SEPA Vision for Cards
SEPA Cards Standardisation Volume Version 7.1
On 8 December 2015, the European Payments Council (EPC) together with the Cards Stakeholders Group (CSG) published version 7.1 of the Single Euro Payments Area (SEPA) Cards Standardisation Volume. This document defines a standard set of requirements to enable an interoperable and scalable card and terminal infrastructure across SEPA, based on open international card standards. The CSG is a multi-stakeholder body representing retailers, vendors, processors, card schemes and the EPC. Created in 2009, the CSG develops and maintains the SCS Volume, and focuses on a cards standardisation programme that will create a better, safer, more cost efficient and functionally richer card services environment, whatever the card product or scheme may be.
The rationale for harmonised cards standardisation requirements in SEPA
The European Union authorities driving forward the SEPA programme identified the need to create harmonised cards standardisation requirements throughout all countries across SEPA early in the process of integrating the market for electronic euro payments. In response to these expectations retailers, vendors, processors, card schemes and the EPC jointly created the CSG in 2009. The CSG focuses on a cards standardisation programme that will create a better, safer, more cost efficient and functionally richer card services environment, whatever the card product or scheme may be. The CSG develops and maintains the SCS Volume.
Implementation of common standardisation requirements detailed in the SCS Volume will promote interoperability and foster competition in the SEPA cards domain. For retailers, vendors and payment service providers, the version 7.1 requirements will bring benefits to the planning and stability of investments on terminals and on cards, usually made with a five to seven year perspective and even beyond. Cost savings and stability are relevant in the physical card environment to favour cheaper, easier and broader acceptance both at national and cross-border levels. Cardholders, i.e. consumers, will benefit from increased security, transparency and indirect cost reduction expected from standardisation. Improved interoperability will facilitate a consistent customer payment card experience across SEPA.
Updates relating to release 7.1 of the Volume
Version 7.1 of the SCS Volume, released in December 2015, extends the scope of the Volume. It includes the following new elements:
- Functional and security requirements applicable to card-not-present (also referred to as ‘remote’) payments. These payments are initiated in the context of electronic and mobile commerce, by mail and telephone order. Considering their development, they are for the first time covered in the Volume.
- A cards processing framework (new book), which defines business principles and requirements for market access and participation in card payment processing services. The main objective of this framework, which was created following a suggestion by the European Central Bank, is to facilitate an open and transparent market.
- Additional requirements and modifications reflecting the CSG’s analysis of the impact of certain provisions of the 2015 European Regulation on interchange fees for card-based payment transactions entering into force in June 2016.
In line with the EPC and CSG’s commitment to stakeholders’ involvement, this release of the Volume was subjected to a public consultation earlier in 2015.
Requirements published in the previous Volume, 7.0 version, applicable to card-present transactions, and the related implementation timeline, remain unchanged.
Though the conformance with the Volume is not mandatory, it is an essential piece of the cards industry self-regulation. All interested parties active in the card industry are expected to get ready for market implementation of version 7.1 of the Volume by December 2018.
Documentation pertaining to the SCS Volume version 7.1
The SCS Volume version 7.1 consists of seven separate books:
- Book 1 - ‘General’ highlights the relevance of harmonised standardisation requirements to achieve a SEPA for cards. It offers an introduction to the content and structure of the SCS Volume, addressing the information needs of both experts in the field and other parties interested in the subject. It reflects the document change history and the principles governing the maintenance process. Book 1 also includes the definitions of terms used in the SCS Volume.
- Book 2 - ‘Functional Requirements’ details requirements applicable to transactions initiated with a card, which result in the provision of the different services to the cardholder referred to in this book. Book 2 enables a card system specialist to identify the operational requirements in the domain that need to be addressed to facilitate harmonisation. To improve the interoperability of cards and terminals, the book also refers to and enhances EMV standards and shows how to use these in conformance with the various services requirements described.
- Book 3 - ‘Data Elements’ supports the new card message standards defined in ISO (International Organization for Standardization) (i.e. 20022). It allows card schemes, issuers and acquirers to easily identify enhancements and comparisons with earlier ISO releases. In addition, the data within Book 3 is available within a separate spreadsheet which can assist in the design of related system architecture for implementation. This promotes the harmonisation of existing protocols with both the SCS Volume and the ISO 20022 card message authorisation and clearing standards. Book 3 serves as a major enabling factor to achieve technical interoperability in the area of processing based on the most advanced global message standards available.
- Book 3 Data Elements Spreadsheet sets out the data elements described in Book 3 of the SCS Volume version 7.1. This separate spreadsheet can assist in the design of related system architecture for implementation and promotes the harmonisation of existing protocols with both the SCS Volume and the ISO 20022 card message authorisation and clearing standards.
- Book 4 - ‘Security’ defines requirements in order to achieve a “single common set of SEPA card security requirements and technical specifications”. The Book 4 single security requirements refer to PCI (Payment Card Industry) international card security standards. This ‘toolbox’ enables system developers and security professionals to easily identify and implement a single harmonised set of security requirements in a consistent way. SEPA card single security requirements are key to maintaining trust in card payments and to making security a pro-competitive factor to the benefit of all stakeholders in the card industry.
- Book 5 - ‘Conformance Verification Processes’ defines the methods which allow to verify actual conformance with the SCS Volume requirements of a given card or terminal product or device.
- Based on those requirements, an implementation specification is developed, which allows a solution provider (e.g. a point of sale vendor) to develop products (e.g. a point of interaction terminal) against it. The conformance of a product towards an implementation specification is controlled by the certification process.
- The labelling process, which is optional, verifies that an implementation specification and its environment conform to the requirements of the SCS Volume.
- Type approval is defined as a final validation, performed by an approval body, before the product or solution may be deployed and used.
- Book 6 - ‘Implementation Guidelines’ defines a convergence path; i.e. a migration towards unique standard requirements and references.
- Book 7 - ‘Cards Processing Framework’ (a new book) defines business principles and requirements for market access and participation in card payment processing services. The main objective of this framework is to facilitate an open and transparent market.
These documents can be downloaded individually or together included in a zip file (see links below).
The concept of voluntary conformance with the SCS Volume
There is no legal obligation to implement the standardisation requirements detailed in the SCS Volume. Achieving conformance with the SCS Volume is a voluntary process. The CSG specifically opted for the concept of conformance rather than compliance considering that alignment in SEPA with the SCS Volume is a voluntary decision by players active in the cards domain, and is not an obligation. Voluntary conformance of players active in the SEPA cards domain with the standardisation requirements detailed in the SCS Volume is comparable to what was done in Europe to achieve migration to EMV. (EMV is an industry standard to implement chip and personal identification number (PIN) security for card transactions to combat fraud.) In 2004, the industry made the voluntary commitment to migrate cards, points of sale (POS, i.e. terminals), and automated teller machines (ATMs) to EMV for security reasons.
Conformance with the SCS Volume based on self-declaration
Conforming to the standardisation requirements detailed in the SCS Volume version 7.1 reflects the voluntary self-declaration of a player active in the cards domain. To illustrate this: if a terminal manufacturer decides that their products and services will conform to the SCS Volume, (e.g. for commercial reasons), it implies that the manufacturer will undertake a process of alignment with all the relevant requirements that correspond to its activity. In this case, the manufacturer must ensure that the terminal passes the functional testing and certification processes necessary, as well as type approval by the card schemes. If and when a terminal meets the SCS Volume requirements based on these criteria, it may be termed ‘Volume-conformant’.
Maintenance of the SCS Volume
The SCS Volume consists of a series of separate books. This structure will facilitate future issuing of updated versions of the SCS Volume with amendments only to individual books as required. The SCS Volume structure also provides for the option to integrate further books addressing aspects other than those reflected in version 7.1. A full release of the SCS Volume, where all books are reviewed by the CSG expert teams and updated, occurs every three years. Each full release will undergo a three-month public consultation period. The publication of the next full release of the SCS Volume is foreseen in 2017.
There may be the need to review certain aspects of a particular book in the interim due to reasons decided by the CSG or to align the SCS Volume with new regulatory requirements. These smaller individual changes to certain aspects of a book or books will be released as part of a yearly bulletin. Yearly changes, announced in the form of a bulletin, undergo a shorter, one-month, market consultation. The implementation timelines for any changes to the SCS Volume released as part of a yearly bulletin will be simultaneously communicated.
EPC technical documents
- Book 1 - General - SEPA Cards Standardisation Volume Version 7.1
- Book 2 - Functional Requirements - SEPA Cards Standardisation Volume Version 7.1
- Book 3 - Data Elements - SEPA Cards Standardisation Volume Version 7.1
- Book 3 - Data Elements Spreadsheet - SEPA Cards Standardisation Volume Version 7.1
- Book 4 - Security - SEPA Cards Standardisation Volume Version 7.1
- Book 5 - Conformance Verification Processes - SEPA Cards Standardisation Volume Version 7.1
- Book 6 - Implementation Guidelines - SEPA Cards Standardisation Volume Version 7.1
- Book 7 - Cards Processing Framework - SEPA Cards Standardisation Volume Version 7.1
- SEPA Cards Standardisation Volume Version 7.1 ZIP Format