EPC and Cards Stakeholders Group Publish the SEPA Cards Standardisatio...

EPC and Cards Stakeholders Group Publish the SEPA Cards Standardisation Volume Ready for Market Implementation

10 January 14

Share This

On 7 January 2014, the , representing the European banking industry in relation to payments, together with the Cards Stakeholders Group (CSG) published version 7.0 of the Single Euro Payments Area ( ) Cards Standardisation Volume (the SCS Volume), ready for market implementation. This document defines a standard set of requirements to ensure an interoperable and scalable card and terminal infrastructure across , based on open international card standards. The SCS Volume does not establish specifications or standards as such, but rather sets (functional and security) standardisation requirements, which refer to existing international standards established by, for example, ISO (International Organization for Standardization), EMVCo (initially Europay MasterCard Visa) and PCI SCC (Payment Card Industry Security Standards Council). The version 7.0 of the SCS Volume is a major achievement reflecting a unique multi-stakeholder effort in the area of cards.

The CSG is a multi-stakeholder body representing retailers, vendors, processors, card schemes and the . Created in 2009, the CSG develops and maintains the SCS Volume, and focuses on a cards standardisation programme that will create a better, safer, more cost efficient and functionally richer card services environment, whatever the card product or scheme may be.

Following the public consultation on the provisionary version 6.5 of the SCS Volume in June and July 2013, the CSG has processed more than 2,000 comments received from market participants. The six books of the SCS Volume version 7.0 cover a set of requirements applicable to card-present (face-to-face) transactions to allow investment decisions and implementation based on stable requirements. All stakeholders and interested parties active in the cards domain are encouraged to roll out services and products in line with the requirements set out in version 7.0 of the SCS Volume in a three-year period, i.e. by January 2017. This means: the SCS Volume requirements for card-present transactions are to be met for new cards and terminals being introduced in the market as from 2017.

The documentation relevant to version 7.0 of the SCS Volume is available on the Website (see link below).

The rationale for harmonised cards standardisation requirements in

The European Union authorities driving forward the programme identified the need to create harmonised cards standardisation requirements throughout all countries across early in the process of integrating the market for electronic euro payments. This was reinforced by the European Economic and Financial Affairs Council, representing Member States, when it requested that the industry should set the conditions for further standardisation in the area of cards (see link below). This request was repeatedly echoed by the European Central Bank.

In response to these expectations retailers, vendors, processors, card schemes and the jointly created the CSG. The dialogue taking place in the CSG ensures the open and constructive co-management of the processes related to the identification of common standards requirements and implementation of best practices compliant with such requirements. The CSG encourages process efficiency throughout the card supply chain and, last but not least, adherence to the highest level of card payment security.

Implementation of common standards requirements detailed in the SCS Volume will promote interoperability and foster competition in the cards domain. On the supply side, the version 7.0 requirements will bring benefits to the planning and stability of investments on terminals and on cards by market players, usually made with a five to seven year perspective and even beyond. Cost savings and stability are relevant in the physical card environment to favour cheaper, easier and broader acceptance both at national and cross-border levels. Cardholders, i.e. consumers, will benefit from increased security, transparency and indirect cost reduction expected from standardisation. Improved interoperability will facilitate a consistent customer payment card experience across .

The concept of voluntary conformance with the SCS Volume

There is no legal obligation to implement the standardisation requirements detailed in the SCS Volume. Achieving conformance with the SCS Volume is a voluntary process. The CSG specifically opted for the concept of conformance rather than compliance considering that alignment in with the SCS Volume is a voluntary decision by players active in the cards domain, and is not an obligation. Voluntary conformance of players active in the cards domain with the standards requirements detailed in the SCS Volume is comparable to what was done in Europe to achieve migration to EMV. (EMV is an industry standard to implement chip and personal identification number (PIN) security for card transactions to combat fraud.) In 2004, the industry made the voluntary commitment to migrate cards, points of sale (POS; i.e. terminals), and automated teller machines (ATMs) to EMV for security reasons.

Conformance with the SCS Volume based on self-declaration

Conforming to the standardisation requirements detailed in the SCS Volume version 7.0 reflects the voluntary self-declaration of a player active in the cards domain. To illustrate this: if a terminal manufacturer decides that their products and services will conform to the SCS Volume, (e.g. for commercial reasons), it implies that the manufacturer will undertake a process of alignment with all the relevant requirements that correspond to its activity. In this case, the manufacturer must ensure that the terminal passes the functional testing and certification processes necessary, as well as type approval by the card schemes. If and when a terminal meets the SCS Volume requirements based on these criteria, it may be termed ‘Volume-conformant’.

Structure and maintenance of the SCS Volume

The SCS Volume version 7.0 consists of six separate books. This structure will facilitate future issuing of updated versions of the SCS Volume with amendments only to individual books as required, such as including card-not-present (i.e. mail orders, telephone orders and e- and m-commerce) functional and security requirements. The SCS Volume structure also provides for the option to integrate further books addressing aspects other than those reflected in version 7.0. A full release of the SCS Volume, where all books are reviewed by the CSG expert teams and updated, occurs every three years. Each full release will undergo a thee-month public consultation period. The publication of the next full release of the SCS Volume after version 7.0 is foreseen in 2017.

There may be the need to review certain aspects of a particular book in the interim due to reasons decided by the CSG or to align the SCS Volume with new regulatory requirements. These smaller individual changes to certain aspects of a book or books will be released as part of a yearly bulletin. Yearly changes, announced in the form of a bulletin, undergo a shorter, one-month, market consultation. The implementation timelines for any changes to the SCS Volume released as part of a yearly bulletin will be simultaneously communicated.

To reiterate: the card-present requirements published with version 7.0 of the SCS Volume in January 2014 are stable for implementation purposes and subject to a three-year maintenance cycle barring unforeseeable events that would require any changes such as, for example, regulatory developments impacting card-present requirements.

Inclusion of security requirements for remote payments with future update of the SCS Volume

The SCS Volume security requirements for remote payments were on a separate public consultation in July to August 2013. It is planned to include card-not-present functional and security requirements in an SCS Volume related books update in 2015. This is in line with feedback received during the public consultation indicating the need for further in-depth dialogue on the topic. This approach also ensures consistency with new rules expected to be defined by the European authorities in the course of 2014. The timeline to implement the security requirements for remote payments will be communicated when these will be published, taking into account relevant regulatory initiatives. Once the harmonisation exercise is also concluded on card-not-present requirements, it is expected to promote development and innovation for both e- and m-commerce and e- and m-payments.

Related links:

Your reactions

If you would like to comment on this article, please identify yourself with your first and last name. Your name will appear next to your comment. Email addresses will not be published. Please note that by accessing or contributing to the discussion you agree to abide by the EPC website conditions of use.