180 likes | 334 Vues
Micropayment in Macedonia. 6-th Conference on Payment and Securities Settlement Systems, Ohrid, 1-3 July 2013. Legal framework.
E N D
Micropayment in Macedonia 6-th Conference on Payment and Securities Settlement Systems,Ohrid, 1-3 July 2013
Legal framework Through 2012 there were several meetings with Ministry of Finance and industry experts (Mobile Telecom Operators and Processing Houses in state) about possible changes to the current law on payment system operations. There were several changes proposed and adopted who are essential: • It is allowed institutions who are telecom and network operators or IT system operators to process micropayments; • Micropayment-shall denote payment of products and services in a single amount not exceeding Denar 1000 (15 Eur), with the approval for making the payment being issued through telecommunication, digital or IT devices; • Single amount of the transaction (1000), total month limit per micropayment user (6000) and total amount of all micropayment transaction by single micropayments intermediary (100.000.000) are checked before procesing the micropayment; • National bank have the role to prescribe technical standards for: security , operational availability and effective transfer of the assets. If all the standards are meet license is issued for Micropayment intermediary and is registered.
Participantsin micropayments operations • Micropayment user (person/in case of a company is every subscriber line particularly; Sign specialized agreement with the intermediary; Micropayment transaction is started by telecommunication, digital or other IT assets;) • Micropayment intermediary (gathering, processing, control of the limits of the micropayments and settlement of the participants) • Point of sale (company that should have a agreement with intermediary)
Micropayments Step1: Initialization of micropayment (ex.Pizza Napolitana = 500 MKD) M user Merchant POS Чекор 4:Известување за статусот на микроплаќањето (500 MKD- ОК/НОК) Чекор 2: Acceptance of micropayment Accountability is confirmed in two ways PIN,MSISDN; Control of the limits (500 MKD) Чекор 2а: Agreement with Merchants and spreading the network of POS Чекор 1в: PIN is given to the user to confirm the micropayments Step1a: Request and sign a agreement Чекор 3: Confirmation of the micropayment Чекор5а: Settlement between intermediary and Merchant through bank through calculation cycle M Intermediary Чекор 1б Registering user in the information system of the intermediary; PIN issuing; Approval of the initial limit per user. Чекор 2бRegistration of the Merchants in the information system of the intermediary Чекор 5б: Settlement between user and intermediary through billing cycle. Direct carrier billings (DCB) Registration Micropayment Settlement
Benefits from Micropayment • Liberalization in area of payment institution, because now there is chance another non-bank institution to perform micro-payment operation; • Bigger competition will give new innovative and advanced solutions that will increase security and cut the cost for payment transaction; • Fast, easy way to complete payments of goods from the merchant; • Users are granted with additional financial credit assets, depend from credit score of the user and set by intermediary.
Risk in Micropayments • Possibilities of losing the device (mobile device) and possibility for unauthorized micro-payments in the timeframe between losing the device and blocking the device by the user; • Insufficient control of the mobile device of the user that allow negligent, accidental, or malicious mobile user behavior, (including a lost/stolen phone, frivolous app downloading, and jail-breaking (iOS) or rooting (Android) a device) • Possibilities of large amount of complaints from the users of micropayments or merchants to responsible organization for issuing license for the intermediary(National bank has a reputational risk); • Unauthorized attacks from outsiders/insiders of the IT system of the intermediary that will jeopardize availability of the system. • Inadequate mobile payment provider fraud controls. Poor monitoring, detection and prevention tools can also cause undetected or unauthorized access to financial data and unauthorized transactions, leading to fraud losses.
Types of micropayment that are considered • Installation of specialized application on mobile phone of the user • Usage of NFC (Near Field Communication технологија), new generation of smart phones are equipped with unique NFC chip. These technology in many countries is in phase of pilot or under monitoring (Austria – А1 telecomand Holland – consortium of several banks ABN-AMRO, ING, Rabobank for NFC initiatives, Google Wallet, etc...) • Strength (the most secure technology for transaction to be processed in these moments of technological evolution concerning mobile devices; practically is extension of EMV technology that is using in card processing with antenna in area of mobile devices) • Weaknesses (limitation to only smart phone generation and possibilities to enter the mass market of users of mobile phones; Also relatively more expensive terminal equipment for merchant for their POS) • Scanning of specialized barcodes (mobile device in this situation should also be equipped with camera and additional application that can scan a barcode on the POS to initiate the transaction) • Strength(dual authorization of the transaction is also available) • Weaknesses(good internet connection to complete the payments in merchant area/or good coverage of the network of the telecom operator; phishing scams; little screens on the mobile device are very bad for reading the screens)
Types of micropayment that are considered • Without installation of the application • With exchange of tones between mobile device of the user and terminal equipment at the POS (In region successfully is working similar system called MONETA in Slovenia- based on the MARGENTO technological solutions. Similair system is announced to be established in Macedonia • Strength(work with every generation of mobile devices- possibilities to enter the mass market and good penetration;possibilities to dual confirmation of the identity of the user) • Weaknesses(The system is working on Direct Carrier Billing and there is a complaints in several countries for cramming the bills)
Types of micropayment that are considered • Installation of the application on the digital receiver(set top box) • With remote controller of your TV you are giving the instructions to process the payment • Strength(possibilities to order services and pay for goods from your living room; there is also capability to implement dual confirmation of the identity of the user; encryption of the data transferred) • Weaknesses(unauthorized usage of the application on your TV; your TV is not mobile but is standing on just one place and there is no any possibilities to transfer the STB to another geo-location)
Role of the National Bank • Prescribed technical standards for security, operational reliability and efficient transfer of assets through the process of micropayment – deadline was 03.04.2013; • Issue license to a legal entity that has a intention to be micropayment intermediary, if all the standards are met; • Registering the micropayment intermediary; • Onsite and offsite supervision and oversight on the intermediary are planned to check if the standards are met and limits are controled.
DECISION ON MICROPAYMENT TECHNICAL STANDARDS • Technical standards for security; • Technical standards for operational reliability; • Technical standards for secure and efficient transfer of the assets.
Security • Risk analyses and preparing the report • Information security policy • Assurance of dual confirmation of the identity of the user • Usage of outsourcing services from the intermediary (cloud services)
Operational reliability • Indicators for efficiency (time needed for different status of data processing, time needed to complete transaction and issue a acknowledgment to user for the status of the transaction) • Operational capacity(planning the capacity of the IT system needed to operate and archive the micropayments)
Secure and efficient transfer of assets • Data processing of the micropayments in the intermediary • Responsibilities and complaints(process of complaints, 24 hour user support, defined responsibilities) • Settlement (all the transactions are dynamically settled through calculation cycle) • Control of the limits • Transparency
DECISION ON ISSUING A MICROPAYMENT LICENSE For the application of the legal entity to become a micropayment intermediary these documents are gathered: • Certificate from central registry • Rules and procedures for micropayments • Anti money laundering program • Evidence that technical standards for micropayments are met
DECISION ON ISSUING A MICROPAYMENT LICENSE In department of Licensing in the National bank assessment is done through following activities: • Analyze completeness of the documentations, according to the demands of the regulation; • Wheatear documentation that is gathered is valid, up to date and authentic; • Wheatear approval to process the micropayment is done through telecommunication and digital devices or other IT devices; • Wheatear technical standards are fulfilled according to the decision and • Wheatear conditions are met according to control of the limits that are described by the Law for payment operation.
Reports to the NBRM • Intermediary is obliged to report to the National bank about micropayments that are processed; • Content and form of the reports are prescribed in separate decision of the National bank • Control of the limits and the system that is used for this assignment will be checked by supervisors
Info Thank you Contact: National bank of the Republic of the Macedonia Division of Supervision, Banking Regulations and Financial Stability Goran Jankoski head of IT risk group jankoskig@nbrm.mk