards.
A well defined Mobile transaction and payment processing solution framework can enable pragmatic mobile commerce models for various industry verticals, supporting a variety of end to end business transactions (processes), coupled with end to end payment processing, on chosen payment processing channels. Such a mobile transaction solution framework can provide readymade functionality for integration using key integration technologies such as web service, SOA, JMS, FTP etc, with a multiple payment gateways and settlement service providers, across different geographies, including the support for cross border payments. The solution framework can be customized to support various business processes and associated payment transactions, and offers out of the box functionality for integrating with organizations back office applications such as ERP, financials accounting, HR and MIS reporting. Such a target solution needs to be capable of integrating with multiple m-wallet service providers and support multiple m-wallet based contactless payment scenarios. Such a target solution is required to include inbuilt business analytical and reporting modules, which will provide complete 360 degree view on the business transactions along with payment processing details. The solution is required to support secured end to end business and payment transactions, achieving required PCI-DSS, PA-DSS, DPA and other required regulatory compliance. The framework architecture needs to ensure that the framework modules can be used with any other third party mobile payment solutions, so as to support organization specific mobile business transactions. While being reliable and highly scalable, the solution is also extendable, making it open for customization, so as to address any organization specific requirements. The solution also needs to provide a wide array of prebuilt industry specific business transaction services and processes, which can be quickly brought into operations. A well defined mobile transaction and payment processing solution framework can help the business organizations in their mobile commerce journey and leveraging to MTPS framework, organizations, can quickly build and bring into the market, their mobile commerce solutions, supporting a variety of mobile commerce scenarios.
Acknowledgements
The author wishes to thank the following persons for their review contributions: Mohan Joshi and Chinni Prasadh from the MphasiS Payments Practice and Bert Hooyman, Chief Architect of MphasiS in Europe.
ABOUTMPHASIS.
MphasiS is a $1 billion global service provider, delivering technology based solutions to clients across the world. With over 40,000 people, MphasiS services clients in Banking and Capital Markets, Insurance, Manufacturing, Communications, Media & Entertainment, Healthcare & Life
MphasiS and the MphasiS logo are registered trademarks of MphasiS Corporation. All other brand or product names are trademarks or registered marks of their respective owners.
Sciences, Transportation & Logistics, Retail & Consumer Packaged Goods, Energy & Utilities, and Governments around the world. Our competency lies in our ability to offer integrated service offerings in Applications, Infrastructure Services, and Business Process Outsourcing. To know more about MphasiS, log on to www.mphasis.com
USA: 460 Park Avenue South, Suite #1101, New York, NY 10016, USA Tel.: +1 212 686 6655, Fax: +1 212 686 2422 UK: 88 Wood Street, London EC2V 7RS, UK Tel.: +44 20 85281000, Fax: +44 20 85281001 AUSTRALIA: 9 Norberry Terrace, 177-199 Pacific Hwy, North Sydney, 2060, Australia Tel.: +61 2 99542222, Fax: +61 2 99558112 INDIA: Bagmane Technology Park, Byrasandra Village, C.V. Raman Nagar, Bangalore 560 093, India Tel.: +91 80 4004 0404, Fax: +91 80 4004 9999
1111