ITU-T Focus Group Digital Financial Services
                                                       Interoperability



               4.3    National payment council (or similar) to oversee implementation of the vision

               In many countries, central banks have established and usually chair a so-called national payments council (NPC)
               that serves as a forum for multi-stakeholder consultations. Active consultations are generally initiated as part
               of a first comprehensive attempt to modernize the NPS. These first attempts typically aim at implementing
               the basic payment and settlement infrastructure, such as a real time gross settlement system, together with
               the essential legal, regulatory and oversight infrastructure.
               In most cases though, after completion of the first set of reforms, the NPC is maintained as a regular source
               for consultations for the ongoing development of the NPS, which may include the implementation of DFS and
               effective interoperability arrangements. The NPC is also used as a tool by the central bank in connection with
               its roles as catalyst and overseer.

               The main features of an NPC are described in further detail in section IV of this document.


               4.4    Industry arrangements
               Industry arrangements are critical to foster standardization of technical aspects of payment services throughout
               the industry, as well as for the adoption of minimum product/service features, essential practices, and other
               agreements among a wide range of stakeholders.
               Technical standards are generally developed at a global level, but are implemented and enforced at the
               regional/national level. Some of the key standards in the payments industry are:

               •    Payment Card Industry Data Security Standard (PCI DSS): The PCI-DSS is designed to encourage and
                    enhance cardholder data security and facilitate the broad adoption of consistent data security measures
                    globally. PCI DSS provides a baseline of technical and operational requirements designed to protect
                    account data.  PCI DSS comprises 12 general requirements for any entity that stores, processes, or
                    transmits payment account data designed around 6 goals: build and maintain a secure network and
                    system, protect cardholder data, maintain a vulnerability management program, implement strong access
                    control measures, regularly monitor and test networks, and ensure the maintenance of information
                    security policies. The “PCI Payment Application Data Security Standard” is designed to help software
                    vendors and others develop secure payment applications. “PCI PIN Transaction Security (PTS) Point
                    of Interaction (POI) Modular Security Requirements” contain a single set of requirements for all PIN
                    terminals, including POS devices, encrypting PIN pads, and unattended payment terminals.

               •    ISO standards for payment and other financial services. ISO is the world’s largest developer of voluntary
                    international standards. Financial Services Standards are developed by the ISO Technical Committee 68.
                    Some of the most relevant standards for DFS include ISO 8583: 2003 (Financial transaction card originated
                    messages), ISO 9362: BIC (Business Identifier Code), ISO 13616: IBAN (International Bank Account
                    Number) and ISO 17442: LEI (Legal Entity Identifier).  The ISO 20022 is a standard for the development
                                                                6
                    of electronic messages. It has been applied for the development of a portfolio of messaging standards,
                    mainly for financial services, including for payment initiation, payment clearing and settlement, cash
                    management, authorities financial investigations, financial invoice, etc.  Some standards development
                                                                                7
                    projects are of specific relevance to digital financial inclusion (e.g. standards specific to mobile financial
                    services are currently being developed).
               •    EMVCo: It is a consortium of six payment brands—American Express, Discover Financial Services,
                    Japan Credit Bureau, MasterCard, UnionPay, and Visa. It was established in 1999 to facilitate worldwide
                    interoperability and acceptance of secure payment transactions by managing and evolving special
                    technical standards—the EMV Specifications—and related testing processes. Activities include card
                    and POS terminal evaluation, security evaluation, and management of interoperability issues. The EMV



               6   The complete list of standards is available at http:// www. iso. org/ iso/ home/ store/ catalogue_ tc/ catalogue_ tc_ browse. htm?
                  commid= 49650& published= on& includesc= true
               7   There are currently 325 message standards (available on www. ISO20022. org).



                10