Empowering smes with mobile payment

0
ASEANFIC
Jakarta
22nd May 2013
Ng Kian Seng
ManagePay Group
Malaysia
Empowering SMEs with Mobile Payment

1 Strictly Private & Confidential – Property of ManagePay Group All Rights Reserved
ManagePay N2N Secure Transaction Solution
Card Issuing Application
Card and Card Applets
EMV Card toolkits & Card
Mailer Program
Personalization Service
Front Office Application
Acquiring System & Network solution
covering EDCPOS Payment, Mobile POS
Payment, & Internet Payment, with VAS
on Loyalty System, Prepaid Top Up
Solution, Billing, Voucher and Ticketing
System
• CLMS – CardGain Loyalty
Management System;
• MPTUS - Multi-purpose Payment
Top Up Solution.
• MDEX– B2B2C E-Commerce Solution
and Services
• Sinatec Enterprise Application – ERP,
POS, Mobile Applications.
Back Office Application
EMV Issuing Chip
Personalization Services
(Since 2004)
EMV Acquiring Network &
Terminal Services
(Since 2004)
N2N Enterprise Application
for Payment Services
(Since 2000)

ManagePay Credential
Digital Malaysia National ICT Initiative Project
ManagePay Payment Service brand “MPAY”, an
Entry Point Project of Digital Malaysia Masterplan
Enabling E-Payment Services for SMEs &
Micro Enterprises
Frost & Sullivan's 2012 Asia Pacific New Product
Innovation of the Year Award
Mobile Electronic Payment Terminal Solution

Mobile Payment Opportunities in Payment
Acquiring Industry
Mobile Wallet Payments
 Track users for offers and loyalty
 Promoting digital wallet over card
Mobile Proximity
Payment
 Mobile device as alternative to card.
MPOS (Mobile Point of Sales)
 Mobile device used as merchant’s POS
Mobile Web Payment
 Payment through mobile browser, or
application for card non present transaction.

What is MPOS
• Mobile as the Point of Sales.
• Every mobile devices as a secured cash register
• MPOS solutions allow merchants, including
conventional retail merchant, door-to-door sales
people, trades people, and street vendors to
easily accept all available card scheme via their
mobile devices.

MPAY Mobile POS Payment Solution
[MPAY is the payment brand of ManagePay]

MPAY EMV Level 2 MPOS Solution
Full EMV Mobile POS Payment Solution Cross Multiple Platforms

MPOS Market Potential
Market Research by
– ReportsNReports (US based market research company)
• Forecasts that by 2017, MPOS unit is expected to grow
from 4.5 million to a staggering 38 million, drive by growth
in retail sector and more smartphone and card users.
• By 2017, adoption of MPOS unit over conventional POS terminals will be
46%, as opposed to 17% on 2012
– IDC (International Data Corporation) has projected 1 billion
Smartphone ship globally by 2015, support growing of MPOS.
– Juniper Research has projected global mobile payment value by 2015
is around USD670 billion.

MPOS Target Merchant Based
• Require Lower Ownership and Setup Cost
Merchants who find the cost of setting up and maintaining a
conventional purpose-built POS Terminal too high to allow for
profitable card acceptance, particularly small merchants
(SMEs or Micro Enterprises) who have low retail volume
• Doing Business on the move
Merchants who need an alternative to fix telephone line due to
a lack of available infrastructure or because of the mobile nature
of the merchant’s business
• Enhanced Retail ‘s Customer Experiences
Merchants who wish to enhance the retail experience by shortening lines or offering product look-ups
and payment throughout the store, through flexible integration between MPOS solution with their
present point-of-sale system.
• First Time Merchant
Merchant who never accept card payment before, and now being offer a simple and cheap solution to
expand their business sales
*Approximately 75% of the MPOS merchant are First Time Merchant

MPOS Vs POS Terminals
Advantages of MPOS solutions versus conventional POS terminals:
• Lower total cost of ownership
MPOS solutions are being offered either for free or at a very low cost.
Many merchants already own suitable mobile devices, so they can avoid
additional costs related to purchasing, deploying, and maintaining a
POS terminal.
• Better mobility and greater ease of use
Perfect solution for mobile merchants with no fixed place of business, doing business on the move.
• More flexible software development platforms
Integrate easily with existing solution or development environments for greater service and payment
experiences.
• Better user interfaces
Friendly and simple design make it usage friendly for merchant and consumer
• Centralize cloud based application management, lower cost of maintenance
Payment application managed on the cloud, all software patches, update and enhancement is easily done
through an app update on iOS AppStore, Google Android Play Store, and Windows Store. Cutting down
tremendous support and maintenance cost.

MPOS Supported Acquiring Model
• Traditional acquiring channel through
Bank Direct and Card Scheme appointed
ISO/MSP for member bank
• Card Scheme’s TPA Model, Visa PSP (Payment Service
Provider) & Mastercard PF (Payment Facilitator) for
SMEs & Micro Enterprises supporting annum sales less
then USD100k per card scheme.

MPOS Payment System Components

MPOS Application Screen Flow
Key in amount and product
description & photo (if any),
then tap on PAY button
Insert card reader then
insert payment card. Tap on
SUBMIT button once the
card reading process
completed
Once the transaction approved by
bank, sign on the page and tap on NEXT
button
GPS location being captured for further
proof of transaction.
Key in the customer email
address and tap on SUBMIT
button to send digital
payment receipt through
email. (SMS is optional)

MPOS EMV Level 1 Chip Readers
USB ICC Chip Reader
(For Android & Windows)
EMV Level 1
ICC Chip Reader
(For iPhone, Android & Windows)
EMV Level 1 with DUKPT,
supporting P2PE (Point to Point encryption)

MPOS Magstripe Readers
Imag Reader
(For iPhone)
UniMag Reader
(For iPhone &
Android Phone)

MPAY Mobile POS Devices Roadmap
Smart Gadgets:
Mag Strip (Non-
EMV) or Chip
Reader (EMV L1)
Bluetooth PinPad
with Chip and
MagStrip Readers
(EMV L1)
All-in-1
Bluetooth PinPad
with Chip and
MagStrip
Readers (EMV L1)
plus offline EMV
L2 Kernel, printer
and contactless
reader (supports
Visa PayWave,
MasterCard
PayPass, Touch ‘n
Go)

MPOS EMV Level2 Kernel & Application Server
• Server based EMV L2 Kernel which able to
support multiple smart phone platform, i.e.
iOS, Android, Windows Mobile, etc.
• Online authentication transaction only
which shorten the card processing time.
• PCI-DSS Compliance on Processing,
Transmitting and Storing of EMV card
data is implemented compliance with PCI-
DSS standards

MPOS Security Control
• MPOS Solution must be in compliances with regulated policies
and standards defined by Card Scheme & Payment
Governance bodies.
• MPOS Solution must adhere to some security practices here:
i. Securing MPOS Payment Applications
• Industry recognized secure coding practices
• MPOS application can be activated and disabled remotely
ii. Securing Transaction Data Captured by an MPOS Card Reader
• Utilize point-to-point encryption (P2PE) which encrypts transaction data within the MPOS card reader
and transmits the enciphered data via the mobile device to the MPOS remote host. No data captured
at the mobile phone.
• Authentication of the MPOS application and card reader accessory to ensure that data can only
originate from legitimate merchants using genuine MPOS solutions.
• Transaction data received from the MPOS solution are validated at remote host to ensure it is
authentic.
iii. Securing Card Holder Data on mobile device
• No storing of card holder data in the mobile device, must be in compliances with the PCI PA-DSS
standard.
* MPOS Solution is developed with strict regulated guidelines and processes, it will be discuss further in the topic on
Guidelines, Compliances and Policies.

MPOS Dispute & Chargeback Prevention
Management
• Support Card Present Transaction like conventional POS terminal, for
both EMV (Chip and Sign) and Magstripe Card
• Sharing similar risk with conventional POS terminal on easily
fraudulent magnetic stripe card. Acquirer manage their risk control
based on present practices
• MPOS Full EMV Solution able to provide better dispute & chargeback
control features over POS terminal, such as
– Allow capturing of sold product pictures and description for more
efficient dispute and fraud investigation
– Allow capturing of GPS location on location of sales, firming the location
of transaction for efficient dispute and fraud investigation
– Centralize secured cloud server, able to produce detail transaction report
within minutes to speed up dispute and fraud investigation

MPOS Security Guidelines, Compliances & Policies - I
• Governance & Compliances Body
– EMVCo
– PCI SSC (PCI Security Standard Council)
– Card Scheme such as Visa, MasterCard & AMEX

MPOS Security Guidelines, Compliances & Policies - II
EMVCo
– EMV Level 1 Cert for Reader
MPOS Reader must be EMV Level1 compliance to support EMV chip reading.
Level 1 Type Approval process tests compliance with the electromechanical
characteristics, logical interface, and transmission protocol requirements defined
in the EMV Specifications, which covers physical, electrical and transport level
interfaces.
– EMV Level 2 Cert for Kernal
MPOS Application Server must support a certified EMV Level2 Kernel.
Level 2 Type Approval tests compliance with the debit/credit application
requirements as defined in the EMV Specifications, which covers payment
application selection and credit financial transaction processing.

MPAY EMV Level 2 Kernel Certified by EMVCO
November 2012

MPOS Security Guidelines, Compliances & Policies - III
PCI SSC (PCI Security Standard Council)
– PCI DSS (Data Security Standard)
Set of policies and procedures intended to optimize the security of credit, debit and cash card transactions and
protect cardholders against misuse of their personal information. It cover the security protection for card data
Processing, Transmitting & Storing. Acquirer or Payment processors must certified with the PCI DSS Service
Provider or in compliances to roll out the MPOS solution.
– PCI PA-DSS (Payment Application Data Security Standard)
Provide the definitive data standard for software vendors that develop payment applications. The standard
aims to prevent developed payment applications for third parties from storing prohibited secure data
including track 2 data, CVV2, PAN number, Expiry date, and PIN. MPOS on consumer devices is exempted
presently from this certification but MPOS application must develop according to the standards defined.
– PCI PTS (Pin Transaction Security)
Protect consumer PIN data from theft. It is also intended to enforce hardware security of devices that accept
consumer PINs and house secret encryption keys of the acquirer, including how the PIN Entry Device (PED) is
produced, controlled, transported, stored and used throughout its life cycle. For country supporting chip and
pin, the MPOS reader must be certified with PCI PTS since the readers comes with pin pad.

MPAY PCI DSS Compliant
Coming Soon ..
Certified Service Provider
Level 2

MPOS Security Guidelines, Compliances & Policies - IV
MasterCard
– MTIP (MasterCard Terminal Integration Process)
Certification process to ensure the EMV Application developed
able to support global mastercard transaction with MasterCard
acquiring host.
– TQM (Terminal Quality Management)
MasterCard Terminal Quality Management (TQM) programme guarantees acquirers that the
terminals they source are consistent with the card interface module sample approved by
EMVCo. The TQM process focuses on the smart card and contactless interfaces of the
terminal hardware and is complementary to EMV Level 1.
– MPOS BEST PRACTICES PROGRAM (MOBILE POINT OF SALE)
Solutions Self Certified Against MasterCard MPOS Best Practices
* Mastercard has developed MPOS Solution Security Guidelines, as well as MPOS best practices for both
solution and service provider and the merchants since end of 2011.

MPAY MasterCard MPOS Program Certified
May 2013
MasterCard
Worldwide
THE MASTERCARD MPOS
BEST PRACTICES PROGRAM
(MOBILE POINT OF SALE)
Solutions Self Certified Against
MasterCard MPOS Best Practices

MPOS Security Guidelines, Compliances & Policies - V
VISA International
– ADVT(Acquirer Device Validation Toolkit)
Certification process to ensure the EMV Application developed able to support
global Visa card transaction with Visa International acquiring host.
– MPOS Ready Program
Certification program by a certified Visa Test Lab, ensuring the solution adhere to
Visa security standards.

Summary
• MPOS solution will be the catalyst in promoting
growth in the trading and retail businesses.
• With the huge numbers of SMEs & Micro
Enterprises in Indonesia, and huge numbers of
retail & trading transaction daily, the low cost
payment devices MPOS will be choice of secure
payment solution.

Thank you
Ng Kian Seng
ManagePay Systems Berhad
Email : kianseng@mpsb.net
Mobile: +6012-5651880
Office : +603-80231880
Web : http://www.managepay.com

Empowering smes with mobile payment

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Semelhante a Empowering smes with mobile payment

Semelhante a Empowering smes with mobile payment (20)

Mais de ChunJia Sio

Mais de ChunJia Sio (7)

Último

Último (20)

Empowering smes with mobile payment