PYM Manual

8/4/2019 PYM Manual

1/20

Information about thisNew Document

New document This Mobile Provisioning Service Product Guide, dated August

2008, is an entirely new document.

Contents This document introduces the MasterCard Mobile ProvisioningService.

8/4/2019 PYM Manual

2/20

Mobile ProvisioningService Product Guide

August 2008

8/4/2019 PYM Manual

3/20

2008 MasterCard

Mobile Provisioning Service Product Guide August 2008 Publication Code: PYM

Proprietary Rights

The information contained in this document is proprietary and confidential toMasterCard International Incorporated, one or more of its affiliated entities(collectively MasterCard), or both.

This material may not be duplicated, published, or disclosed, in whole or inpart, without the prior written permission of MasterCard.

Trademarks

Trademark notices and symbols used in this manual reflect the registrationstatus of MasterCard trademarks in the United States. Please consult with theCustomer Operations Services team or the MasterCard Law Department for theregistration status of particular product, program, or service names outside theUnited States.

All third-party product and service names are trademarks or registeredtrademarks of their respective owners.

Media

This document is available:

On MasterCard OnLine On the MasterCard Electronic Library(CD-ROM)

MasterCard Worldwide2200 MasterCard BoulevardOFallon MO 63368-7263USA

1-636-722-6100

www.mastercard.com
http://www.mastercard.com/http://www.mastercard.com/

8/4/2019 PYM Manual

4/20

Table of Contents

2008 MasterCard

Mobile Provisioning Service Product Guide August 2008 i

Using this Document

Purpose...................................................................................................................1 Audience.................................................................................................................1 Times Expressed.....................................................................................................1Excerpted Text .......................................................................................................2Language Use .........................................................................................................2Revisions.................................................................................................................2 Contact Us ..............................................................................................................3

Chapter 1 Introduction to the Mobile Provisioning Service

Overview .............................................................................................................1-1Key Features........................................................................................................1-1Platform................................................................................................................1-2 Personalization Process.......................................................................................1-3

Step 1: Consumer Registration......................................................................1-4Step 2: Transfer of details to the Mobile Provisioning Service ................... 1-5Step 3: MasterCard Routing to OTA Vendor................................................1-6Step 4: OTA Personalization Undertaken by the Consumer ....................... 1-6

Cryptographic Management................................................................................1-8Branding Opportunity.........................................................................................1-8Customer Service.................................................................................................1-9Constraints ...........................................................................................................1-9Intellectual Property.......................................................................................... 1-10Issuer Pricing .....................................................................................................1-11

8/4/2019 PYM Manual

5/20

2008 MasterCard

Mobile Provisioning Service Product Guide August 2008 i

Using this Document

This chapter contains information that helps you understand and use this

document.

Purpose................................................................................................................... 1Audience................................................................................................................. 1Times Expressed..................................................................................................... 1Excerpted Text ....................................................................................................... 2Language Use ......................................................................................................... 2Revisions................................................................................................................. 2Contact Us .............................................................................................................. 3

8/4/2019 PYM Manual

6/20

Using this Document

Purpose

2008 MasterCard

Mobile Provisioning Service Product Guide August 2008 1

Purpose

The MasterCard Mobile Provisioning Service Product Guidehelps issuers,vendors, and other interested parties understand the high-level workflow ofthe handset personalization process that transfers the cardholders card detailsto their mobile phone and enables it for use at a PayPassterminal.

Audience

MasterCard provides this document for members and their authorized agents.Specifically, the following personnel should find this document useful:

Issuers Vendors Mobile Network Operators

Times Expressed

MasterCard is a global company with locations in many time zones. TheMasterCard operations and business centers are in the United States. Theoperations center is in St. Louis, Missouri, and the business center is inPurchase, New York.

For operational purposes, MasterCard refers to time frames in this document aseither St. Louis time or New York time. Coordinated Universal Time (UTC)is the basis for measuring time throughout the world. You can use thefollowing table to convert any time used in this document into the correct timein another zone.

St. Louis,Missouri USA

Central Time

Purchase, New YorkUSA

Eastern Time

UTC

Standard time

(first Sunday in November tosecond Sunday in March a)

09:00 10:00 15:00

Daylight saving time

(second Sunday in March to first

Sunday in November b)

09:00 10:00 14:00

a For Central European Time, last Sunday in October to last Sunday in March.

b For Central European Time, last Sunday in March to last Sunday in October.

8/4/2019 PYM Manual

7/20

Using this Document

Excerpted Text

2008 MasterCard2 August 2008 Mobile Provisioning Service Product Guide

Excerpted Text

At times, this document may include text excerpted from another document. Anote before the repeated text always identifies the source document. In suchcases, we included the repeated text solely for the readers convenience. Theoriginal text in the source document always takes legal precedence.

Language Use

The spelling of English words in this document follows the convention usedfor U.S. English as defined in Merriam-Websters Collegiate Dictionary.MasterCard is incorporated in the United States and publishes in the UnitedStates. Therefore, this publication uses U.S. English spelling and grammar

rules.

An exception to the above spelling rule concerns the spelling of proper nouns.In this case, we use the local English spelling.

Revisions

MasterCard periodically may issue revisions to this document to accommodateenhancements and changes, or as corrections are required.

With each revision, a Summary of Changes describes how the text changed.Revision markers (vertical lines in the right margin) indicate where the textchanged. The date of the revision appears at the right of each revision marker.

MasterCard may publish revisions to this document in a MasterCard bulletin,another MasterCard publication, or on MasterCard OnLine. A subsequentrevision is effective as of the date indicated in that publication or onMasterCard OnLine and has precedence over any previous edition. In theevent of a conflict between this document and a subsequently publishededition, the subsequently published edition shall have precedence.

8/4/2019 PYM Manual

8/20

Using this Document

Contact Us

2008 MasterCard

Mobile Provisioning Service Product Guide August 2008 3

Contact Us

Please take a moment to provide MasterCard with your feedback about theMobile Provisioning Service Product Guide.

MasterCard continually strives to improve user documents. User feedbackhelps MasterCard accomplish this goal.

Please provide feedback about this document to Manuals and Publications [email protected].
mailto:[email protected]:[email protected]

8/4/2019 PYM Manual

9/20

2008 MasterCard

Mobile Provisioning Service Product Guide August 2008 1-i

1 Introduction to the Mobile ProvisioningServiceThis document describes the MasterCard Mobile Provisioning Service and

provides the high-level workflow of the handset personalization process that

transfers the cardholders card details to their mobile phone and enables it for

use at a PayPass terminal.

Overview ............................................................................................................. 1-1Key Features ........................................................................................................ 1-1Platform................................................................................................................ 1-2Personalization Process....................................................................................... 1-3

Step 1: Consumer Registration...................................................................... 1-4Step 2: Transfer of details to the Mobile Provisioning Service ...................1-5Step 3: MasterCard Routing to OTA Vendor................................................ 1-6Step 4: OTA Personalization Undertaken by the Consumer.......................1-6

Cryptographic Management................................................................................ 1-8Branding Opportunity......................................................................................... 1-8Customer Service................................................................................................. 1-9Constraints ........................................................................................................... 1-9Intellectual Property.......................................................................................... 1-10Issuer Pricing ..................................................................................................... 1-11

8/4/2019 PYM Manual

10/20

Introduction to the Mobile Provisioning Service

Overview

2008 MasterCard

Mobile Provisioning Service Product Guide August 2008 1-1

Overview

MasterCard offers the Mobile Provisioning Service to enable issuers to launchMasterCard PayPasson Mobile programs for their customers quickly and withminimal development and implementation effort.

Definition Over the air (OTA) personalization is the secure transfer of the consumerspayment account details via the carrier network, in to the secure area of theconsumers NFC (Near Field Communication) enabled mobile phone.

Previously, to complete field trials, issuers have had limited optionseitherundertake manual personalization of NFC-enabled handsets with payment

accounts or find an OTA personalization service provider independently.

The process can be prohibitively expensive, and issuers have found it difficultto maintain control over stock and distribution. MasterCard streamlines thisprocess by offering the Mobile Provisioning Service.

Key Features

The Mobile Provisioning Service delivers to issuers the capability to provisionmobile handsets with MasterCard payment credentials over wireless networks.

A number of features comprise the service, such as:

A Web services interface for issuers to initiate provisioning and to receiveprovisioning lifecycle information

A standardized Web services interface from MasterCard to Trusted ServiceManagers (TSMs) that execute the provisioning into the cardholdershandsets

A standard MasterCard user interface for the provisioning process, withMasterCard branding components

End-to-end security certification

Real-time performance of provisioning transactions, initiated by thecardholder

Dynamic, intelligent routing to multiple TSMs

Event status reporting to issuers, which issuers can use in their customerservice interactions with cardholders

Global coverage and reach

8/4/2019 PYM Manual

11/20


Platform

2008 MasterCard1-2 August 2008 Mobile Provisioning Service Product Guide

Direct interface to planned MasterCard mobile Type Approval database

Ability to personalize, lock, unlock, and delete account details, which helpsthe issuers customer service team to manage the lifecycle of the consumeraccount

Platform

With just a few preliminary steps, issuers can easily integrate with the MobileProvisioning Service. As more and more vendors and mobile service providersbecome available, issuers can quickly connect with these certified vendors.

MasterCard certifies vendors for the personalization process, which ensuresthat the vendors have been subject to:

Security due diligence

Compliance Assessment and Security Testing (CAST) approval

PCI Security Standards Council (PCI) compliance

MasterCard also will manage the type approval of handsets to ensure thepersonalization is limited to type approved devices.

To request this functionality, the issuers consumers would normally registerfor PayPasson a Phone through their issuers Web site. There, the user wouldbe prompted to provide specific phone details (such as mobile phone number,handset model, network operator) and to establish a one-time verification codefor use within the personalization process.

Once an issuer has correctly established the consumers registration forPayPasson a Phone, the consumer is presented on the handset with a simpleand secure personalization interface. MasterCard developed the user interfaceafter extensive usability analysis.

The Mobile Provisioning Service also provides customer service capability viathe interpretation of the responses provided through the Web interface. Thisallows the issuers customer service team to track and manage the lifecycle ofthe consumer account.

8/4/2019 PYM Manual

12/20


Personalization Process

2008 MasterCard



Within the system, there are four distinct phases of the process involvinginteraction between different entities. Figure 1 provides a global view of theprocess and the entities that are involved.

Figure 1High-level Overview of Personalization Process

Consumer/

cardholder Issuer

Registration/Validation

Web ServiceInterface

MasterCardOTA Vendor

OTA VendorOTA Vendor

PersonalizationRequests andResponses

Mobile

Network

Operator

PersonalizationData

ProvisioningData

The subsequent sections describe in greater detail the process that culminatesin the consumers NFC-enabled handset being personalized with their carddetails.

8/4/2019 PYM Manual

13/20




Step 1: Consumer Registration

The issuer will need to extend their consumer registration process to allow a

consumer to enter specific details about the mobile phone. The applicationmust allow consumers to register only eligible NFC handsets that are includedwithin the MasterCard list of type approved handsets.

Step 1. Consumer registers for product at issuers Web site.

Consumer/

cardholderIssuer

Registration/Validation

Step Description

1.1 The consumer accesses the issuers registration Web site and enters details,including the consumers personal information (sufficient for Know YourCustomer (KYC) processes), the mobile phone model, phone number, andmobile network operator.

8/4/2019 PYM Manual

14/20



2008 MasterCard


Step 2: Transfer of details to the Mobile Provisioning Service

MasterCard has developed a standard Web interface for communication

between the issuer and MasterCard for the provision of personalizationrequests. Issuers will need to develop an interface to this standard to allowreal-time supply of these requests to MasterCard.

Step 2. Issuer transmission of details to MasterCard.

Issuer

Web ServiceInterface

MasterCard

Step Description

2.1 The issuer validates the application made by their consumer (for KYCrequirements), determines the validity of the entry, and ensures that all of therequired details are provided.

2.2 The issuer then sends the personalization request to MasterCard via the secure,tested Web service interface.

8/4/2019 PYM Manual

15/20




Step 3: MasterCard Routing to OTA Vendor

Once MasterCard confirms that the data supplied by the issuer is valid, the

request the request is repackaged into a standard format and forwarded to oneof the certified OTA vendors who participate in the Mobile ProvisioningService.

At each step of the process, a status is recorded within the Mobile ProvisioningService, which is accessible by the issuer (for care and troubleshootingpurposes) via MasterCard OnLine.

Step 3. Mobile Provisioning Service routes request to available certified vendor.

MasterCardOTA Vendor


PersonalizationRequests and

Responses

StepDescription

3.1 MasterCard validates the request and identifies the available vendor to carry outthe OTA personalization.

3.2 MasterCard transmits the personalization request to the vendor via secure link.

3.3 The status is recorded for access by the issuer via the Web interface.

Step 4: OTA Personalization Undertaken by the Consumer

The OTA vendor initiates a Wireless Application Protocol (WAP) session via aWAP push to the NFC handset (mobile number) that was registered by theconsumer during the first phase of the process. When its convenient, theconsumer will begin the personalization process on their handset and identifythemselves as the registered owner of the handset using the authentication PINestablished by the consumer at the time of registration.

Definition WAP push is a communication method to allow WAP content to be pushed tothe mobile handset with minimum user intervention. A WAP push is a speciallyencoded message that includes a link to a WAP address.

8/4/2019 PYM Manual

16/20



2008 MasterCard


Step 4. OTA service provider initiates personalization, undertaken by consumer.

Consumer/

cardholder


OTA Vendor

Mobile

Network

Operator

PersonalizationData

ProvisioningData

Step Description

4.1 The OTA Vendor initiates personalization session via WAP push on theconsumers handset (number recorded at registration within step 1).

4.2 The consumer confirms the start of the download application on the handset andauthenticates themselves prior to downloading their card details.

4.3 During the personalization process, MasterCard records the status within theMobile Provisioning Service, for access by the issuer via the Web interface.

Once personalization is completed, the consumer is able to initiate PayPasstransactions with their phone at any retail outlet that accepts MasterCardPayPass.

8/4/2019 PYM Manual

17/20


Cryptographic Management


Cryptographic Management

To complete the personalization of the secure element within the phone, theissuer must share key information with the certified vendors. The MobileProvisioning Service leverages the security of the MasterCard Key ManagementCentre (KMC) to help streamline the personalization of a PayPassdevice.Standard setup using in-house track data generation begins with the issuerdelegating to MasterCard the use of the issuer master key.

CVC 3 delegation is typical when issuers use the PayPassOn-behalf Servicesfor mapping and CVC 3 pre-validation. When a personalization request isreceived, a call to the KMC derives the KDcvc3 from the issuer master key andthe primary account number that is being personalization. The KDcvc3 is usedto calculate dynamic CVC 3 values when the PayPassdevice is used at aterminal.

Definition CVC 3 is a code algorithmically derived by a MasterCard PayPass card or device.This code is used by the mag stripe issuer to authenticate the PayPass card ordevice initiating a transaction.

Using in-house track data generation provides many benefits including trackdata format definition, derivation of values necessary for Dynamic CVC 3,secure transport of data, and, most importantly, the security of the IssuerMaster Key stored in the MasterCard Key Management Centre.

Branding Opportunity

The user interface presented to the consumer at the time of personalizationoffers a unique branding opportunity to issuers.

MasterCard can incorporate the issuers brand artwork into the user interface.

Issuers that want to leverage this opportunity must submit brand artwork whenthe project begins so that MasterCard can incorporate it into the user interface.

The dimensions of this artwork should be 220 x 50 pixels set against a whitebackground. This can be provided in a .jpeg, gif, or .png file format.

8/4/2019 PYM Manual

18/20


Customer Service

2008 MasterCard


Customer Service

The issuer retains control of the consumer relationship throughout the process,and the issuers systems authenticate the consumers identity. The issuer willconnect with MasterCard via a proven Web services interface to provide thepredefined data elements within the personalization details. These dataelements are then validated by MasterCard to ensure that the request iscomplete.

Issuers can perform any of the following events to manage the productlifecycle:

Provision and/or personalize the device

De-provision device

De-personalize the device

Re-personalize

Temporary locking of the personalized details (as a risk management tool)

Unlocking of the personalization details

MasterCard records the details of these events and responds with event logsrelated to the requests. MasterCard has designed a detailed method ofcommunication of events between the vendor and the Mobile ProvisioningService, and these event logs are returned to the issuer through the Webinterface connection. For a detailed list of these events, please contact

MasterCard.

Constraints

MasterCard will ensure that only certified vendors act as service providerswithin the Mobile Provisioning Service and that only type approved handsetsare personalized; however, the following factors are beyond the control of theMobile Provisioning Service:

Signal strengthThe download of the application and the preferred userinterface has been optimized for speed and convenience; however, variations

in signal strength depend on where the consumer initiates the OTApersonalization process.

Issuers should clearly notify consumers within their product literature that theconsumer must ensure sufficient signal strength to allow the OTApersonalization process to complete.

8/4/2019 PYM Manual

19/20


Intellectual Property


Subscription to necessary data servicesThe availability of applicable servicestaken by the network subscriber may not allow data transfer.

Issuers should state very clearly, during the registration process andsubsequently in after-care, that the consumer should ensure that data servicesare available for their network subscription. Without access to these services,it will be highly unlikely that their network provider will allow data to bepassed to the handset.

NFC-enabled handset availabilityNFC handset availability for the variousnetworks (CDMA versus GSM).

Note Global System for Mobile communications (GSM: originally from Groupe SpcialMobile) is currently the most popular standard for mobile phones in the world.

Its promoter, the GSM Association, estimates that 82 percent of the globalmobile market uses the standard.

Note Code Division Multiple Access (CDMA) is a method for transmittingsimultaneous signals over a shared portion of the spectrum. The foremostapplication of CDMA is the digital cellular phone technology from QUALCOMMthat operates in the 800MHz band and 1.9GHz PCS band. CDMA phones arenoted for their call quality.

There are two types of handsets available depending on the network for whichthey are functional.

MasterCard will provide to NFC handset manufacturers guidelines about howto obtain type approval for new handset models as they arrive on the market.MasterCard will communicate the list of type approved handsets to the issueras they become available.

Handset battery lifePersonalizing the mobile phone with the consumers carddetails does not take more than a minute; however, the issuer should warntheir consumer that sufficient battery life is required for the completion of theprocess.

Intellectual Property

MasterCard will retain all intellectual property rights against the solutiondeveloped within the Mobile Provisioning Service. This will be fullydocumented within any legal agreements to be signed by both parties prior tothe issuer taking the services

8/4/2019 PYM Manual

20/20


Issuer Pricing

2008 MasterCard1 11

Issuer Pricing

MasterCard will charge issuers a one-time set-up fee of USD 60,000 in additionto tiered pricing, indicated as follows.

Transaction Volume (per year) Price (per transaction)

Up to 500,000 transactions USD 0.60

from 500,001 to 1,000,000 transactions USD 0.55

from 1,000,001 to 2,500,000 transactions USD 0.50



from 10,000001 to 99,999,999 transactions USD 0.30

These fees are specific to the Mobile Provisioning Service and are in additionto any other fees an issuer may incur for other products or services.

Documents

PYM Manual