Empowering smes with mobile payment

0

ASEANFIC Jakarta 22nd May 2013

Ng Kian Seng ManagePay Group

Malaysia

Empowering SMEs with Mobile Payment

1 Strictly Private & Confidential – Property of ManagePay Group All Rights Reserved

ManagePay N2N Secure Transaction Solution

Card Issuing Application

Card and Card Applets

EMV Card toolkits & Card Mailer Program

Personalization Service

Front Office Application

Acquiring System & Network solution covering EDCPOS Payment, Mobile POS Payment, & Internet Payment, with VAS on Loyalty System, Prepaid Top Up Solution, Billing, Voucher and Ticketing System

• CLMS – CardGain Loyalty Management System; • MPTUS - Multi-purpose Payment Top Up Solution. • MDEX– B2B2C E-Commerce Solution and Services • Sinatec Enterprise Application – ERP, POS, Mobile Applications.

Back Office Application

EMV Issuing Chip Personalization Services

(Since 2004)

EMV Acquiring Network & Terminal Services

(Since 2004)

N2N Enterprise Application for Payment Services

(Since 2000)


ManagePay Credential

Digital Malaysia National ICT Initiative Project ManagePay Payment Service brand “MPAY”, an

Entry Point Project of Digital Malaysia Masterplan

Enabling E-Payment Services for SMEs & Micro Enterprises

Frost & Sullivan's 2012 Asia Pacific New Product Innovation of the Year Award

Mobile Electronic Payment Terminal Solution


Mobile Payment Opportunities in Payment Acquiring Industry

Mobile Wallet Payments

Track users for offers and loyalty Promoting digital wallet over card

Mobile Proximity Payment

Mobile device as alternative to card.

MPOS (Mobile Point of Sales)

Mobile device used as merchant’s POS

Mobile Web Payment

Payment through mobile browser, or application for card non present transaction.


What is MPOS

• Mobile as the Point of Sales. • Every mobile devices as a secured cash register • MPOS solutions allow merchants, including conventional retail merchant, door-to-door sales people, trades people, and street vendors to easily accept all available card scheme via their mobile devices.


MPAY Mobile POS Payment Solution [MPAY is the payment brand of ManagePay]


MPAY EMV Level 2 MPOS Solution Full EMV Mobile POS Payment Solution Cross Multiple Platforms


MPOS Market Potential Market Research by – ReportsNReports (US based market research company)

• Forecasts that by 2017, MPOS unit is expected to grow from 4.5 million to a staggering 38 million, drive by growth in retail sector and more smartphone and card users.

• By 2017, adoption of MPOS unit over conventional POS terminals will be 46%, as opposed to 17% on 2012

– IDC (International Data Corporation) has projected 1 billion Smartphone ship globally by 2015, support growing of MPOS.

– Juniper Research has projected global mobile payment value by 2015 is around USD670 billion.


MPOS Target Merchant Based • Require Lower Ownership and Setup Cost Merchants who find the cost of setting up and maintaining a

conventional purpose-built POS Terminal too high to allow for profitable card acceptance, particularly small merchants (SMEs or Micro Enterprises) who have low retail volume

• Doing Business on the move Merchants who need an alternative to fix telephone line due to

a lack of available infrastructure or because of the mobile nature of the merchant’s business

• Enhanced Retail ‘s Customer Experiences Merchants who wish to enhance the retail experience by shortening lines or offering product look-ups

and payment throughout the store, through flexible integration between MPOS solution with their present point-of-sale system.

• First Time Merchant Merchant who never accept card payment before, and now being offer a simple and cheap solution to

expand their business sales

*Approximately 75% of the MPOS merchant are First Time Merchant


MPOS Vs POS Terminals Advantages of MPOS solutions versus conventional POS terminals: • Lower total cost of ownership MPOS solutions are being offered either for free or at a very low cost. Many merchants already own suitable mobile devices, so they can avoid additional costs related to purchasing, deploying, and maintaining a POS terminal. • Better mobility and greater ease of use Perfect solution for mobile merchants with no fixed place of business, doing business on the move. • More flexible software development platforms Integrate easily with existing solution or development environments for greater service and payment

experiences. • Better user interfaces Friendly and simple design make it usage friendly for merchant and consumer • Centralize cloud based application management, lower cost of maintenance Payment application managed on the cloud, all software patches, update and enhancement is easily done

through an app update on iOS AppStore, Google Android Play Store, and Windows Store. Cutting down tremendous support and maintenance cost.


MPOS Supported Acquiring Model

• Traditional acquiring channel through Bank Direct and Card Scheme appointed ISO/MSP for member bank • Card Scheme’s TPA Model, Visa PSP (Payment Service

Provider) & Mastercard PF (Payment Facilitator) for SMEs & Micro Enterprises supporting annum sales less then USD100k per card scheme.


MPOS Payment System Components


MPOS Application Screen Flow

Key in amount and product description & photo (if any), then tap on PAY button

Insert card reader then insert payment card. Tap on SUBMIT button once the card reading process completed

Once the transaction approved by bank, sign on the page and tap on NEXT button GPS location being captured for further proof of transaction.

Key in the customer email address and tap on SUBMIT button to send digital payment receipt through email. (SMS is optional)


MPOS EMV Level 1 Chip Readers

USB ICC Chip Reader (For Android & Windows) EMV Level 1

ICC Chip Reader (For iPhone, Android & Windows) EMV Level 1 with DUKPT, supporting P2PE (Point to Point encryption)


MPOS Magstripe Readers

Imag Reader (For iPhone)

UniMag Reader (For iPhone & Android Phone)


MPAY Mobile POS Devices Roadmap

Smart Gadgets: Mag Strip (Non-EMV) or Chip Reader (EMV L1)

Bluetooth PinPad with Chip and MagStrip Readers (EMV L1)

All-in-1 Bluetooth PinPad with Chip and MagStrip Readers (EMV L1) plus offline EMV L2 Kernel, printer and contactless reader (supports Visa PayWave, MasterCard PayPass, Touch ‘n Go)


MPOS EMV Level2 Kernel & Application Server

• Server based EMV L2 Kernel which able to support multiple smart phone platform, i.e. iOS, Android, Windows Mobile, etc.

• Online authentication transaction only which shorten the card processing time.

• PCI-DSS Compliance on Processing, Transmitting and Storing of EMV card data is implemented compliance with PCI-DSS standards


MPOS Security Control

• MPOS Solution must be in compliances with regulated policies and standards defined by Card Scheme & Payment Governance bodies.

• MPOS Solution must adhere to some security practices here:

i. Securing MPOS Payment Applications • Industry recognized secure coding practices • MPOS application can be activated and disabled remotely

ii. Securing Transaction Data Captured by an MPOS Card Reader • Utilize point-to-point encryption (P2PE) which encrypts transaction data within the MPOS card reader

and transmits the enciphered data via the mobile device to the MPOS remote host. No data captured at the mobile phone.

• Authentication of the MPOS application and card reader accessory to ensure that data can only originate from legitimate merchants using genuine MPOS solutions.

• Transaction data received from the MPOS solution are validated at remote host to ensure it is authentic.

iii. Securing Card Holder Data on mobile device

• No storing of card holder data in the mobile device, must be in compliances with the PCI PA-DSS standard.

* MPOS Solution is developed with strict regulated guidelines and processes, it will be discuss further in the topic on

Guidelines, Compliances and Policies.


MPOS Dispute & Chargeback Prevention Management • Support Card Present Transaction like conventional POS terminal, for

both EMV (Chip and Sign) and Magstripe Card • Sharing similar risk with conventional POS terminal on easily

fraudulent magnetic stripe card. Acquirer manage their risk control based on present practices

• MPOS Full EMV Solution able to provide better dispute & chargeback

control features over POS terminal, such as – Allow capturing of sold product pictures and description for more

efficient dispute and fraud investigation – Allow capturing of GPS location on location of sales, firming the location

of transaction for efficient dispute and fraud investigation – Centralize secured cloud server, able to produce detail transaction report

within minutes to speed up dispute and fraud investigation


MPOS Security Guidelines, Compliances & Policies - I

• Governance & Compliances Body – EMVCo – PCI SSC (PCI Security Standard Council) – Card Scheme such as Visa, MasterCard & AMEX


MPOS Security Guidelines, Compliances & Policies - II

EMVCo – EMV Level 1 Cert for Reader

MPOS Reader must be EMV Level1 compliance to support EMV chip reading. Level 1 Type Approval process tests compliance with the electromechanical characteristics, logical interface, and transmission protocol requirements defined in the EMV Specifications, which covers physical, electrical and transport level interfaces.

– EMV Level 2 Cert for Kernal MPOS Application Server must support a certified EMV Level2 Kernel.

Level 2 Type Approval tests compliance with the debit/credit application requirements as defined in the EMV Specifications, which covers payment application selection and credit financial transaction processing.


MPAY EMV Level 2 Kernel Certified by EMVCO November 2012


MPOS Security Guidelines, Compliances & Policies - III

PCI SSC (PCI Security Standard Council)

– PCI DSS (Data Security Standard) Set of policies and procedures intended to optimize the security of credit, debit and cash card transactions and

protect cardholders against misuse of their personal information. It cover the security protection for card data Processing, Transmitting & Storing. Acquirer or Payment processors must certified with the PCI DSS Service Provider or in compliances to roll out the MPOS solution.

– PCI PA-DSS (Payment Application Data Security Standard) Provide the definitive data standard for software vendors that develop payment applications. The standard

aims to prevent developed payment applications for third parties from storing prohibited secure data including track 2 data, CVV2, PAN number, Expiry date, and PIN. MPOS on consumer devices is exempted presently from this certification but MPOS application must develop according to the standards defined.

– PCI PTS (Pin Transaction Security) Protect consumer PIN data from theft. It is also intended to enforce hardware security of devices that accept

consumer PINs and house secret encryption keys of the acquirer, including how the PIN Entry Device (PED) is produced, controlled, transported, stored and used throughout its life cycle. For country supporting chip and pin, the MPOS reader must be certified with PCI PTS since the readers comes with pin pad.


MPAY PCI DSS Compliant

Coming Soon .. Certified Service Provider

Level 2


MPOS Security Guidelines, Compliances & Policies - IV

MasterCard

– MTIP (MasterCard Terminal Integration Process)

Certification process to ensure the EMV Application developed able to support global mastercard transaction with MasterCard acquiring host.

– TQM (Terminal Quality Management) MasterCard Terminal Quality Management (TQM) programme guarantees acquirers that the terminals they source are consistent with the card interface module sample approved by EMVCo. The TQM process focuses on the smart card and contactless interfaces of the terminal hardware and is complementary to EMV Level 1.

– MPOS BEST PRACTICES PROGRAM (MOBILE POINT OF SALE) Solutions Self Certified Against MasterCard MPOS Best Practices

* Mastercard has developed MPOS Solution Security Guidelines, as well as MPOS best practices for both

solution and service provider and the merchants since end of 2011.


MPAY MasterCard MPOS Program Certified May 2013

MasterCard Worldwide

THE MASTERCARD MPOS BEST PRACTICES PROGRAM

(MOBILE POINT OF SALE)

Solutions Self Certified Against MasterCard MPOS Best Practices


MPOS Security Guidelines, Compliances & Policies - V

VISA International

– ADVT(Acquirer Device Validation Toolkit)

Certification process to ensure the EMV Application developed able to support global Visa card transaction with Visa International acquiring host.

– MPOS Ready Program Certification program by a certified Visa Test Lab, ensuring the solution adhere to

Visa security standards.


Summary

• MPOS solution will be the catalyst in promoting

growth in the trading and retail businesses. • With the huge numbers of SMEs & Micro

Enterprises in Indonesia, and huge numbers of retail & trading transaction daily, the low cost payment devices MPOS will be choice of secure payment solution.


Thank you

Ng Kian Seng ManagePay Systems Berhad Email : [email protected] Mobile : +6012-5651880 Office : +603-80231880 Web : http://www.managepay.com

mailto:[email protected]�

Technology

Empowering smes with mobile payment