Page 20 - ITU-T Focus Group Digital Financial Services – Interoperability
P. 20
ITU-T Focus Group Digital Financial Services
Interoperability
4.3 National payment council (or similar) to oversee implementation of the vision
In many countries, central banks have established and usually chair a so-called national payments council (NPC)
that serves as a forum for multi-stakeholder consultations. Active consultations are generally initiated as part
of a first comprehensive attempt to modernize the NPS. These first attempts typically aim at implementing
the basic payment and settlement infrastructure, such as a real time gross settlement system, together with
the essential legal, regulatory and oversight infrastructure.
In most cases though, after completion of the first set of reforms, the NPC is maintained as a regular source
for consultations for the ongoing development of the NPS, which may include the implementation of DFS and
effective interoperability arrangements. The NPC is also used as a tool by the central bank in connection with
its roles as catalyst and overseer.
The main features of an NPC are described in further detail in section IV of this document.
4.4 Industry arrangements
Industry arrangements are critical to foster standardization of technical aspects of payment services throughout
the industry, as well as for the adoption of minimum product/service features, essential practices, and other
agreements among a wide range of stakeholders.
Technical standards are generally developed at a global level, but are implemented and enforced at the
regional/national level. Some of the key standards in the payments industry are:
• Payment Card Industry Data Security Standard (PCI DSS): The PCI-DSS is designed to encourage and
enhance cardholder data security and facilitate the broad adoption of consistent data security measures
globally. PCI DSS provides a baseline of technical and operational requirements designed to protect
account data. PCI DSS comprises 12 general requirements for any entity that stores, processes, or
transmits payment account data designed around 6 goals: build and maintain a secure network and
system, protect cardholder data, maintain a vulnerability management program, implement strong access
control measures, regularly monitor and test networks, and ensure the maintenance of information
security policies. The “PCI Payment Application Data Security Standard” is designed to help software
vendors and others develop secure payment applications. “PCI PIN Transaction Security (PTS) Point
of Interaction (POI) Modular Security Requirements” contain a single set of requirements for all PIN
terminals, including POS devices, encrypting PIN pads, and unattended payment terminals.
• ISO standards for payment and other financial services. ISO is the world’s largest developer of voluntary
international standards. Financial Services Standards are developed by the ISO Technical Committee 68.
Some of the most relevant standards for DFS include ISO 8583: 2003 (Financial transaction card originated
messages), ISO 9362: BIC (Business Identifier Code), ISO 13616: IBAN (International Bank Account
Number) and ISO 17442: LEI (Legal Entity Identifier). The ISO 20022 is a standard for the development
6
of electronic messages. It has been applied for the development of a portfolio of messaging standards,
mainly for financial services, including for payment initiation, payment clearing and settlement, cash
management, authorities financial investigations, financial invoice, etc. Some standards development
7
projects are of specific relevance to digital financial inclusion (e.g. standards specific to mobile financial
services are currently being developed).
• EMVCo: It is a consortium of six payment brands—American Express, Discover Financial Services,
Japan Credit Bureau, MasterCard, UnionPay, and Visa. It was established in 1999 to facilitate worldwide
interoperability and acceptance of secure payment transactions by managing and evolving special
technical standards—the EMV Specifications—and related testing processes. Activities include card
and POS terminal evaluation, security evaluation, and management of interoperability issues. The EMV
6 The complete list of standards is available at http:// www. iso. org/ iso/ home/ store/ catalogue_ tc/ catalogue_ tc_ browse. htm?
commid= 49650& published= on& includesc= true
7 There are currently 325 message standards (available on www. ISO20022. org).
10