Mobile Financial Services Terms Explained: Source: Mobey Forum Collected and Maintained By: Dr. Hosam Abou Eldahab
Mobile Financial Services Terms Explained: Source: Mobey Forum Collected and Maintained By: Dr. Hosam Abou Eldahab
Terms Explained
Payer (or The payer is an individual that initiates a payment transaction, which is processed
Sender) through a payment provider. The payment can be initiated over various channels
including the mobile channel.
Payment The payment network is an existing payment system, over which payment transactions
Network are completed for example an Automated Clearing House (ACH) or a clearing service for
moving funds across bank accounts or payment card networks such as Visa, Amex or
MasterCard.
Payment Payment service providers are companies (such as banks, financial institutions or mobile
Service network operators) that hold a license to provide payment services.
Provider The official and full definition of Payment Service Providers describes the bodies referred
to in Article 1 of Directive 2007/64/EC of the European Parliament and of the Council of
13 November 2007 on payment services in the internal market, legal and natural persons
benefiting from the waiver under Article 26 of the aforementioned. US-based on-line
payment service providers are supervised by the Financial Crimes Enforcement Network
(or FinCEN), a bureau of the United States Department of the Treasury that collects and
analyzes information about financial transactions in order to combat money laundering,
terrorist financiers, and other financial crimes.
Point of Sale A point of sale (POS) terminal holds the hardware and software needed to accept
(POS) payments. The point of sale system manages the selling process with a salesperson-
accessible interface. Further information: EMVCo
Single Euro The Single Euro Payments Area (SEPA) stands for the European Union (EU) payments
Payments integration initiative. The SEPA vision was set out by EU governments in the Lisbon
Area (SEPA) Agenda, March 2000, which aims to make Europe more dynamic and competitive.
Following the introduction of euro notes and coins in 2002, the political drivers of the
SEPA initiative - EU governments, the European Commission and the European Central
Bank (ECB) - have focused on the integration of the euro payments market. Since then,
the political drivers have called upon the payments industry to bolster the common
currency, by developing a set of harmonised payment schemes and frameworks for
electronic euro payments.
Integrating the multitude of existing national euro credit transfer and euro direct debit
schemes into a single set of European payment schemes is a natural step towards
making the euro a single and fully operational currency.
Creating a SEPA for cards aims at ensuring a consistent customer experience when
making or accepting payments with cards throughout the euro area.
Last but not least, the SEPA programme seeks to incentivise increased use of electronic
payment instruments, while reducing the cost of wholesale cash distribution.
SEPA currently consists of the EU Member States plus Iceland, Norway, Liechtenstein,
Switzerland and Monaco. Within SEPA, bank customers can make electronic euro
payments across these countries under the same basic rights and obligations. Further
information: EPC, ECB, EC
Tokenisation Tokenization refers to a process by which a piece of sensitive data, such as a credit card
number, is replaced by a surrogate value known as a token. The sensitive data still
generally needs to be stored securely at one centralized location for subsequent
reference and requires strong protections around it. The security of a tokenization
approach depends on the security of the sensitive values and the algorithm and process
used to create the surrogate value and map it back to the original value.
Source: Gartner
3. Terms for Different Transaction Types
Term Description
Business-to- B2B transactions are payments or fund transfers between two businesses. These can be
Business payments for goods and services.
(B2B)
transactions
Business-to- B2P transactions are payments or fund transfers from a business to a person, including
Person (B2P) but not limited to salary payments.
transactions
Government- G2P transactions are payments or fund transfers from a government body to a person,
to-Person for example welfare, and other social benefits payments.
(G2P)
transactions
Person-to- A P2B transaction can be defined as individual person making payments to businesses
Business (P2B) for physical or digital goods and services.
transactions
Person-to- P2G transactions are payments or funds transfers from a person to a government body,
Government for example tax payments and levies.
(P2G)
transactions
Person-to- In the context of mobile financial services, P2P transactions refer to the payment of
Person (P2P) funds from one individual to another using a mobile device. P2P transactions are also
transactions referred to as mobile money transfers (MMT).
4. Terms for Mobile Financial Services
Term Description
Authentication The provision of assurance of the claimed entity or of data origin.
Authentication The method used for the authentication of an entity or data origin.
Method
Authenticator A security factor used in an authentication method. Typical examples are tokens,
mobile codes and passcodes.
Dynamic An authentication method that uses cryptography or other techniques to create a one-
Authentication per-transaction authenticator. This dynamic authenticator changes randomly with each
transaction.
Static An authentication method that always uses the same authenticator.
Authentication
Strong An authentication method that involves at least two independent authenticators (i.e.
Authenticator something the user knows, possesses or is)
Strong A dynamic authentication method that involves at least two independent
Dynamic authenticatiors (i.e. something the user knows, possesses or is)
Authentication
Authentication An exchange of evidence from a first entity to a second entity that provides enough
- One-Way information to the second entity that they believe the first entity is who/what they
claim to be. This evidence is usually classified as either: 1) something-you-know such as
a password or PIN 2) something-you-have such as a mobile device or smart card and 3)
something-you-are such as a fingerprint or other unique biometric identifier. Further
information: FFIEC
Authentication An exchange of evidence as in one-way authentication (explained above), but to both
– Mutual (Two- directions: from a first entity to a second entity (One-Way) and back (Two-Way).
Way)
Debit Account An individual account used to make purchases with one’s own money. This account
type is usually directly provided by a financial institution. The individual account funds
all financial transactions.
Prepaid An account funded in some manner prior to transaction use.
Account
Cardless ATM Instead of the account holder inserting their card into the cash machine, the account
Withdrawal holder can obtain a withdrawal code through user preferred interface the bank
supports for this process, but in most cases it will involve the mobile device. The
account holder then typically enters their mobile number and the withdrawal code in
order to obtain the funds.
Credit Account An account, provided by a financial institution, merchant, or third party, that provides
funding and accumulates financial transactions that enables the account holder to
purchase goods and services and pay for them later. At some point in time, the account
provider and funder requests payment from the account holder. If partial payment is
provided, unpaid portions are owed by the account holder to the account provider with
agreed additional interest amounts.
Stored Value A Stored Value Account is a balance managed on a secure server for a user and
Account (SVA) commonly a much lighter type of account compared to a full bank account. SVAs often
share the characteristics of low balance, low value transactions, and high number of
accounts. The funds corresponding to the balances in the SVAs are covered in an
omnibus account held by the responsible financial institution.
Mobile Mobile banking in its simplest form lets a user retrieve the balance of an account, a
Banking small number of the recent transactions, and transfer funds in-between accounts that
(mBanking, m- the user holds. In the widest of senses mobile banking is advanced enough to replace
Banking) the entire suite of service offered through a bank’s branch and internet banking
services.
Mobile Mobile Commerce is the delivery of electronic commerce capabilities directly into the
Commerce consumer´s device, anywhere, anytime via cellular and wireless networks. Source:
(mCommerce, Global Mobile Commerce Forum]
m-Commerce)
Mobile Mobile financial services is an umbrella term used to describe any financial service that
Financial is provided using a mobile device.
Services (MFS)
Mobile Mobile Payments are payments for which the data and instruction are initiated,
Payments transmitted or confirmed via a mobile device. This can apply to online or offline
(mPayments, purchases of services and digital or physical goods as well as P2P payments, including
m-Payments) transfer of funds. Mobile payments are often divided into two main categories;
proximity payments and remote payments. However, the two are converging as neither
is tied to a specific technology.
Mobile POS A mobile point-of-sale (mPOS) refers to using a consumer mobile device (ie
(mPOS) smartphones, tablets) to facilitate payments and enable acceptance of payment
instruments such as credit cards, debit cards and/or cash. mPOS devices leverage both
hardware and software components to allow a merchant or individual to accept
payments. To support the various card reading modalities (magnetic stripe, Chip and
NFC/Contactless) some form of add-on physical hardware such as a sleeve, dongle or
card reader is typically required.
Mobile Wallet Mobile wallet refers to the functionality on a mobile device that can interact securely
(mWallet, m- with digitized valuables. It includes the ability to use a mobile device to conduct
Wallet) commercial transactions in the physical world.
A mobile wallet may reside on a mobile device or on a remote network/secure server.
Alongside the ability to undertake payments, the Mobile Wallet may contain other
content, such as identity, commerce and banking services, transport and other tickets,
retail vouchers and loyalty programmes.
Further information: Mobey Forum, GSMA
Social location Social location services combine social network traits with real-world locations. Users
services can “check-in” to locations and users following them will get a notification about this.
Some services assign points for different actions and show leader boards amongst
friends. Businesses are encouraged to claim their venues and use these social location
services to track, build and reward loyalty with their customers. Rewards take different
forms and could be discounts on purchases or giving the nth product for free.
5. Terms for Mobile Proximity Payments
Term Description
MIFARE™ MIFARE™ is a trademark of NXP Semiconductors and refers to a series of chips used in
contactless smart cards. MIFARE™ has been used in most of the contactless smart card
fare collection projects worldwide.
Mobile Mobile proximity payments (in contrast to remote payments) are transactions that
proximity require that the payment device (contactless card, token, phone) is in close proximity to a
payment payment terminal. For example, in NFC payments a consumer waves, taps or touches
their mobile payment device to communicate with a merchant’s point of sale terminal to
pay for goods or services. These types of contactless transactions use short-range wireless
frequences and do not use the cellular network of a mobile network operator. Currently
the most strongly emerging technology standard for proximity payments is near field
communication (NFC). This technology brings the feature of contactless cards to mobile
devices.
Other technologies like Bluetooth, QR, barcodes, infrared or voice recognition can also be
used and have the advantage of not requiring an NFC enabled device.
Near Field NFC Forum proposed definition. NFC complements many popular consumer level wireless
Communicati technologies, by utilizing the key elements in existing standards for contactless card
on (NFC) technology (ISO/IEC 14443 A&B and JIS-X 6319-4). NFC can be compatible with existing
contactless card infrastructure and enables a consumer to utilize one device across
different systems.
Extending the ability of the contactless card technology, NFC also enables devices to
share information at a distance less than 4 centimeters with a maximum communication
speed of 424kbps. Users can share business cards, make transactions, access information
from smart posters or provide credentials for access control systems with a simple touch.
NFC’s bidirectional communication ability is ideal for establishing connections with other
technologies by the simplicity of touch. For example if the user wants to connect their
mobile device to their stereo to play media, they can simply touch the device to the
stereo’s NFC touch point and the devices will negotiate the best wireless technology to
use. Further information: EMVCo, ISO, NFC Forum
NFC enabled An NFC-enabled device is a device that is capable of performing near field
device communication. Source: NFC Forum
Over-the-Air Over-the-air (OTA) provisioning is the ability to download and manage content on a
(OTA) device over a cellular or wireless network. In the context of mobile proximity payments
provisioning this applies especially to the over-the-air personalisation and life cycle management of a
payment instrument in the secure element in a mobile device. This process is commonly
executed through the mediation of a Trusted Service Manager (TSM), employing cellular
and wireless networks to reach the mobile device.
Point of Point of Interaction is the intitalpoint where data is enterd into the payment system. POI
Interaction can be physical or virtual, while a POS is always physical. POI can is often used for
(POI) electronic or mobile commerce.
Secure A secure element is a platform or a device used to securely store application-critical data
Element (SE) (such as secret keys). A secure element will host a number of secure element
applications, also known as applets. These applications are often installed, personalised
and managed over-the-air. Examples of secure element form factors in mobile devices
include UICC (SIM card), embedded SE (eSE) chip cards and (micro) SD cards. Owing to
space limitations on the SE of UICC, it is usual to mediate between the end-user and the
SE applet through a mobile application (app). In other words, an app is needed to provide
the user interface (UI) to the SE applet – although the interaction may be confined to very
simple matters such as activation/deactivation. Further information: EMVCo,
GlobalPlatform, GSMA
Trusted An execution environment that runs alongside but isolated from an REE (run-time
Execution execution environment). A TEE has security capabilities and meets certain security-related
Environment requirements: It protects TEE assets from general software attacks, defines rigid
(TEE) safeguards as to data and functions that a program can access, and resists a set of defined
threats. There are multiple technologies that can be used to implement a TEE, and the
level of security achieved varies accordingly. Further information: GlobalPlatform
Trusted A trusted service manager (TSM) is a role typical in a near field communication
Service ecosystem, where hardware secure element is in use. The trusted service manager acts as
Manager a neutral broker that sets up business agreements and technical connections with mobile
(TSM) network operators, mobile device manufacturers or other entities controlling the secure
element (SE) on mobile devices. The trusted service manager enables service providers
(SPs) to distribute and manage contactless applications remotely by allowing controlled
access to the secure element in NFC-enabled handsets.
In typical deployments, the TSM role is split in two – the Secure Element Issuer TSM (SEI
TSM) and the Service Provider TSM (SP TSM). The Service Provider TSM manages the
service provider’s application provisioning to the SE and its application lifecycles. The
Secure Element Issuer TSM manages secure element lifecycles and security domains on
behalf of SPs.
The TSM is an independent business entity and many types of company are entering this
competitive market. Many payment card manufacturing companies and card
personalisation bureaus are already providing TSM services. Mobile Network Operators
(MNOs) typically need to establish one or more SEI TSMs to manage their UICC-based
secure element (the MNO being the issuer of this SE type). In this case, the SEI TSM may
be deployed within each MNO or may be an independent entity serving many MNOs.
Note: the terminology ‘Issuer’ and ‘Service Provider’ in this context arise from outside the
Financial Services industry: ‘Issuer’ being the Secure Element Issuer, and ‘Service
Provider’ being known in Financial Services as the (payment instrument) issuing bank or
simply issuer.
Further information: EPC, EMVCo, Mobey Forum, GSMA
Trusted Third A trusted third party is a body that holds keys for authorization processes.
Party
6. Terms for Mobile Remote Payments
Term Description
Mobile Mobile Money is a very general term meaning any financial action made with a mobile
Money device.
Mobile A payment intitated by a mobile device where the transaction is conducted over a mobile
remote telecommunications network (e.g. GSM, mobile internet) and which can be made
payment independent of the payer’s location (and/or his/her equipment).
Mobile money A Mobile Money Transfer is the exchange of funds from one party to another, using a
transfer mobile device to either initiate and/or complete the transaction.
(MMT)
Mobile A mobile remittance is a mobile money transfer, mostly across international borders. It is
remittance considered a separate category of mobile remote payments due to the relatively higher
payment value, possible foreign exchange requirement and regulatory complexity.
Mobile The availability of cameras in smartphones has given rise to the ability to capture cheques,
Remote bills and other payment related documents remotely instead of having to bring them to a
Capture branch. Using a mobile application, the user takes a picture of a document that is analysed
(MRC) buy the MRC software to read out the payment instructions. The instructions are then
submitted to the bank for processing. Alternative names for this type of feature are remote
deposit capture, or mobile remote deposit.
7. Terms for Mobile Wallet
Term Description
Mobile Mobile wallet content refers to the digital content that resides within a mobile device and
Wallet on secure servers and provides value to the mobile wallet user. The mobile wallet could
Content contain different tradable value including currency and other value such as coupons,
loyalty points, credits or virtual currencies. Further mobile wallet content could be
identity or banking services, or transport and other tickets.
Mobile The mobile wallet content providers are the organisations or the brands that issue
Wallet content for use in the mobile wallet. Outside Financial Services, such a provider might be
Content known as a Service Provider. Within Financial Services, an issuing bank could be an
Provider example of a content provider.
Mobile The mobile wallet control points are the essential components of mobile wallet
Wallet operations that enable a mobile wallet stakeholder to control how a part of the
Control Point ecosystem operates. Such control points could be internal to the mobile wallet, or
external to it relating to the use of the mobile wallet and its content in the world of
commerce. Further information: Mobey Forum white paper on mobile wallet control
points
Mobile The mobile wallet user is the individual who uses a mobile wallet, manages its content to
Wallet User control their personal data and accesses financial services remotely.
Mobile A mobile wallet provider is an organisation or a brand that issues the necessary mobile
Wallet wallet functionality to the mobile wallet user.
Provider
Mobile A stakeholder in the mobile wallet ecosystem is any organisation or individual that
Wallet provides, provisions, or uses mobile wallets and their associated content and ecosystem.
Stakeholder The key groups of mobile wallet stakeholders include the mobile wallet content provider,
the user and the payment service provider.
8. Other Terms and Definitions
Term Description
Chip A chip manufacturer is a company that manufactures microchips (tiny slices of
manufacturer semiconducting material on which a transistor or entire integrated circuit is formed).
User Interface A user interface is the system by which users interact with a machine. The user interface
(UI) includes hardware and software components. On a mobile device the software
component of a UI is realized though a mobile application (app).
Web A Web App, most commonly developed leveraging HTML5, is an app that works similarly
Application across different browsers, both on mobile and desktop computing devices. Financial
(Web App) services that don’t require access to a lot of hardware features benefit from being built
as a web app, avoiding the need for example to develop native applications for different
mobile platforms. Further information: W3C
Responsive Modern web sites these days leverage responsive design to have one site for different
Design devices (mobile, tablet, desktop), with different resolutions and orientations (portrait vs
landscape). Responsive design sites automatically change the layout of the site
depending on the capabilities and orientation of the accessing devices.Further
information: W3C
Service A service provider is the business entity providing the service in question either to end-
provider user or to another business entity. In mobile financial services service provider normally
refers to the company providing the technology that enables the service. Outside
Financial Services the term Service Provider refers to an entity with which the end-user
has a relationship, such a transport provider.
Smart card A smart card is a device that includes an embedded integrated circuit that can be either
a secure microcontroller or equivalent intelligence with internal memory or a memory
chip alone. The card connects to a reader with direct physical contact or with a remote
contactless radio frequency interface. With an embedded microcontroller, smart cards
have the unique ability to store large amounts of data, carry out their own on-card
functions (e.g. encryption and mutual authentication) and interact intelligently with a
smart card reader. Smart card technology conforms to international standards (ISO/IEC
7816 and ISO/IEC 14443). It is available in a variety of form factors, incl. plastic cards, key
fobs, watches, subscriber identification modules used in GSM mobile phones, and USB-
based tokens. See also SIM Card. Further information: Smart Card Alliance