Issue 13 - January 2012
SEPA for Cards
Version 6.0 of the SEPA Cards Standardisation Volume - Book of Requirements PublishedSEPA cards standardisation continues to move forward
30.01.12 By Ugo Bechis
The objectives of a SEPA for cards will be achieved through the use of harmonised, interoperable and free standards, which are openly available to all parties within the card payment value chain. The work of the European Payments Council (EPC) and the Cards Stakeholders Group (CSG) continues to focus on a cards standardisation programme for a better, safer, more cost efficient and functionally richer card services environment, whatever the card product or scheme may be. The CSG manages the process of identifying standard requirements and implementation best practices that will promote interoperability in the SEPA cards market. In January 2012, the SEPA Cards Standardisation Volume - Book of Requirements (Cards Standardisation Volume) version 6.0 was published on the EPC Website. The document, which underwent a period of public consultation in June 2011, incorporates various updates regarding functional requirements, security requirements, certification and labelling. In this article, Ugo Bechis briefly outlines the market requirement for a SEPA cards standardisation programme and describes the stakeholders driving the activity, before offering a summary of the most recent changes and next steps.
Key Information in this Article
In January 2012, the SEPA Cards Standardisation Volume – Book of Requirements (Cards Standardisation Volume) version 6.0 was published on the EPC Website. This document defines a standard set of requirements to ensure a secure, interoperable and scalable card and terminal infrastructure across SEPA.
Changes to the Volume include:
The document is not final and should be viewed as an interim version. Future editions will take into consideration the expectations of the European public authorities, which have been indicated as being communicated during the course of 2012. The next version will also be extended, notably on security requirements – including card-not-present and innovative web payments.
Scroll to the end of the page and post a comment.
The industry requirement for card standardisation across SEPA
The SEPA Cards Standardisation Volume - Book of Requirements (Cards Standardisation Volume), defines a standard set of requirements to ensure a secure and scalable card and terminal infrastructure across the Single European Payment Area (SEPA) based on open and free standards.
The development and maintenance of the Cards Standardisation Volume is the responsibility of the Cards Stakeholders Group (CSG). In 2009, the European Payments Council (EPC) promoted the creation of the CSG together with representatives from four other sectors (retailers, vendors, processors, card schemes). The creation of this body makes it possible to recognise the expectations of a broad range of stakeholders. This is realised, in particular by ensuring the strong co-management of the processes related to the identification of standards requirements and implementation best practices that will promote interoperability within the SEPA cards market. The initiative aims to remove technical obstacles to deliver a consistent customer payment card experience across SEPA. The work also encourages process efficiency throughout the card supply chain and the highest level of card payment security.
The need to standardise this market across SEPA was reinforced by the European Economic and Financial Affairs Council (ECOFIN) in December 2009, when it requested in its conclusion on SEPA that the industry should set the conditions for further standardisation in the area of cards. This request was echoed by the European Central Bank.
Version 6.0 of the Cards Standardisation Volume - the latest updates
Since it was first launched, the Cards Standardisation Volume has undergone an annual review process to enhance and refine the requirements in line with evolving industry needs and future market developments. In January 2012, version 6.0 of the Cards Standardisation Volume was published on the EPC Website. This latest edition includes updates on functional requirements, security requirements, certification and labelling.
Chapter 4 has been enhanced as follows:
- Specific requirements for 'payment with cashback' and the recording and management of the transaction. Details are also provided on how to cancel a transaction.
- How to perform 'dynamic currency conversion' to give the cardholder the choice of currency they want to be billed in; the cardholder's currency or the card acceptor's currency.
- With regards to transaction completion and capture, requirements have been updated to incorporate payment aggregated amounts.
- An update on 'surcharging' in the merchant environment outlines that any kind of surcharge will be part of the agreed total sales amount. Therefore, the point of interaction application shall not support any specific handling of surcharging for card services.
Security requirements and certification framework.
Chapters 5 (security) and 6 (certification) continue to evolve to reflect ongoing industry discussions. These sections represent the most significant updates. This work involves the identification of standard requirements and implementation best practices that will promote interoperability in the SEPA cards market. The Cards Standardisation Volume version 6.0 has updated its security requirements to align with recent industry updates from standards bodies such as the Payment Cards Industry Security Standards Council's Data Security Standards (PCI DSS) and Common Criteria. In addition to this, changes have been made to incorporate national considerations and amendments.
This latest Cards Standardisation Volume also makes steps forward regarding the recommended process for building an agreed certification framework. SEPA certification is desired to allow vendors to sell terminal products SEPA-wide, providing reassurances to purchasers that the related security requirements have been achieved. The EPC and CSG acknowledge that whilst the process needs to be thorough in creating a secure and trusted end-to-end solution, it also needs to be streamlined and fully utilise existing approval processes already stipulated by the global payments industry.
As far as possible, the aim is to re-use industry established evaluation requirements to ensure card products in SEPA deliver ultimate interoperability and security. As this activity continues to move forward, the CSG recognises that over simplifying the process would be inefficient; there is no shortcut. Selecting and agreeing the common rules that all parties will respect as part of the SEPA certification framework takes time and the EPC continues to look to advance this activity.
The latest version reflects further discussions on the implementation of a labelling programme, which would allow stakeholders to visually show a product's functional alignment with the Cards Standardisation Volume. This version outlines the initial principles of the labelling concept as a self-assessment process that would be implemented by stakeholders. This activity still needs to be fully defined by the CSG, and the industry must identify how and who will manage the labelling process.
As with all previous versions of the Cards Standardisation Volume, the document is not final and should be viewed as an interim version. Future editions will be extended notably on security requirements - including card-not-present and innovative web payments, as well as certification.
As the Cards Standardisation Volume matures, however, there is a requirement within the marketplace to invest in accordance with its recommendations and update the document as and when needed, rather than adhere to an annual publication cycle. The EPC calls on stakeholders to continue to send suggestions and participate in the sub-groups established to ensure that the Cards Standardisation Volume can evolve in line with market needs. This open approach is key to the further development of the SEPA card market.
Ugo Bechis is the Chair of the EPC Cards Working Group.
Related articles in previous issues:
EPC Newsletter articles published in the 'SEPA for Cards' section
Other articles in this issue
30.01.12 EPC Scheme Change Management 2012 (and Beyond) - Call to Stakeholders: Stay Engaged and Prepare for Impact of SEPA Regulation - Suggestions for changes to SCT and SDD must reach the EPC by end February 2012 By Javier Santamaría 30.01.12 EPC Plenary Meeting Update - Main decisions taken in December 2011 By Gerard Hartsink 30.01.12 The History and Vision of EBICS - The EPC Newsletter series provides an overview of banking communication standards in Europe By Narinda Viguier and Axel Weiß 30.01.12 The 2012 Payment Services Directive Review: Too Much too Soon? - The European Commission must present its report on the application of the Payment Services Directive by 1 November 2012 By Ruth Wandhöfer 30.01.12 SEPA Migration: Facts and Figures - The state-of-play in January 2012 By Etienne Goosse 30.01.12 Mobile Technology Predicted to be the ATM Industry Game-Changer Over the Next Five Years - Main findings of the ATM Future Trends Report 2012 By Kim Williams 30.01.12 Reflections on Recent Contributions from the European Commission Directorate General Competition to the Innovation in Payments Debate - Seeking common ground between policy makers and technical experts By Javier Santamaría 30.01.12 Ahead of the Curve: Deutsche Post Pension Service Completes SEPA Migration - This early mover currently disburses 22.5 million SEPA payments monthly By Stefan Scheidgen (Interview) 30.01.12 Public Consultation on 2nd Edition of the EPC White Paper on Mobile Payments - EPC calls for stakeholder feedback by 23 March 2012 By Dag-Inge Flatraaker 30.01.12 SEPA Direct Debit for Billers: the SDD Business To Business Scheme Timelines - EPC Newsletter series provides support for billers preparing migration to the SDD Schemes By Javier Santamaría and Herman Segers
If you would like to comment on this article, please use the box under the headline 'Add New Comment' below. Please identify yourself with your first and last name. Please note that your name will appear next to your comment. Email addresses will not be published. Please note that by accessing or contributing to the discussion you agree to abide by the EPC Newsletter Terms and Conditions, so please read them carefully before doing so.
To receive notification when a new comment is added to this specific discussion, please subscribe to get updates by email or RSS using the links below. (These links are not available on the mobile version of the EPC Website, to subscribe by email or RSS, please visit the standard version of the EPC Website).