0 ASEANFIC Jakarta 22nd May 2013 Ng Kian Seng ManagePay Group Malaysia Empowering SMEs with Mobile Payment
May 08, 2015
0
ASEANFIC Jakarta 22nd May 2013
Ng Kian Seng ManagePay Group
Malaysia
Empowering SMEs with Mobile Payment
1 Strictly Private & Confidential – Property of ManagePay Group All Rights Reserved
ManagePay N2N Secure Transaction Solution
Card Issuing Application
Card and Card Applets
EMV Card toolkits & Card Mailer Program
Personalization Service
Front Office Application
Acquiring System & Network solution covering EDCPOS Payment, Mobile POS Payment, & Internet Payment, with VAS on Loyalty System, Prepaid Top Up Solution, Billing, Voucher and Ticketing System
• CLMS – CardGain Loyalty Management System; • MPTUS - Multi-purpose Payment Top Up Solution. • MDEX– B2B2C E-Commerce Solution and Services • Sinatec Enterprise Application – ERP, POS, Mobile Applications.
Back Office Application
EMV Issuing Chip Personalization Services
(Since 2004)
EMV Acquiring Network & Terminal Services
(Since 2004)
N2N Enterprise Application for Payment Services
(Since 2000)
2 Strictly Private & Confidential – Property of ManagePay Group All Rights Reserved
ManagePay Credential
Digital Malaysia National ICT Initiative Project ManagePay Payment Service brand “MPAY”, an
Entry Point Project of Digital Malaysia Masterplan
Enabling E-Payment Services for SMEs & Micro Enterprises
Frost & Sullivan's 2012 Asia Pacific New Product Innovation of the Year Award
Mobile Electronic Payment Terminal Solution
3 Strictly Private & Confidential – Property of ManagePay Group All Rights Reserved
Mobile Payment Opportunities in Payment Acquiring Industry
Mobile Wallet Payments
Track users for offers and loyalty Promoting digital wallet over card
Mobile Proximity Payment
Mobile device as alternative to card.
MPOS (Mobile Point of Sales)
Mobile device used as merchant’s POS
Mobile Web Payment
Payment through mobile browser, or application for card non present transaction.
4 Strictly Private & Confidential – Property of ManagePay Group All Rights Reserved
What is MPOS
• Mobile as the Point of Sales. • Every mobile devices as a secured cash register • MPOS solutions allow merchants, including conventional retail merchant, door-to-door sales people, trades people, and street vendors to easily accept all available card scheme via their mobile devices.
5 Strictly Private & Confidential – Property of ManagePay Group All Rights Reserved
MPAY Mobile POS Payment Solution [MPAY is the payment brand of ManagePay]
6 Strictly Private & Confidential – Property of ManagePay Group All Rights Reserved
MPAY EMV Level 2 MPOS Solution Full EMV Mobile POS Payment Solution Cross Multiple Platforms
7 Strictly Private & Confidential – Property of ManagePay Group All Rights Reserved
MPOS Market Potential Market Research by – ReportsNReports (US based market research company)
• Forecasts that by 2017, MPOS unit is expected to grow from 4.5 million to a staggering 38 million, drive by growth in retail sector and more smartphone and card users.
• By 2017, adoption of MPOS unit over conventional POS terminals will be 46%, as opposed to 17% on 2012
– IDC (International Data Corporation) has projected 1 billion Smartphone ship globally by 2015, support growing of MPOS.
– Juniper Research has projected global mobile payment value by 2015 is around USD670 billion.
8 Strictly Private & Confidential – Property of ManagePay Group All Rights Reserved
MPOS Target Merchant Based • Require Lower Ownership and Setup Cost Merchants who find the cost of setting up and maintaining a
conventional purpose-built POS Terminal too high to allow for profitable card acceptance, particularly small merchants (SMEs or Micro Enterprises) who have low retail volume
• Doing Business on the move Merchants who need an alternative to fix telephone line due to
a lack of available infrastructure or because of the mobile nature of the merchant’s business
• Enhanced Retail ‘s Customer Experiences Merchants who wish to enhance the retail experience by shortening lines or offering product look-ups
and payment throughout the store, through flexible integration between MPOS solution with their present point-of-sale system.
• First Time Merchant Merchant who never accept card payment before, and now being offer a simple and cheap solution to
expand their business sales
*Approximately 75% of the MPOS merchant are First Time Merchant
9 Strictly Private & Confidential – Property of ManagePay Group All Rights Reserved
MPOS Vs POS Terminals Advantages of MPOS solutions versus conventional POS terminals: • Lower total cost of ownership MPOS solutions are being offered either for free or at a very low cost. Many merchants already own suitable mobile devices, so they can avoid additional costs related to purchasing, deploying, and maintaining a POS terminal. • Better mobility and greater ease of use Perfect solution for mobile merchants with no fixed place of business, doing business on the move. • More flexible software development platforms Integrate easily with existing solution or development environments for greater service and payment
experiences. • Better user interfaces Friendly and simple design make it usage friendly for merchant and consumer • Centralize cloud based application management, lower cost of maintenance Payment application managed on the cloud, all software patches, update and enhancement is easily done
through an app update on iOS AppStore, Google Android Play Store, and Windows Store. Cutting down tremendous support and maintenance cost.
10 Strictly Private & Confidential – Property of ManagePay Group All Rights Reserved
MPOS Supported Acquiring Model
• Traditional acquiring channel through Bank Direct and Card Scheme appointed ISO/MSP for member bank • Card Scheme’s TPA Model, Visa PSP (Payment Service
Provider) & Mastercard PF (Payment Facilitator) for SMEs & Micro Enterprises supporting annum sales less then USD100k per card scheme.
11 Strictly Private & Confidential – Property of ManagePay Group All Rights Reserved
MPOS Payment System Components
12 Strictly Private & Confidential – Property of ManagePay Group All Rights Reserved
MPOS Application Screen Flow
Key in amount and product description & photo (if any), then tap on PAY button
Insert card reader then insert payment card. Tap on SUBMIT button once the card reading process completed
Once the transaction approved by bank, sign on the page and tap on NEXT button GPS location being captured for further proof of transaction.
Key in the customer email address and tap on SUBMIT button to send digital payment receipt through email. (SMS is optional)
13 Strictly Private & Confidential – Property of ManagePay Group All Rights Reserved
MPOS EMV Level 1 Chip Readers
USB ICC Chip Reader (For Android & Windows) EMV Level 1
ICC Chip Reader (For iPhone, Android & Windows) EMV Level 1 with DUKPT, supporting P2PE (Point to Point encryption)
14 Strictly Private & Confidential – Property of ManagePay Group All Rights Reserved
MPOS Magstripe Readers
Imag Reader (For iPhone)
UniMag Reader (For iPhone & Android Phone)
15 Strictly Private & Confidential – Property of ManagePay Group All Rights Reserved
MPAY Mobile POS Devices Roadmap
Smart Gadgets: Mag Strip (Non-EMV) or Chip Reader (EMV L1)
Bluetooth PinPad with Chip and MagStrip Readers (EMV L1)
All-in-1 Bluetooth PinPad with Chip and MagStrip Readers (EMV L1) plus offline EMV L2 Kernel, printer and contactless reader (supports Visa PayWave, MasterCard PayPass, Touch ‘n Go)
16 Strictly Private & Confidential – Property of ManagePay Group All Rights Reserved
MPOS EMV Level2 Kernel & Application Server
• Server based EMV L2 Kernel which able to support multiple smart phone platform, i.e. iOS, Android, Windows Mobile, etc.
• Online authentication transaction only which shorten the card processing time.
• PCI-DSS Compliance on Processing, Transmitting and Storing of EMV card data is implemented compliance with PCI-DSS standards
17 Strictly Private & Confidential – Property of ManagePay Group All Rights Reserved
MPOS Security Control
• MPOS Solution must be in compliances with regulated policies and standards defined by Card Scheme & Payment Governance bodies.
• MPOS Solution must adhere to some security practices here:
i. Securing MPOS Payment Applications • Industry recognized secure coding practices • MPOS application can be activated and disabled remotely
ii. Securing Transaction Data Captured by an MPOS Card Reader • Utilize point-to-point encryption (P2PE) which encrypts transaction data within the MPOS card reader
and transmits the enciphered data via the mobile device to the MPOS remote host. No data captured at the mobile phone.
• Authentication of the MPOS application and card reader accessory to ensure that data can only originate from legitimate merchants using genuine MPOS solutions.
• Transaction data received from the MPOS solution are validated at remote host to ensure it is authentic.
iii. Securing Card Holder Data on mobile device
• No storing of card holder data in the mobile device, must be in compliances with the PCI PA-DSS standard.
* MPOS Solution is developed with strict regulated guidelines and processes, it will be discuss further in the topic on
Guidelines, Compliances and Policies.
18 Strictly Private & Confidential – Property of ManagePay Group All Rights Reserved
MPOS Dispute & Chargeback Prevention Management • Support Card Present Transaction like conventional POS terminal, for
both EMV (Chip and Sign) and Magstripe Card • Sharing similar risk with conventional POS terminal on easily
fraudulent magnetic stripe card. Acquirer manage their risk control based on present practices
• MPOS Full EMV Solution able to provide better dispute & chargeback
control features over POS terminal, such as – Allow capturing of sold product pictures and description for more
efficient dispute and fraud investigation – Allow capturing of GPS location on location of sales, firming the location
of transaction for efficient dispute and fraud investigation – Centralize secured cloud server, able to produce detail transaction report
within minutes to speed up dispute and fraud investigation
19 Strictly Private & Confidential – Property of ManagePay Group All Rights Reserved
MPOS Security Guidelines, Compliances & Policies - I
• Governance & Compliances Body – EMVCo – PCI SSC (PCI Security Standard Council) – Card Scheme such as Visa, MasterCard & AMEX
20 Strictly Private & Confidential – Property of ManagePay Group All Rights Reserved
MPOS Security Guidelines, Compliances & Policies - II
EMVCo – EMV Level 1 Cert for Reader
MPOS Reader must be EMV Level1 compliance to support EMV chip reading. Level 1 Type Approval process tests compliance with the electromechanical characteristics, logical interface, and transmission protocol requirements defined in the EMV Specifications, which covers physical, electrical and transport level interfaces.
– EMV Level 2 Cert for Kernal MPOS Application Server must support a certified EMV Level2 Kernel.
Level 2 Type Approval tests compliance with the debit/credit application requirements as defined in the EMV Specifications, which covers payment application selection and credit financial transaction processing.
21 Strictly Private & Confidential – Property of ManagePay Group All Rights Reserved
MPAY EMV Level 2 Kernel Certified by EMVCO November 2012
22 Strictly Private & Confidential – Property of ManagePay Group All Rights Reserved
MPOS Security Guidelines, Compliances & Policies - III
PCI SSC (PCI Security Standard Council)
– PCI DSS (Data Security Standard) Set of policies and procedures intended to optimize the security of credit, debit and cash card transactions and
protect cardholders against misuse of their personal information. It cover the security protection for card data Processing, Transmitting & Storing. Acquirer or Payment processors must certified with the PCI DSS Service Provider or in compliances to roll out the MPOS solution.
– PCI PA-DSS (Payment Application Data Security Standard) Provide the definitive data standard for software vendors that develop payment applications. The standard
aims to prevent developed payment applications for third parties from storing prohibited secure data including track 2 data, CVV2, PAN number, Expiry date, and PIN. MPOS on consumer devices is exempted presently from this certification but MPOS application must develop according to the standards defined.
– PCI PTS (Pin Transaction Security) Protect consumer PIN data from theft. It is also intended to enforce hardware security of devices that accept
consumer PINs and house secret encryption keys of the acquirer, including how the PIN Entry Device (PED) is produced, controlled, transported, stored and used throughout its life cycle. For country supporting chip and pin, the MPOS reader must be certified with PCI PTS since the readers comes with pin pad.
23 Strictly Private & Confidential – Property of ManagePay Group All Rights Reserved
MPAY PCI DSS Compliant
Coming Soon .. Certified Service Provider
Level 2
24 Strictly Private & Confidential – Property of ManagePay Group All Rights Reserved
MPOS Security Guidelines, Compliances & Policies - IV
MasterCard
– MTIP (MasterCard Terminal Integration Process)
Certification process to ensure the EMV Application developed able to support global mastercard transaction with MasterCard acquiring host.
– TQM (Terminal Quality Management) MasterCard Terminal Quality Management (TQM) programme guarantees acquirers that the terminals they source are consistent with the card interface module sample approved by EMVCo. The TQM process focuses on the smart card and contactless interfaces of the terminal hardware and is complementary to EMV Level 1.
– MPOS BEST PRACTICES PROGRAM (MOBILE POINT OF SALE) Solutions Self Certified Against MasterCard MPOS Best Practices
* Mastercard has developed MPOS Solution Security Guidelines, as well as MPOS best practices for both
solution and service provider and the merchants since end of 2011.
25 Strictly Private & Confidential – Property of ManagePay Group All Rights Reserved
MPAY MasterCard MPOS Program Certified May 2013
MasterCard Worldwide
THE MASTERCARD MPOS BEST PRACTICES PROGRAM
(MOBILE POINT OF SALE)
Solutions Self Certified Against MasterCard MPOS Best Practices
26 Strictly Private & Confidential – Property of ManagePay Group All Rights Reserved
MPOS Security Guidelines, Compliances & Policies - V
VISA International
– ADVT(Acquirer Device Validation Toolkit)
Certification process to ensure the EMV Application developed able to support global Visa card transaction with Visa International acquiring host.
– MPOS Ready Program Certification program by a certified Visa Test Lab, ensuring the solution adhere to
Visa security standards.
27 Strictly Private & Confidential – Property of ManagePay Group All Rights Reserved
Summary
• MPOS solution will be the catalyst in promoting
growth in the trading and retail businesses. • With the huge numbers of SMEs & Micro
Enterprises in Indonesia, and huge numbers of retail & trading transaction daily, the low cost payment devices MPOS will be choice of secure payment solution.
28 Strictly Private & Confidential – Property of ManagePay Group All Rights Reserved
Thank you
Ng Kian Seng ManagePay Systems Berhad Email : [email protected] Mobile : +6012-5651880 Office : +603-80231880 Web : http://www.managepay.com