The industry requirement for card standardisation across
The Cards Standardisation Volume - Book of Requirements (Cards Standardisation Volume), defines a standard set of requirements to ensure a secure and scalable card and terminal infrastructure across the Single European Payment Area () based on open and free standards.
The development and maintenance of the Cards Standardisation Volume is the responsibility of the Cards Stakeholders Group (CSG). In 2009, the European Payments Council () promoted the creation of the CSG together with representatives from four other sectors (retailers, vendors, processors, card schemes). The creation of this body makes it possible to recognise the expectations of a broad range of stakeholders. This is realised, in particular by ensuring the strong co-management of the processes related to the identification of standards requirements and implementation best practices that will promote interoperability within the cards market. The initiative aims to remove technical obstacles to deliver a consistent customer payment card experience across . The work also encourages process efficiency throughout the card supply chain and the highest level of card payment security.
The need to standardise this market across was reinforced by the European Economic and Financial Affairs Council (ECOFIN) in December 2009, when it requested in its conclusion on that the industry should set the conditions for further standardisation in the area of cards. This request was echoed by the European Central Bank.
Version 6.0 of the Cards Standardisation Volume - the latest updates
Since it was first launched, the Cards Standardisation Volume has undergone an annual review process to enhance and refine the requirements in line with evolving industry needs and future market developments. In January 2012, version 6.0 of the Cards Standardisation Volume was published on the Website. This latest edition includes updates on functional requirements, security requirements, certification and labelling.
Chapter 4 has been enhanced as follows:
- Specific requirements for 'payment with cashback' and the recording and management of the transaction. Details are also provided on how to cancel a transaction.
- How to perform 'dynamic currency conversion' to give the cardholder the choice of currency they want to be billed in; the cardholder's currency or the card acceptor's currency.
- With regards to transaction completion and capture, requirements have been updated to incorporate payment aggregated amounts.
- An update on 'surcharging' in the merchant environment outlines that any kind of surcharge will be part of the agreed total sales amount. Therefore, the point of interaction application shall not support any specific handling of surcharging for card services.
Security requirements and certification framework.
Chapters 5 (security) and 6 (certification) continue to evolve to reflect ongoing industry discussions. These sections represent the most significant updates. This work involves the identification of standard requirements and implementation best practices that will promote interoperability in the cards market. The Cards Standardisation Volume version 6.0 has updated its security requirements to align with recent industry updates from standards bodies such as the Payment Cards Industry Security Standards Council's Data Security Standards (PCI DSS) and Common Criteria. In addition to this, changes have been made to incorporate national considerations and amendments.
This latest Cards Standardisation Volume also makes steps forward regarding the recommended process for building an agreed certification framework. certification is desired to allow vendors to sell terminal products -wide, providing reassurances to purchasers that the related security requirements have been achieved. The and CSG acknowledge that whilst the process needs to be thorough in creating a secure and trusted end-to-end solution, it also needs to be streamlined and fully utilise existing approval processes already stipulated by the global payments industry.
As far as possible, the aim is to re-use industry established evaluation requirements to ensure card products in deliver ultimate interoperability and security. As this activity continues to move forward, the CSG recognises that over simplifying the process would be inefficient; there is no shortcut. Selecting and agreeing the common rules that all parties will respect as part of the certification framework takes time and the continues to look to advance this activity.
The latest version reflects further discussions on the implementation of a labelling programme, which would allow stakeholders to visually show a product's functional alignment with the Cards Standardisation Volume. This version outlines the initial principles of the labelling concept as a self-assessment process that would be implemented by stakeholders. This activity still needs to be fully defined by the CSG, and the industry must identify how and who will manage the labelling process.
As with all previous versions of the Cards Standardisation Volume, the document is not final and should be viewed as an interim version. Future editions will be extended notably on security requirements - including card-not-present and innovative web payments, as well as certification.
As the Cards Standardisation Volume matures, however, there is a requirement within the marketplace to invest in accordance with its recommendations and update the document as and when needed, rather than adhere to an annual publication cycle. The calls on stakeholders to continue to send suggestions and participate in the sub-groups established to ensure that the Cards Standardisation Volume can evolve in line with market needs. This open approach is key to the further development of the card market.
Ugo Bechis is the Chair of the Cards Working Group.
Related articles in previous issues:
Newsletter articles published in the 'SEPA for Cards' section
If you would like to comment on this article, please identify yourself with your first and last name. Your name will appear next to your comment. Email addresses will not be published. Please note that by accessing or contributing to the discussion you agree to abide by the EPC website conditions of use.