Karsten:JSC page.

qxd 08/06/2012 10:31 Page 80

Journal of Payments Strategy & Systems Volume 6 Number 1

The European cards environment and

ISO 20022

Diederik Bruggink*, Pierre Karsten** and Carlo R. W. de Meijer*

Received (in revised form): 9th February 2012
*Market Infrastructures GTS, The Royal Bank of Scotland, Paasheuvelweg 25, 1105 BP
Amsterdam, the Netherlands.
Tel: +31 20 4642552; e-mail: [email protected]
Tel: +31 20 4641094; e-mail: [email protected]
**Business Center Cards, Equens SE, Eendrachtlaan 315, 3526 LB Utrecht, the
Netherlands
Tel: +31 6 50677434; e-mail: [email protected]

Diederik Bruggink is Vice President Card WG10. His contribution here represents his own
Schemes within the Market Infrastructures views and not necessarily those of any other
department at The Royal Bank of Scotland. He individual or organisation.
holds a master’s degree in mechanical engineer-
ing. He is supporting the positioning of the bank Carlo R. W. de Meijer is Senior Researcher
in the relevant market infrastructures by aligning within the Market Infrastructures department at
external industry developments with the internal The Royal Bank of Scotland. He received a
strategies and developments in the business master’s degree in international economics from
units in the cards area. He acts as a senior the University of Tilburg in 1977. His main area of
adviser on cards-related strategic topics to inter- focus is the payments, cards and
nal key stakeholders and senior management, securities/derivatives environment and its devel-
and he participates as subject matter expert in opments. During his career, Carlo has held a
key projects. Before joining RBS, Diederik held large number of posts in the banking sector of
senior positions at MasterCard (Global Debit international finance, both as a senior economist
Products), ABN AMRO (Market Infrastructures) and as a private investment adviser. He has been
and Capgemini (Global Financial Services). He is a member of several national and European com-
a member of the Cards SEG of ISO 20022. mittees and working groups preparing the launch
of the euro. Carlo has published many papers on
Pierre Karsten is a Senior Advisor in cards and various international and financial topics.
payments, currently as Senior Officer with a
focus on cards compliance in the Business ABSTRACT
Center Cards at Equens SE. His experience The current cards environment in Europe is
ranges through project management, innova- fragmented in terms of business solutions and
tions, business development and compliance. technical standards. Both the goal of the
He received a master’s degree on transmission European Payments Council (EPC) to realise
of information from the University of Delft and an a SEPA for Cards, as well as the influence of
MBA from Henley Management College — this other market trends and developments, have
Journal of Payments Strategy &
Systems
with a dissertation on key issues of compliance highlighted this fragmentation. The current sit-
Vol. 6, No. 1, 2012, pp. 80–99 in the EU payments industry (2009). Pierre is a uation no longer meets the future business and
 Henry Stewart Publications,
1750–1806 member of ISO/TC68/SC7 and of WG9 and security requirements of the European cards

Page 80
Karsten:JSC page.qxd 08/06/2012 10:31 Page 81

Bruggink, Karsten and de Meijer

industry. This industry is asking for more effi- INTRODUCTION

ciency, for lower costs, and for straight-through- Notwithstanding the growing conver-
processing (STP). A key element that may be gence between payment transactions and
triggering the whole evolution of card payments card payments, the cards sector has not
is regulation. Without that element, it is been affected by the new SEPA payments
unclear whether the evolution of the market standardisation process until recently.
would have been so rapid. Greater standardisa- Following the introduction of the physical
tion and the search for better interoperability euro and the expected migration of
are certainly outcomes of changing regulations. domestic payment instruments to the
There are a number of other factors that are SEPA instruments SEPA Credit Transfer
driving the development of the cards industry. (SCT) and SEPA Direct Debit (SDD), the
In the future, businesses are likely to require need for a European equivalent for card-
better efficiency, interoperability and optimised based transactions is growing. The goal of
end-to-end processing. This underlines the the European Payments Council to realise
growing need for further standardisation. a SEPA for Cards, but also other trends
Security and the evolution of security require- and developments, have put the focus on
ments in card payments will also be essential the present fragmentation of the card
considerations. SEPA for Cards asks for more environment in Europe in terms of busi-
harmonised standards and interoperability in ness solutions and technical standards.
the European end-to-end card space. This Traditionally, different technical card plat-
should be achieved by replacing the various forms and different requirements (eg on
local standards with common, global, open security) are used in the various parts of
standards. The Eurosystem has asked the EPC the cards value chain within European
to provide clarity on all standards currently countries. As a consequence of this frag-
used or under development for end-to-end card mentation, it is presently almost impossible
transactions, and to recommend which will be to offer customers and multinational
used for SEPA for Cards. There are a number retailers a single card payment solution
of initiatives in the different domains of the which can be used in all SEPA zone coun-
cards value chain such as EPASOrg and the tries. The present situation no longer
Berlin Group that are giving direction to a pos- meets the future business and security
sible outcome.There are some difficult questions requirements of the European cards indus-
that need to be answered. Is it possible to agree try, which will demand more efficiency,
on one standard? What standard will fit into lower costs and straight-through process-
the new business and security requirements? ing (STP).
Does the current ISO 8583 standard used in SEPA for Cards asks for more har-
the Acquirer-to-Issuer space suffice, or should monised standards and interoperability in
one change over to the more recent ISO the European end-to-end card space. This
20022? Is a Europe-wide solution enough or should be achieved by getting rid of the
should a more international standard be chosen various local standards and replacing them
given the globalisation of financial markets? with common global open standards. The
And what are the challenges of adopting Eurosystem has asked the European
common industry standards through the whole Payments Council (EPC) to provide clar-
value chain? ity on all standards currently used and/or
under development for end-to-end card
Keywords: SEPA, standardisation, transactions, and to provide a recommen-
straight-through-processing, ISO 20022, dation on which standards will be used for
cards SEPA for Cards. The actual development

Page 81
Karsten:JSC page.qxd 08/06/2012 10:31 Page 82

The European cards environment and ISO 20022

of specifications and implementation of ing. But also the goal within Europe to
standards is the responsibility of standardi- create a SEPA for Cards that aims at elim-
sation initiatives in the different domains, inating technical and operational barriers
such as EPASOrg, Berlin Group and between countries and schemes is a
ATICA.1 Is it possible to agree on one demand for more harmonisation.
standard? What standard can be chosen
that will fit into the new business and New technology
security requirements? Is the current ISO Secondly, the development of new tech-
8583 standard used in the Acquirer-to- nologies and upgrades that enable more
Issuer space sufficient, or should there be a efficient end-to-end processing is influen-
change-over to the more recent ISO tial. The internet has already enabled
20022? Is a Europe-wide solution enough, widespread e-commerce, while technol-
or should global standards prevail, given ogy has brought about the likes of service
the globalisation of the financial markets? oriented architecture and web services. In
And what are the challenges of adopting the coming years, technology will improve
common industry standards through the further and open up new processing and
whole value chain? business possibilities.

Partnership and outsourcing

SOME IMPORTANT TRENDS Thirdly, SEPA requires the separation of
One element which may be triggering the schemes, processing and infrastructures
whole evolution of card payments is regu- with open standards. This will result in a
lation. Without this element, it is unsure growing demand for quality and separa-
whether the evolution of the market tion of functions in these parts of the value
would have proceeded at such a rapid chain. This will intensify the need for
pace. More standardisation and the search financial institutions to build partnerships
for a better interoperability are clearly out- on each level to realise economies of scale,
comes of this regulation process. There are and further outsourcing and more special-
a number of trends that are further driving isation. This development will also trigger
the development of the cards industry. a growing participation of non-banks, so-
Future business requirements will include called new payment-service-providers
more efficiency, interoperability and opti- (PSPs) in the payment chain. The resulting
mised end-to-end processing, underlying growing competition could accelerate the
the growing need for more standardisa- process of innovation and increased effi-
tion. Security and the evolution of secu- ciency in payment channels.
rity requirements in card payments will
therefore be an important element to be Innovations
taken into consideration. The fourth trend is in the domain of
innovations. Developments such as Near
Global, regional, local Field Communication (NFC) in the
First of all, there is the ongoing process mobile environment are triggering a wide
from localisation to regionalisation/glob- range of new initiatives for innovation in
alisation, resulting in the delivery of prod- the payments and cards sector, in new
ucts and services on both regional and channels such as contactless payments and
global scale. The growing global competi- mobile payments. These payment types
tion in the cards market asks for increased will gain stronger positions in the coming
efficiencies and straight-through-process- years and will create new partnerships on a

Page 82
Karsten:JSC page.qxd 08/06/2012 10:31 Page 83

Bruggink, Karsten and de Meijer

regional and global scale. Integration of agencies. The growing needs of the
internet with mobile, social platforms, vir- European cards industry for STP
tualisation and identification are all in throughout the whole card value chain, in
need of more interoperability and stan- terms of increased efficiency, interoper-
dardisation. How will identification be ability, speed etc., require more har-
performed securely in the future (cards) monised and open standards to facilitate
world? their operations. Optimised STP, with
smoothly working end-to-end business
Convergence processes, will increase the efficiency and
Finally, there is the trend towards conver- reduce the costs of the authorisation and
gence, where differences between the var- clearing processing significantly, since on
ious payment instruments (such as credit these only a standard format will be sup-
transfers and direct debits on the one ported in the mid-term within Europe,
hand, and card and mobile payments on irrespective of local or cross-border inter-
the other) begin to disappear, and pay- faces. Moreover, banks and other users
ments become more a matter of point-to- will then be able to switch easily between
point transactions: the simple movement different market solutions for clearing and
of value from one point to another. This settlement, for instance. This might be a
will further increase the need for end-to- flexible way of working. If the core mes-
end business processes to work as sage remains, local practices can be
smoothly as possible. There must also be enabled by using supplementary data or
conversion of payments building blocks extensions to particular elements. The
(taking parts of current (legacy) solutions), basic message is still able to be processed
eg faster payments. All these developments even if the extension is not used in that
are building the current and future pay- process.
ment infrastructure. For banks and other payment proces-
sors, STP requires accurate identification
of payment routing information. Full STP
STRAIGHT-THROUGH-PROCESSING for clearing can only be realised by using
AND RECONCILIATION: THE NEED STP processing and formats between dif-
FOR STANDARDISATION ferent banks and between banks and
These upcoming trends and developments clearing and settlement mechanisms. End
increasingly require a strategic evaluation users, remitters and beneficiaries, how-
of standardisation within the card envi- ever, have additional requirements for
ronment. There is a growing need for STP to facilitate communication between
deeper alignment of business processes the remitter and the beneficiary as to the
and models across the entire industry. But purpose of the card payment, eg retailer
real STP in the cards world is a challeng- reconciliation and transaction life cycle,
ing goal from a standards point of view. with a unique identifier. Presently this
With the use of various local standards, additional customer and business-specific
and in a number of stages of the whole information is not needed by banks for
value chain, there is no standardisation at their business. But for realising STP
all, and this limits efficient STP within a throughout the whole cards value chain,
SEPA environment. The use of ‘local’ (or payment messages need to satisfy their
scheme) standards means that there is a lot end users’ requirements for information in
of ‘translation’ between message standards, the context of card payment, and to sup-
particularly for acquirers or intermediate port the delivery of industry-specific

Page 83
Karsten:JSC page.qxd 08/06/2012 10:31 Page 84

The European cards environment and ISO 20022

remittance data in a manner that is associ- spread (EU) use in recent years. EMV is an
ated with the payment. Accommodating open-standard set of specifications for
innumerable remittance information smart card payments and acceptance
structures, as defined by industries, coun- devices. EMV has been developed to
tries and others within the payment mes- ensure interoperability between chip-
sages, poses the risk of over-frequent based payment cards and terminals, and to
changes and maintenance requirements to increase security and reduce fraud result-
those messages, substantially increasing the ing from counterfeit, lost and stolen cards.
cost and complexity of using these new EMV chip cards contain embedded
standards. A future solution on standardis- microprocessors that provide strong trans-
ation should meet these flexibility action security features and other applica-
requirements. tion capabilities not possible with
traditional magnetic stripe cards. The main
security benefit of the EMV standard, in
PRESENT STATE: STANDARDS contact and contactless form, is the addi-
FRAGMENTATION IN THE SEPA ZONE tion of dynamic data. EMV secures the
Within the SEPA area, the cards industry is payment transaction with enhanced func-
confronted with a fragmented market, tionality in three areas: card authentica-
characterised by various rules, regulations tion; cardholder verification; and
and standards. From the perspective of the transaction authorisation. Eighty countries
broader value chain of debit and credit globally are in various stages of EMV chip
cards, several procedures and protocols are migration, including in Europe, Latin
used in the different parts of the value America and Asia, and it now looks likely
chain. There are a large number of differ- EMV is finally headed for the US market.
ent terminal-to-host protocols. This is 1.2bn EMV cards have been issued glob-
mirrored by the prevalence of local proto- ally and 18.7m POS terminals accept
cols between payment terminals and EMV cards as of Q1 2011. This represents
acquirer host systems, but also defining the more than 40 per cent of the total pay-
interface between those same terminals (or ments cards in circulation and more than
card payment software) and the cash regis- 70 per cent of the POS terminals installed
ter systems used by retailers at the Point of globally. Though the USA has lagged in its
Interaction (POI). Besides, almost every adoption of the EMV integrated Circuit
domestic and international card payment Card Specifications (commonly called
system seems to use a different standard in chip-and-PIN), which many countries use
the Acquirer-to-Issuer domain. to improve security at the POS, US banks
and merchants are ready to make the
switch.
THE EMV STANDARD EMV (if adopted) is used as a standard
The EMV standard encompasses specifica- at the card issuer and acceptor or terminal
tions, test procedures and compliance interface. In the Acceptor-to-Acquirer
processes managed by EMVCo, LLC, an domain, the EPAS format of ISO 20022 is
organisation jointly owned and operated the main new standard, following local
by American Express, JCB, MasterCard standards. In the Acquirer-to-Issuer
and Visa. EMV originally stood for domain, variants of ISO 8583 are still the
Europay, MasterCard and Visa (EMV). standards most widely applied in card sys-
EMV was introduced in early 2000 in the tems for authorisation or single messaging.
UK and France, but only came into wide- It is a widely used and proven practical

Page 84
Karsten:JSC page.qxd 08/06/2012 10:31 Page 85

Bruggink, Karsten and de Meijer

Figure 1 Overview
of standards in the
cards value chain:
POS transaction.
Work in progress:
current assessment

standard. Most of the acquiring banks or border card payment transactions by

transaction processors are nowadays using multinational acceptors, thus slowing the
a wide variety of different legacy proto- development of business.
cols, defined and implemented at the local
or national level. These include various
domestic or even international formats EPC: SEPA FOR CARDS
used for clearing and settlement transac- SEPA for Cards is seen as an important
tions. Not all these protocols and proce- element in the realisation of an efficient
dures are based on open standards, as card market in Europe. The aim is to
proprietary standards are also implemented enable European customers (cardholders
(see Figure 1). As a consequence, compo- and merchants) to use general purpose
nents in the value chain are not easily cards to make and receive payments and
replaceable. For instance, if a retailer withdraw cash in euros throughout the
wishes to switch from one acquirer to SEPA area with the same ease and con-
another, some adjustments to the terminal venience as they do in their home coun-
that cost money are required. try. The objectives of a SEPA for Cards
This situation has posed a large number will be achieved to the greatest extent
of challenges for the cards industry in possible through the use of open stan-
Europe. As a consequence, it is presently dards available to all parties within the
almost impossible to offer customers and card payment value chain. These would
multinational retailers a single card pay- replace the domestic payment infrastruc-
ment solution that can be used in all ture used for card clearing in the mid-
SEPA-zone countries. The existence of term with common European
country-based incompatible standards also infrastructures. The ambition of SEPA for
hinders the central acquisition of cross- Cards is to set the foundation for interop-

Page 85
Karsten:JSC page.qxd 08/06/2012 10:31 Page 86

The European cards environment and ISO 20022

erability and gradual convergence of the cards (co-existence) for the exchange of
technical standards which underpin the information between the parties involved
end-to-end card value chain. That would in the cards value chain. A solution is
facilitate fast, efficient and secure process- needed that delivers: flexibility, co-exis-
ing of card payment transactions in the tence and convergence.
SEPA area. Harmonisation of standards in
the European cards industry would mean SEPA Cards Framework
that cardholders can pay with one card The EPC is carrying out a card standardi-
over the whole euro area; retailers will be sation programme designed to remove
able to accept all SEPA cards in a single technical obstacles that nowadays prevent a
terminal; banks will be able to switch ‘consistent customer experience’ through-
easily between different market solutions out the SEPA cards market, and to allow
for clearing; and payment card processors higher process efficiency along the overall
will be able to compete and to offer serv- card value chain. For that purpose, the
ices throughout the euro area. EPC has developed the SCF. The objective
Harmonisation of standards in the of the EPC SCF is to define the strategic
European cards industry would require vision for SEPA card payments through
issuers, acquirers, card schemes and oper- the establishment of high level principles
ators to adapt to the SEPA Cards and rules.
Framework (SCF).
Cards Stakeholders Group (Csg)
SEPA for Cards and ISO 20022 In 2009, the EPC promoted the creation
The Economic and Financial Affairs of the Cards Stakeholders Group (CSG),
Council (ECOFIN) requested in its con- comprising representatives of five sectors
clusions on SEPA in December 2009 that also active in the cards domain. These
the industry should set the conditions for include retailers, vendors, processors, card
further standardisation in the area of cards. schemes and banks. The collective aim of
According to the EPC, the clearing infra- the EPC and CSG is to establish a frame-
structure used to process the SEPA pay- work for a better, safer, more cost-efficient
ment instruments SCT and SDD, based on and richer card services environment,
ISO 20022, can be used to clear and settle whatever the card product or scheme may
card transactions through analogous mes- be. The CSG task is to identify standard
sages and formats if appropriate. But for requirements and best practices that will
realising STP, that should be realised in full promote interoperability in the SEPA
coordination with other domains in the cards market.
cards value chain, notably the Accepter-to- The scope of EPC’s work on cards stan-
Acquirer domain. The EPC recognises that dardisation in general, and of the present
the introduction of new standards for card CSG deliverables in particular, is the defi-
payments processes and messages cannot nition and description of SEPA cards stan-
happen overnight. For a certain period of dards for the card payment and cash
time, existing and new standards will have withdrawal services provided or imple-
to operate side-by-side. The EPC recog- mented by the different stakeholders such
nises the widespread use of ISO 8583 for- as SCF-compliant card schemes, issuers,
mats in the Acquirer-to-Issuer domain for acquirers, processors, vendors, merchants
online authorisation, while supporting the etc. On 6th June, 2011, the EPC and the
use of both ISO 8583 and ISO 20022 CSG released the latest version of the
XML-compliant2 message standards for SEPA Cards Standardisation Volume —

Page 86
Karsten:JSC page.qxd 08/06/2012 10:31 Page 87

Bruggink, Karsten and de Meijer

Book of Requirements (The Volume). This ent business models that are validated by
Volume defines functional and security the industry. ISO 20022 uses a modelling
standards requirements for cards services, as methodology approach independent of
well as evaluation methodology designed the coding of messages (such as XML or
to achieve interoperability based on open ASN.1/TNL). The goal of ISO 20022 is
standards within the SEPA cards market. to identify and standardise the ‘words’ that
are shared between institutions, and store
them in the ‘data dictionary’ of the ISO
ISO 8583 vs ISO 20022: WHICH TO 20022 Repository. On that basis, develop-
CHOOSE? ers can build ISO 20022 syntax-independ-
The current discussion in the European ent message models that can then be
cards industry is whether the current ISO transformed into message formats accord-
8583 and its future improvements can still ing to the desired syntax. The current pre-
be relied on for the standardisation of the ferred ISO 20022 syntax in SEPA is XML.
messages in the card payment industry — The syntax-independent business model-
or should one use a new standard for cards ling methodology allows developers to
developed under the umbrella of ISO capture the ‘business standard’ prior to, and
20022? independently of, the physical format of
future messages. This flexible framework
ISO 20022 allows communities of users and message-
ISO 20022 provides the financial industry development organisations to define mes-
with a universal common platform for the sage sets according to an internationally
development of financial messages in a agreed approach and to migrate to the use
standardised way. Compared with ISO of common XML-based syntax. The fact
8583, ISO 20022 does not describe the that the syntax design rules are clearly sep-
messages themselves. However, it is a arated from the modelling methodology
recipe for developing financial industry ensures that models will not need to be
message standards (which can be con- changed should XML be superseded by a
verted into physical messages). ISO 20022 new and better syntax solution.
creates a single standardisation approach
with common methodology, common Flexible framework
registration process and a central reposi- A long-term objective is one standard
tory that can be used by all financial stan- approach via ISO 20022 that is used by all
dards initiatives. The financial repository is stakeholders. It will not happen overnight.
a sort of central dictionary of business SWIFT, for example, has an integration
items, in which approved models, transac- strategy from MT to MX messages that
tions, messages and their components are could last more than ten years at least. In
stored. This ISO 20022 recipe offers a the interim, several standards need to co-
better, cheaper and faster way of develop- exist to respond efficiently to competitive
ing and implementing interoperable mes- pressures and regulatory demands.
sage standards that could meet the needs
of the present cards industry in terms of Interoperability
convergence and co-existence. ISO 20022 eases interoperability with
other financial message standards between
Common modelling methodology financial institutions, their market infra-
Key to the ISO 20022 standard is the structures and their end-user communities.
approach of developing syntax-independ- The new message standards will cover end-

Page 87
Karsten:JSC page.qxd 08/06/2012 10:31 Page 88

The European cards environment and ISO 20022

to-end business process across all markets. without the need to change the message
It facilitates an end-to-end interoperability format continuously.
approach, ensuring optimum ability for
STP or more fluid end-to-end processing.
ISO 20022: BUSINESS JUSTIFICATION
Convergence INITIATIVES FOR CARDS
One of the most interesting characteristics For harmonisation in the SEPA area, there
of ISO 20022 is that it provides a way to are now a number of standardisation ini-
achieve the long-term convergence objec- tiatives that aim for solutions in the vari-
tive. ISO 20022 supports convergence to ous parts of the cards value chain in order
one standard that will replace today’s to realise interoperability and convergence
numerous specifications, which have been towards ISO 200222. These initiatives
developed on a country or card scheme include EPAS CAPE (Point of Interaction
basis. It facilitates the migration from (POI)-to-Acquirer), ISO/TC68/SC7/
existing messages to their ISO 20022- WG ATICA (Acquirer-to-Issuer), The
compliant equivalent. Over the longer Berlin Group CCPAY (Acquirer-to-
term, the ISO 20022 messages generated Issuer), and IFX for ATM messaging and
from the model could become the stan- management. A common aim is to ensure
dard that SEPA is looking for. to as great a degree as possible the end-to-
end harmonisation of the various projects.
Co-existence All these business justifications and pro-
While getting there, the ISO 20022 mes- posals will be evaluated by the Cards and
sage model provides a way to facilitate the Related Retail Financial Services
short-term co-existence of several stan- Standards Evaluation Group (Cards SEG).
dards. Part of the ISO 20022 standard is a The main goal of the Cards SEG is to pro-
so-called ‘reverse engineering’ technique vide a harmonisation function across all
or approach to ease co-existence, ie to submissions to promote as much as possi-
recapture the functionality of existing non- ble end-to-end interoperability between
ISO 20022-compliant message standards the different ‘domains’ of card transaction
and feed it into the ISO 20022 model. processing.

Supplementary data EPASOrg: ISO 20022 — CAPE

It also takes into account the information EPASOrg, the developer and official sub-
required by customers such as financial mitter of the Card Payments Exchanges
institutions, and end users such as retailers. (CAPE) set of messages, was set up by var-
ISO 20022 can be extended with supple- ious industry players to define a new series
mentary data without having to update of protocols (EPAS specifications) to spec-
the approved message format. It enables ify the interaction of electronic payment
the utilisation of message components in terminals with other systems in the card
the ISO 20022 repository. As a result, users payment value chain.
that do not need the supplementary data
will not be affected. The extension mech- Scope
anism for ISO 20022 is a container that, The scope of the EPAS card payment
when used, includes supplementary data messages is within the Acceptor (mer-
that is structured as an ISO 20022 compli- chant)-to-Acquirer (bank) domain for
ant scheme, looks like the rest of the mes- POI transactions. The goal of the proposed
sage, and can be processed in the same way message standardisation process of EPAS is

Page 88
Karsten:JSC page.qxd 08/06/2012 10:31 Page 89

Bruggink, Karsten and de Meijer

to cover the whole POI card payment its data modelling and the development of
transactions environment located upstream detailed technical specifications.
or downstream of the Acceptor-to-
Acquirer domain. One of the objectives is Compatibility
to allow an Acceptor and an Acquirer to The compatibility issue with current stan-
exchange POI card payment-related mes- dards was identified as a specific business
sages either directly, or through one or requirement by the EPAS Consortium at
more Intermediary Agents (IAs) located the very beginning of its work. It consid-
on the path of the exchange. The EPAS ered it a prerequisite for ensuring a
CAPE Business Justification does not smooth migration from current syntaxes
cover the Acquirer-to-Issuer domain. It is such as ISO 8583 to ISO 20022 and vice
left to other industry stakeholders to versa. The EPAS Consortium actually
submit an ISO 20022 Business ensured — throughout the design and
Justification within this specific card busi- development phases of the messages —
ness domain. that an adequate level of compliance with
existing messages (such as ISO 8583)
Protocols could be verified. The CAPE messages
The aim of EPASOrg is to overcome the were designed and developed to maintain
present fragmentation in the European consistency with the current ISO 8583
cards market through the development of standard — especially at the business
common state-of-the-art protocols to be process level where elements of ISO 8583
used by the POI and their widespread are mapped into ISO 20022.
implementation. These include an
Acquirer protocol that relates to the Present state
interface between a card payment termi- The submission of messages by EPAS for
nal (or software) and the acquirer’s host the first area, Acceptor-to-Acquirer POI
system. The CAPE ISO 20022 Business messages, has now completed all its
Justification also allows for the develop- approval stages. EPASOrg announced by
ment of messages for standardisation for a the end of 2010 the endorsement and
Retailer protocol, ie messages between a dissemination of the first universal series
POI system and the cash register or sales of ISO 20022 card payment standards
system for large multi-lane retailers, as messages (ISO 20022 CAPE) to be used
well as for a Terminal Management between a merchant and a bank for card-
System protocol for remote updating of initiated payment transactions (Acquirer
POI parameters, software and crypto protocol). This new universal standard
keys. would replace the present numerous
specifications developed on a country or
ISO 20022 methodology payment scheme basis. Also, the TMS
The initial aim of the EPAS consortium protocol (relating to the interface
was to foster interoperability in card pay- between card payment and the system
ments protocols and to develop card-based used to manage them remotely) has been
ISO 20022 protocols based on open, non- approved.
proprietary and common interoperable
standards. To ensure compatibility with the ATICA (Acquirer-to-Issuer Card
latest technological standards, it was Messages)
decided that the EPAS protocols would be The ATICA (Acquirer-to-Issuer Card
based on the ISO 20022 methodology for Messages) initiative — under the responsi-

Page 89
Karsten:JSC page.qxd 08/06/2012 10:31 Page 90

The European cards environment and ISO 20022

bility of ISO/TC68/SC7/WG9 (WG9) addressed by the card environment

— is to investigate the business case for (including those currently addressed by
using ISO 20022 and its toolbox for the ISO 8583), thereby utilising the ISO
development of messages in the card pay- 20022 methodology. Also, WG9 analyses
ment industry. WG9 consists of various ISO 8583 in order to define and to con-
representatives from the industry. tribute to harmonised business and mes-
sage components into the ISO 20022
Scope repository. It is this aspect of the work
WG9 has been formed to work on card that will be critical to the effective
messages in the domain of Acquirer-to- reverse engineering of the ATICA mes-
Issuer message exchange — the domain sages.
already covered by the existing standard
ISO 8583.WG9 suggests a scope including Co-existence
(but not limited to) financial transactions WG9 will need to define a co-existence
such as presentment, reconciliation and migration plan for ISO 8583 once
between and among financial institutions, the submission ISO 20022 model and
and other functions that represent more messages are complete. As far as possible,
than the traditional card transaction the submission to ISO 20022 should
domain. therefore contain the core elements of
ISO 8583 messages (changes to the ISO
Goals 20022 model approved by the Cards SEG
ATICA will seek alignment of CAPE and will not automatically generate to the
CCPAY, whereby STP is a key require- ISO 8583 message equivalent. It will be
ment. ISO 8583 will be maintained (for up to SC7 WG Cards and related finan-
the time being) by the WG9 Cards and cial services to propose an update of ISO
related retail financial services, as the foun- 8583). The key role of WG9 and the
dation of most card messaging, taking into Cards Technical Group that follows it will
account the current business needs. It is an be to protect the core functionality of the
important consideration that both stan- ISO 8583 messages. Current messaging
dards, ISO 8583 and ISO 20022 should be between the acquirer and issuer uses var-
able to co-exist. ious interpretations of the ISO 8583
standard, but essentially follows the same
Reverse engineering business processes. Retailers and proces-
One of the main tasks is to initiate the sors will not welcome a new standard
reverse engineering of ISO 8583 messages that radically changes the established
into ISO 20022 XML models and reposi- business processes no matter what the
tory. For that purpose, WG9 will specify a advantages are in terms of richness of
common interface by which retail finan- data.
cial and non-financial transaction card- The intention is to offer users of ISO
based messages can be interchanged in the 20022 XML in the cards industry — such
Acquirer-to-Issuer domain as specified in as financial institutions and card service
ISO 8583. providers that wish to take advantage of
WG9 was asked, relating to the imple- card payment methodologies and tech-
mentations of ISO 8583, to identify the nologies and streamline their business
elements that can then be reverse engi- processes around ISO 20022 — a migra-
neered into ISO 20022 models. WG9 is tion path from their current authorisation
capturing the business processes currently and settlement systems to a common ISO

Page 90
Karsten:JSC page.qxd 08/06/2012 10:31 Page 91

Bruggink, Karsten and de Meijer

20022 platform in order to leverage their create card-clearing messages based on the
investment in payments infrastructure. business and message models of the exist-
ing SEPA payment messages within the
Present state ISO 20022 financial repository (in addi-
The business justification was endorsed by tion to the ATICA approach). Further
the Cards SEG in October 2009. The date analysis has identified that the clearing
of delivery of candidate messages was infrastructure used to process the ISO
planned for the second quarter of 2010. 20022-based SEPA payment instruments
The current status is that the first draft is can also be used to clear and settle card
expected mid-2012. transactions through analogous messages
and formats.
The Berlin Group: CCPAY
The Berlin Group — at first initiated by Approach
major domestic card payment systems but Since 2008, The Berlin Group has been
now consisting of mayor players in the working on a payment model and a mes-
cards industry — is a European standardisa- sage format for the clearing of card trans-
tion organisation that is fully separated from actions based on ISO 20022 payment
EPAS CAPE and other European standard- messages like ‘pain’ and ‘pacs’ messages.
isation initiatives. For authorisation, The The CCPAY approach is to use a pay-
Berlin Group presents a standard based on ment-like approach for the clearing and
ISO 8583. Regarding ISO 20022, the settlement of card transactions, re-using
Berlin Group intends to specify common the ISO 20022-based clearing infrastruc-
messages to be used in the clearing and set- ture built up for the SEPA payment
tlement of card transactions: CCPAY (Card schemes SCT and SDD.
Clearing Payment Messages). While the ISO 20022 repository is
fully sufficient for the clearing process
Scope between the Debtor Bank and Creditor
The Berlin Group proposes open stan- Bank itself (inter-bank), and for card
dards in the Acquirer-to-Issuer domain. transactions, more data elements are
Standardisation activities focus on defining required to transport card transaction-
technical payment messages for cards related data from the Acquirer to the
clearing based on ISO 20022 and using Issuer or their respective reference parties
payment business models. This develop- (ie the Cardholder and the Card
ment will cover the payment initiation Acceptor): for the account management
(pain) messages (Acquirer-to-Acquirer of the bank customers for example; or for
bank), as well as the inter-bank payment internal reconciliation and dispute man-
clearing and settlement (pacs) messages. agement between the Acquirer and the
The Berlin Group believes that a pay- Issuer. The extension of the Direct Debit
ments-focused development of ISO 20022 message types will be needed for pulling
card-clearing messages, rather than an ISO clearing mechanisms, while Credit
8583 re-engineering-focused approach Transfer messages will be needed for
like that of ATICA, is needed in order to pushing clearing mechanisms like for
realise the synergies in terms of end-to- card-based credits or certain merchant
end processing. refunds. R-Transaction messages will be
needed in the case of direct debits and
Goals credit transfers. In total, ten new messages
The purpose of The Berlin Group is to will be needed for CCPAY.

Page 91
Karsten:JSC page.qxd 08/06/2012 10:31 Page 92

The European cards environment and ISO 20022

Adoption Scenario CARDS ENVIRONMENT:

The Berlin Group is working on a dual STAKEHOLDERS, THEIR INTERESTS
solution: AND POSITIONS
• Short term: SEPA Cards Clearing Within the cards environment, there are a
Framework operational rules and large number of stakeholders, each with
implementation guidelines based on their specific role, interest, involvement
data inspired by ISO 20022 and SDD and especially, influence on the process of
messages; providing input on standardisation. The
• Long term: Align the short-term solution common interest of all these stakeholders
with the results of the business justifica- will in the end determine the viability and
tion process acceptance of the ISO success of the business case for ISO 20022
20022 (full XML). as the standard format for the European —
and potentially global — cards industry.
Present state
While adoption of ISO 20022 by the Card schemes
whole cards industry is a long-term The card schemes3 are among the key
objective, in order to obtain the benefits players in the cards environment. SEPA
of the new standard, The Berlin Group requires unbundling between the scheme
issued the final specification for a short- on the one hand, and the processing or
term solution in 2010. That solution infrastructure on the other. In an unbun-
relies on the pain and pacs messages in dled cards world, schemes will impose
place today for the SEPA Direct Debit only the requirements for the Acquirer-to-
messages. For this solution, the main Issuer domain. As a result, the processors
information on involved parties and would have the freedom to decide what
amounts to be cleared is contained in the standards to use there. In the present cards
payment data elements already provided world, the actual standards to be used are
by the ISO 20022. still being prescribed by the various partic-
In addition, specific card-transaction ipants in the value chain. The schemes
data, such as that needed for dispute man- have certain mandates for the Acquirer-to-
agement like EMV data, is contained Issuer domain, while in the Acceptor-to-
within the unstructured remittance infor- Acquirer domain, the standard used results
mation. These data will be ISO-TLV from the decision of the acquirer based on
encoded in the unstructured remittance the requirements of the merchant, where
information like the EMV data in ISO there is a chance that the acquirer will
8583-based authorisation or clearing mes- follow recommendations from the
sage formats. The short-term SEPA Card schemes.
Clearing solution is intended to be imple- The migration from local or propri-
mented as soon as possible. The German etary standards to open, and hence
banking industry has already started an regional (or global), standards increases the
implementation project for the short-term need for interconnectivity and interoper-
SEPA Card Clearing formats, as a full ability in this domain, requiring the effi-
XML encoded ISO 20022 solution is not cient co-existence of standards.
available in time for the SEPA market Schemes monitor, or are actively
needs in Germany. Other markets or involved in, the standardisation process.
cooperation partners of the German bank- For example, this may be through active
ing industry in Europe are expected to participation in various ISO 20022 bodies.
follow this implementation. Their influence on standardisation is con-

Page 92
Karsten:JSC page.qxd 08/06/2012 10:31 Page 93

Bruggink, Karsten and de Meijer

sidered medium to high. A key risk related standards would enable easy entry to new
to schemes is that if they continue to use markets. It would also contribute to effi-
their proprietary standards, it will not lead cient STP. Banks’ involvement in the
to the SEPA ambition of the elimination process of self regulation for standards is via
of technical and operational barriers the EPC. Though they are not leading in
between countries and schemes. the development of standards, they set the
high-level requirements for the cards indus-
Terminal vendors try within EPC and the CSG. Some banks
Terminal vendors have to implement stan- participate actively in ISO 20022 forums.
dards that are set by the various (local)
schemes facilitating card acquirers or their Retailers
processors. The interest of these vendors in As retailers are the intrinsic acceptors of
the standards discussion is that they sell standards, the importance to them of fur-
many different terminals that have to sup- ther standardisation is high. Their interests
port a broad range of standards. Terminal are the development of pan-European
vendors are followers in the whole card acceptance, the full acceptance by the
process, but do monitor progress and can industry of an open standard, STP and, as a
be actively involved in submitting propos- consequence, low costs. Being major
als (for example, by participation in clients for acquirers and card brands, retail-
EPASOrg for the Acceptor-to-Acquirer ers are important stakeholders in the cards
domain). Their influence in the standardi- environment. Their importance is high, as
sation discussion is considered to be they can drive the market or stop market
medium as they are an important stake- change if they see no value from higher
holder with indirect involvement. The costs. The increasing costs of investment in
costs of terminals determine a major part new terminals could cause retailers to
of acceptance network investments. The postpone (as opposed to stop) the replace-
impact of the decision on standardisation ment of their existent ones. This could
could be significant. A common and open decelerate the standardisation process.
standard can reduce terminal costs, as they
can then be produced in larger volumes Processors (switches)
and will enable efficient STP. However, Cards processors that operate a network
more standards could make the cards switch between acquirers and issuers (that
ecosystem more complex, and as a conse- includes clearing and settlement) have to
quence more costly. New standards can implement standards. They are followers,
bring new options and functionalities, and should follow up what the schemes
which may generate investment for new they support impose. They are very much
terminals. interested in STP. Their interest is to
attract or keep as many as possible transac-
Banks tions through efficiency and full accept-
As issuers and acquirers, banks are involved ance of brands and schemes. Ideally, they
in the standardisation process. They are are advocating one global or regional stan-
influential decision makers because they dard using the fewest possible different
will have to implement product and serv- infrastructures or platforms. That would
ices on agreed standards. For them, a viable enable efficient STP because fewer con-
business case for ISO 20022 is of impor- versions are needed. In addition, new
tance in terms of day-to-day costs, volume requests would be more easily understood.
and market profit. Standardisation via open These processors keep a watching brief

Page 93
Karsten:JSC page.qxd 08/06/2012 10:31 Page 94

The European cards environment and ISO 20022

Figure 2 COMPETITIVE MARKET

REGIONAL/GLOBAL TRANSPARANCY REGULATORS
Competitive market
RETAILERS
regional/global VENDORS

transparency

ISO STANDARDS
COMPETITION BETWEEN SCHEMES NEW MARKET FUNCTIONS
SCHEME
STANDARDS
INNOVATION OUTSOURCING

CREATING MARKET SHARE MORE OPEN REGIONAL STANDARDS

BANKS
SCHEMES
PROCESSORS

and are actively involved in setting stan- play a less important role in the standardi-
dards as experts. A good example is The sation discussion and process. As a fol-
Berlin Group. Their influence is consid- lower, they have to implement agreed
ered to be low-to-medium. standards.
From this, it can be understood that the
Regulators forces delivering the governance of indus-
Notwithstanding the lack of legislation, try standardisation differ markedly in size
regulators play an influential role in the and position. Also, schemes take in a default
European cards standardisation discussion industry standardisation role by mandating
by creating better understanding and proprietary standards on chip (EMV), and
transparency (Figure 2). The ECB supports on security (PCI-DSS),4 all in cases based
the SEPA Cards Framework and for them, upon and sometimes ‘in competition’ with
the importance of standardisation to create ISO standardisation initiatives. For exam-
a single cards market with open market ple, the EMV standard is a proprietary
access is high. Although they expressed standard mandated by most card schemes
their preference for open and global stan- while there is an ISO standard — ISO
dards, it is (until now at least) up to the 9992-1 (1990) ‘Financial transaction cards
market to provide a solution. Regulators — Messages between the integrated cir-
play a key role, as they can drive industry cuit card and the card accepting device’ —
change. European regulators are condi- that covers chip-based transactions. For
tional in the sense that they deliver impor- PCI-DSS there is the ISO alternative ISO
tant requirements of a future cards 27001 Information Security.
framework. If market participants are not Compared with payments, the SEPA
decisive enough, the regulators could payment rulebooks are open standards for
speed up the process via regulation. all within the industry. Considering the
varied initiatives on cards standardisation,
Other players there are a number of challenging ques-
Other players such as acquirer processors, tions. How will these affect the business
cash-register vendors and other vendors case and management of the standards?

Page 94
Karsten:JSC page.qxd 08/06/2012 10:31 Page 95

Bruggink, Karsten and de Meijer

How can ISO 20022 stay in touch with based on market demands for realising
the dynamics of the industry needs of industry efficiency, new functionality and
schemes and banks so that new initiatives progressive use of the new options. ISO
do not become proprietary as was the case 20022 is seen as a credible and long-term
with ISO 8583 (87/93)? Which is the best alternative to ISO 8583, and as a viable
way to manage business-driven change strategic option for future card/retail stan-
requirements within an allotted imple- dardisation. ISO 20022 could overcome
mentation time? Will the ‘Apple platform’ the constraints of ISO 8583 messages, as it
become the future model with a propri- is flexible and expandable. It is the whole
etary environment that is not interlinked, modelling and structure of ISO 20022
or is it the Google platform with an ‘open’ messages that provides flexibility to
standard for multiple parties that is a future expand message components. This univer-
option? What about membership and sal and common flexible framework pro-
compliance with open standards, or that vides the financial industry with a
for new mobile payments? common platform for the development of
message sets according to an internation-
Compliance with open standards ally agreed approach.
Compliance with open standards addresses
the area of scheme standards and ISO stan- Negatives of changing over to ISO
dards that are the input for processing. The 20022
schemes define business rules and regula- Notwithstanding the various advantages of
tion for Acquirers and Issuers. Following ISO 20022, there are still a number of
these business rules, schemes also define negative considerations that might affect a
specific technical requirements and system quick adoption of ISO 20022 methodol-
functionality for processing based on open ogy for cards in Europe. First of all, the
ISO standards and on Scheme standards. existing and widely-used first versions of
This combination is more or less propri- ISO 8583 have proved highly flexible over
etary or governed by schemes. For com- the years for new functionality in propri-
pliance with open standards, business rules etary fields (EMV, global, debit, credit and
and regulations are input for open stan- petrol etc), but could not catch up with
dardisation on ISO and Schemes together new versions (2003). On top of that, the
in order to attain efficient and effective implementation of a new standard takes a
STP processing. long time. And there are the high legacy
costs, as well as the costs involved with
implementation. Card schemes such as
IS THERE A BUSINESS CASE FOR MasterCard and Visa and their clients have
CARDS AND ISO 20022? already invested in ISO 8583 (1987) and
In order to be effective, a new card stan- easy global conversion systems.
dard (or standards methodology) must
fulfil future market and business needs and General benefits
functional requirements for interoperabil- While relatively high costs may be
ity, convergence and co-existence. For a expected for the implementation of the
business case, for ISO 20022 to be viable it new standard — and it may take a long
is important that the new standards will be time to be adopted by the whole industry
beneficial for all stakeholders involved. A — it would make the market for process-
sound and viable business case for ISO ing cards more reliable and efficient.
20022 in the cards industry should be Because the ISO 20022 standards were

Page 95
Karsten:JSC page.qxd 08/06/2012 10:31 Page 96

The European cards environment and ISO 20022

approved only five years ago, its inherent the card industry to meet in order to
architecture provides some essential ben- realise the required harmonisation of stan-
efits. Normally, migration from old to dards in the SEPA area. There is the issue
new standards is not easy. However, ISO of market acceptance. Will the proposi-
20022 migration is completely different. tions meet the requirements of the various
ISO 20022 provides short-term co-exis- players in the cards environment and pro-
tence and long-term convergence objec- vide an overall business case? Are the vari-
tives and is designed to allow users to ous players willing to implement ISO
implement standards better, cheaper and 20022? Another issue is whether standard-
faster. isation will provide new market opportu-
Longer term savings are expected for nities and new business? In addition,
the cards industry as a whole as a result of: should cards standards’ harmonisation be
limited to the SEPA zone, or should it be
• the convergence process with the enlarged to the global system (as the cards
whole card payments value chain industry is becoming a global industry
including credit transfers, direct debits, with some local solutions)? Finally, there is
clearing, settlement, card payments; the challenge of synchronisation in propri-
• the availability of lower cost ‘off the etary standards and open scheme stan-
shelf ’ flexible software solutions, which dards, open ISO standards on market
can result in reduced IT costs; change and the delivery of business solu-
• the simplification of fraud and card tions along the chain.
back-end processes and increased STP.
Market acceptance
Increased STP Creating standards for the card industry is
ISO 20022 can play a unique role in one necessity, but gaining market accept-
enabling business process automation ance and implementation are also key
across the financial industry. It may prove requirements. It will be a real challenge,
to be a quiet revolution in the STP goals given the various players in the card envi-
of an industry in search of faster, cheaper ronment and the different needs and
high-quality data and the higher confi- requirements of stakeholders such as retail-
dence, lower risk operating environment ers, merchants, issuer banks, and acquirer
that results from it. ISO 20022 considers banks in terms of costs, ease, and security.
the underlying business processes rather ISO 20022 is an open standard that relies
than being just a message-centric on the strength of industry collaboration
approach. It covers all financial messages and that disciplines the processes of stan-
and allows participants to use the same dards governance. To realise the full bene-
language for all their financial communi- fits of adopting ISO 20022, the industry
cations. The use of ISO 20022 will facili- must engage across the board. In turn, that
tate end-to-end needs from POI to cash requires a firm grasp of the principles gov-
reporting. It will allow interoperability erning this methodology. This is not a
between different card and payment one-time market-acceptance step.
instruments, and will bring overall cost Longer-term governance will also
efficiency end-to-end. require the close monitoring of STP
implementation, bringing user-group
requirements on solutions within range of
CHALLENGES market needs, and supporting all players in
There are still a number of challenges for the industry with tools and best practices.

Page 96
Karsten:JSC page.qxd 08/06/2012 10:31 Page 97

Bruggink, Karsten and de Meijer

How will the partnership between ISO, Regional or global?

the Schemes, the banks and other stake- From a competition point of view, should
holders evolve? Is this an ad hoc approach, the focus of standardisation be on SEPA or
or is this streamlined for fast market and Europe as a region — or should it be
business needs? One of the key questions enlarged to the global ecosystem? While
here is which stakeholder should take the the issue of standardisation has been
first step in implementing ISO 20022 in addressed with a relatively high level of
order to ensure a catalyst effect for the urgency within Europe, it will nevertheless
overall acceptance throughout the whole become a major priority in the years to
cards value chain. At the moment, the come for worldwide and region-wide
cards environment is in equilibrium with payment schemes, as well as for card
respect to investments required to main- acceptors and acquirers, because of the
tain this environment. Migrating to ISO emergence of global standards such as
20022 will disturb this equilibrium as EMV. This could contribute to the cre-
investments are required for all involved. ation of a worldwide level playing field
It means that if participants start to among these participants (banks and
develop a business case, they will have to acceptors) and will increase competition.
cater for many dependencies on the According to the Eurosystem, to meet the
actions of the other stakeholders involved. requirements of European stakeholders,
This makes it even more complex for the there is strong need for direct and coordi-
first mover. nated involvement of the EPC in the
world of global card standardisation
Growing card market bodies. The need is not only for standard
The new modernised architecture of cards setting, but for management and industry
standards — with the use of a universal set best practices up to regional and global
of global business rules and messages — implementation on current and future
can boost the card payment acquiring market developments: therefore governing
market for retailers and banks in terms of regional needs and solutions in a global
increased STP throughout the whole cards cards (and mobile) ecosystem.
value chain. In addition, it can boost the
end-to-end provision of transaction data Synchronisation of standardisation
and provide efficiencies through STP. It The full enabling of a global/regional open
gives new space for future market solu- standard that can generate market growth is
tions, faster end-to-end sales and pay- conditional on a fully global and regional
ments, and wider usage of cards, with the acceleration of market development and
option of starting with local key solutions innovations, and requires synchronisation
based on a global standard. This will bring with individual standards so as to stay and
further smooth market growth in global remain STP end to end. Synchronisation in
market needs for users such as regional or proprietary standards and open scheme
global banks and retailers. It will also pro- standards, open ISO standards on market
vide market growth and lower average change and the delivery of business solu-
transaction and service costs for the indus- tions along the chain are required. In other
try. This will ensure that all transaction words, the full industry-standardised opera-
data is available throughout the whole card tion environment for all stakeholders
value chain, offering opportunities for data should be aligned. An ad hoc synchronisa-
extraction in terms of management infor- tion by individual market forces, or syn-
mation and other data-mining. chronisation by the aligned management of

Page 97
Karsten:JSC page.qxd 08/06/2012 10:31 Page 98

The European cards environment and ISO 20022

respective industry bodies is preferred for SOURCES

the kernel of open standards providing syn- ATICA (2009) Business Justification for the
chronisation and STP in developments development of new ISO 20022
Financial Repository Items’, ISO,
within the full global or open market card
Geneva, available at:
chain.
http://www.iso20022.org/documents
/BJ/BJ044/ISO20022BJ_ATICA_v4
AUTHORS’ NOTE _with_comments.pdf
This paper is the view of the authors and is not The Berlin Group CCPAY (2010) Business
necessarily representative of any other views on Justification for the development of new
the subject. ISO 20022 Financial Repository Items,
ISO, Geneva, available at:
http://www.iso20022.org/documents
REFERENCES AND NOTES /BJ/BJ051/ISO20022BJ_CCPAY_v4
(1) ATICA is not an implementation _with_comments.pdf
standard as such. Any card scheme does EPAS Consortium (2009) Business
not have to use the entire set of Justification: For the update of the
messages to conduct their business. UNIFI (ISO 20022) Financial
There are many optional data elements Repository, 28th April, available at:
that could be made mandatory if http://www.iso20022.org/documents
required by a particular scheme. /BJ/BJ020/ISO20022BJ_CardPayments
(2) At the time ISO 20022 was developed, Exchanges_ASN1_with_comments.pdf
Extensible Mark-Up Language, or XML, EPASOrg (2010) ‘EPAS Acquirer protocol:
was already the preferred syntax for First universal ISO 20022-card standard’,
communication. Early in 2000, the EPASOrg, Brussels, 18th November,
industry had already moved to the single available at: http://www.itea2.org
common XML-based language. /epasorg_standard
(3) A card scheme is a technical and European Payments Council (2008)
commercial and technical arrangement ‘Questions and Answers Clarifying Key
set up to serve one or more brands of Aspects of the SEPA Cards Framework’,
cards which provide the organisational, EPC, Brussels, available at:
legal and operational framework http://www.europeanpayments
necessary for the functioning of the council.eu/knowledge_bank_detail.cfm?
services marketed by those brands (ECB documents_id=132
Glossary, see: http://www.ecb.int European Payments Council (2009) ‘Get
/home/glossary/html/glossc.en.html). Involved! — EPC establishes the Cards
(4) The Payment Card Industry, Data Stakeholder Group’, EPC Newsletter,
Security Standard (PCI DSS) is a set of issue 3, July, available at:
comprehensive industry requirements, http://www.europeanpayments
established by the card schemes and council.eu/article.cfm?articles_uuid=
enforced by the PCI Security Standards 82F2BCD0-E82D-7DAE-6C5DD1D12
Council. The standard has been designed 77F5332
to protect card-holder data wherever it is European Payments Council (2009) ‘Open
stored, processed or transmitted. While Letter regarding the Application of the
achieving compliance with the standard SCF to Three Party Schemes’, EPC,
will not prevent a serious data breach, it Brussels, available at:
will provide the foundations of good http://www.europeanpayments
data management and an increased council.eu/knowledge_bank_detail.cfm?
awareness of card data and its value, documents_id=227
helping to reduce the likelihood of an European Payments Council (2009) SEPA
incident. Cards Framework v 2.1, EPC, Brussels,

Page 98
Karsten:JSC page.qxd 08/06/2012 10:31 Page 99

Bruggink, Karsten and de Meijer

available at: http://www.european _detail.cfm?documents_id=522

paymentscouncil.eu/knowledge_bank European Payments Council (2011) ‘Work in
_detail.cfm?documents_id=330 Progress — The EPC approves update of
European Payments Council (2009) ‘SEPA for the SEPA Cards Standardisation Volume
Cards: From Vision to Reality — EPC and a new Resolution “‘Preventing Card
takes forward its Cards Standardisation Fraud in a Mature EMV Environment”’,
Programme’, EPC Newsletter, issue 1, EPC Newsletter, issue 9, January,
January, available at: available at: http://www.european
http://www.europeanpayments paymentscouncil.eu/article.cfm?articles_
council.eu/article.cfm?articles_uuid= uuid=C70EC06B-BDA8-2F05-D0B5A1
A10F1401-E30C-BC06-BA43278DA0E F8445D51AC
88F66 European Payments Council (2012) SEPA
European Payments Council (2010) Cards Standardisation Volume — Book
‘European ATM Fraud Losses down 36 of Requirements Version 6.0, EPC,
Percent — EMV rollout at ATMs in Brussels, January, available at:
Europe is helping to reduce skimming http://www.europeanpayments
losses in some SEPA countries’, EPC council.eu/knowledge_bank_detail.cfm?
Newsletter, issue 6, April, available at: documents_id=560
http://www.europeanpayments European Payments Council (2012) ‘Version
council.eu/article.cfm?articles_uuid= 6.0 of the SEPA Cards Standardisation
3EBDA5B6-CB2E-179D-211BE1EBB4 Volume — Book of Requirements
A0CE0C Published — SEPA cards standardisation
European Payments Council (2010) Shortcut continues to move forward’, EPC
to the SEPA Cards Framework, EPC, Newsletter, Issue 13, January, available at:
Brussels, available at: http://www.europeanpayments
http://www.europeanpayments council.eu/article.cfm?articles_uuid=
council.eu/knowledge_bank_detail.cfm? 692CB4F3-5056-B741-DBA44323B733
documents_id=340 2B55
European Payments Council (2010) ISO (no date) ISO 20022 Newsletters,
‘Standardisation is Key — Focus on available at: http://www.iso20022.org
security requirements and a European /newsletter_archive.page
certification framework’, EPC The OSCar Project (2011) ‘Paving the way
Newsletter, Issue 7, July, available at: for achieving SEPA for Cards’, The
http://www.europeanpayments OSCar Project, 28th February, available
council.eu/article.cfm?articles_uuid= at: http://www.paycert.fr/IMG
C68372B9-0E89-665F-D086B2AF186 /pdf/OSCar_presentation.pdf
B5095 SWIFT (2010) ‘ISO 20022 for Dummies’,
European Payments Council (2011) Response SWIFT, La Hulpe, October.
Template Public Consultation 2011 Vanobberghen, W. (2011) ‘EPAS: a new breed
SEPA Cards Standardisation Volume — of universal card payment standards’,
Book of Requirements, EPC, Brussels, EPASOrg, Milan, 17th May, available at:
available at: http://www.european http://www.insic.it/eventi/payment2011
paymentscouncil.eu/other_documents /relazioni/epasorg.pdf

Page 99