On 25 June 2018, the European Payments Council (EPC) updated its mobile contactless SEPA card payments interoperability implementation guidelines. The document defines implementation guidelines for mobile contactless SEPA card payments (MCPs) reflecting the current state of the art at the time of writing while being brand and implementation model agnostic.
The document focuses on interoperability between the different stakeholders involved in the MCP ecosystem. In particular, they address the interoperability aspects related to the MCP application life cycle management. Furthermore, they cover some aspects of the technical interoperability of an MCP transaction, including a number of options, which are at the discretion of the MCP issuers and acquirers. The document covers three types of secure elements in the mobile phone to store the MCP application, namely the universal integrated circuit card (UICC), the embedded secure elements and embedded UICC, in addition to host card emulation based solutions.
The document contains a number of chapters and annexes as follows:
- chapter 1 provides the vision on MCPs related to the SEPA card payment as well as the scope and the objectives of the document;
- chapter 2 defines the high-level principles;
- chapter 3 provides a short description of MCPs while introducing the different participants in the ecosystem. Additionally, it gives a high-level overview of the different phases involved in an MCP;
- chapter 4 describes the different service models, along with their advantages and main challenges. The analysis takes into account the stakeholders involved in MCPs;
- chapter 5 provides a description of the required processes for the life cycle management of an MCP;
- chapter 6 covers different aspects of the MCP application itself such as authentication, authorisation, cardholder verification and risk management. It also includes detailed descriptions of MCP use cases;
- chapter 7 provides an overview on the overall MCP architecture and the different standard and industry bodies involved in the MCP ecosystem. In addition, it provides insight into the technical infrastructure needed, including the different components in the MCP architecture;
- overall conclusions on MCPs are set out in chapter 8;
- Annex A provides an overview of the relevant regulatory documents;
- Annex B gives examples of MCP life cycle management for a number of models;
- Annex C describes examples of MCP life cycle use cases based on the process specified in section 5;
- Annex D illustrates via an example the construction of the proximity payment system environment; and
- Annex E gives an overview of the different organisations involved in the multi-stakeholder group that developed the document.