Tomcat
Professional
- Messages
- 2,689
- Reaction score
- 963
- Points
- 113
Basic concepts and definitions
By the beginning of 2009, banks participating in the largest international payment systems VISA, MasterCard, American Express, Diners Club, JCB in total issued (issued to their customers) about 4 billion cards. Plastic cards have become a common attribute of today's everyday life, and it can be argued that many people on our planet know at least in general terms what plastic cards are and how to use them.Nevertheless, in order to continue to adhere to a common and understandable terminology, we will briefly describe how non-cash payment systems based on the use of plastic cards function.
Let's start with the main thing - a bank plastic card. Consider a bank whose clients keep their savings in bank accounts. When a bank customer is about to make a purchase, but there is not enough money in his pocket for this, he can go to the bank, withdraw the required amount from his account (if any) and go to the store to make a purchase.
In order to go to the bank less often, the client withdraws money taking into account not only the current purchase, but also taking into account other expenses projected for the foreseeable future. Thus, the client causes serious damage to the banking business, since the money withdrawn for the future could continue to work for the bank instead of lying in someone's pocket and waiting for the moment of its application.
The situation would radically change for the bank if it had a mechanism to provide its customers with remote access to their accounts at customer service points (for example, shops, restaurants, taxis, etc.). In this case, the client would not need to withdraw money for future use. Having access to his account, he would simply make a payment transaction in the store for the amount of the purchase, using the funds of his own account. To do this, of course, the bank must first agree with the store so that the client, with the approval of the bank, expressed in a predetermined form, can make a non-cash purchase under the guarantees of his bank.
This is how the idea of using a plastic card as a means of remote access of its holder to his bank account appeared. In the 50s. of the last century, over 100 American banks launched their card programs. However, a fundamentally new period in the development of the card business began in 1958, when the first and second largest American banks joined it: Bank of America and Chase Manhattan Bank. Bank of America's card program was called BankAmericard.
With the growth of card programs, most banks faced an obvious problem - the limited network for accepting their cards. This reduced the interest of customers in the cards offered by banks. The client could not rely on the card as a universal means of payment, since in some retail outlets it was possible to pay with a bank card, and in some not. It became obvious that not a single bank in the world is able to conclude agreements with almost all outlets of the world to accept their cards in them. Not to mention the problems of the bank's servicing of stores located in places where there are no bank branches. The shops “remote” from the bank's branches were not interested in concluding an agreement with him on servicing his cards. What is the point for a merchant to conclude such an agreement if he knows that not a single client of the bank may never show up at the door of his store? The idea of combining card programs of various banks was in the air and gradually began to be realized.
In 1966, Bank of America began issuing licenses to issue BankAmericard to other banks. In response, several large banks rivals Bank of America created their own interbank card association, the Interbank Card Association, or ICA. In 1969, this association bought the rights to the Master Charge card, issued by the Card Association of Western State Banks, and most ICA members switched to servicing and issuing Master Charge cards.
In turn, the banks that issued the BankAmericard card insisted that this card program be taken out of the control of Bank of America. Thus, in July 1970, the National Bank American Incorporated, or NBI, was established.
MasterCard to A
As a result, by the early 1970s. in the United States, two main competitors in the bank payment card market have emerged - ICA and NBI. In 1976, the NBI system renamed its card into the well-known VISA card, and in 1980 the ICA association gave its card the international name MasterCard. This is how two of the world's largest payment systems have emerged relatively recently.
The payment system is an association of banks, called banks - members of this payment system, subject to uniform rules (rules of the payment system). When a bank joins an association, it thereby confirms its readiness to follow the established rules of the payment system. These rules determine the technical, legal, organizational and financial aspects of the bank's functioning in the cashless settlement system. The bank's recognition of the system's rules is recorded in its agreement for joining the payment system and is the basis for mutual trust between banks unknown to each other when they organize non-cash payments for their customers. Control over the implementation of the rules by all participants in the payment system is carried out by the executive body - the administrator of the payment system.
The payment system is also the guarantor of settlements between banks - participants in the system. Thus, banks' confidence in the idea of a payment system is maintained, which is based on the confidence of the bank serving the outlet in receiving a refund from the bank of the client who performed the operation at the outlet using a bank card.
In the payment system, each bank can act in two forms: firstly, as a bank issuing plastic cards and, secondly, as a bank serving points of acceptance of plastic cards. Each bank can be both an issuer and a servicing bank at the same time.
As an issuer, the bank issues to its client a special certificate (plastic card), which gives him the opportunity to receive various services. These services include non-cash purchases at a merchant, receiving cash from an ATM or bank branch, obtaining information about the current balance of funds in a client's account, transferring money from one client's account to another client's account, transferring money from a client's account to another person's account, etc. . NS.
In this case, the plastic card remains the property of the issuing bank, and the client who received the card is its holder, that is, the person who received the bank's card for temporary use. The cardholder receives it under an agreement with the bank, which, among other things, stipulates the impossibility of transferring the card to a third party.
The emergence of plastic cards was associated with the provision of the bank's client with the opportunity to pay for purchases of goods and services on credit. At the same time, the card issuer guaranteed the merchant payment for the purchase of its client. At the end of each month, the bank provided the client with an invoice based on all purchases made by the client with the card from the end of the previous month to the end of the current month. The customer had to pay the bank account in full at the beginning of the next month. These cards are called charge cards.
By issuing a credit card, the bank can provide the customer with a real revolving credit. In this case, the bank enters into an agreement with the client, according to which the client is obliged to pay the bank a certain percentage of his debt specified in the agreement on a monthly basis. To the rest of the debt, the bank adds its interest, which is a commission for the lending service provided to the client. The commission is calculated through the bank's lending interest rate and added to the client's current debt remaining from the received bank loan.
Along with credit cards, there are debit cards associated with a customer's deposit account (s) with a bank (accounts that hold the customer's personal funds). In this case, the plastic card is a means of remote access of the client to his bank account. Typically, a customer can perform debit card transactions within the size of their account. Sometimes the bank allows the client to exceed the size of his account within the threshold set by the bank (overdraft).
A plastic card is a carrier of information that:
- identifies the card issuer, the bank association to which the card issuer belongs, the card product, the cardholder - the bank customer (logos of the payment system and the issuing bank, printed / embossed card number, cardholder name, card product feature, for example, surface color card or product name shown on the front of the card);
- determines the issuer's requirements for card servicing (technology supported by the card - chip and / or magnetic stripe, online / offline mode of processing card transactions, the need to perform a transaction only using an electronic terminal, the need for the cardholder to enter the value of his PIN-code, geography card acceptance, the period of time during which the card can be used, etc.);
- used to authenticate the card and its holder (hologram, microprinting, special embossed (embossed) symbols, symbols visible in ultraviolet light, a photo of the card holder, special check values CVC / CW, Chip CVC / iCW, CVC2 / CW2, ensuring the integrity of the card data, cardholder's signature, etc., and in microprocessor cards - additionally secret keys and, possibly, the cardholder's PIN-code).
Some of the details are applied to plastic using a special print or embossing and are read visually and tactilely during the transaction. This information is used by the merchant of the merchant to carry out so-called voice authorization. In this case, the seller contacts the voice authorization service of his servicing bank by phone and informs it about the details of the merchant, card, card holder and the operation being performed. The voice authorization service enters the received information about the card into the computer of the processing center of the serving bank, which initiates the authorization of the operation and returns the issuer's decision to the voice authorization service. The latter communicates the issuer's decision to the trade enterprise.
Another piece of information is stored in the microprocessor (chip) and / or on the magnetic stripe of the card. Information from a magnetic stripe or chip is read using special devices called card readers, card readers, or simply readers. Electronic terminals in a trading enterprise (Point-of-Sale-terminals, or POS-terminals), as well as cash dispensers (ATMs) are equipped with similar readers.
The servicing bank provides support for the infrastructure for accepting plastic cards, which generally includes ATMs, cash points, and trade and service enterprises. The servicing bank concludes agreements with merchants for servicing plastic cards issued by banks of a certain payment system in them, guaranteeing the merchant a refund on all operations performed in it on cards of any bank that is a member of this payment system.
Sometimes the payment system additionally guarantees the merchant a refund for transactions made using the cards of this payment system. Leading payment systems provide merchants with such a guarantee. A payment system guarantee is issued in the event of a financial collapse of a servicing bank and its inability to reimburse a merchant for purchases made using plastic cards. In this case, the payment system settles with the merchant for the card transactions performed in it instead of the bank that failed. The payment system guarantee increases the merchant's confidence in reimbursing funds for a non-cash purchase. This confidence lies at the heart of the technology of payments using plastic cards.
One of the most important tasks of any payment system is the creation of a wide geographically distributed infrastructure for accepting cards. Such an infrastructure for accepting cards makes the use of the card attractive for its holder and issuer. It is to create a developed infrastructure for accepting cards that the efforts of many banks - participants in the payment system are required.
Obviously, the tasks of creating an infrastructure for accepting cards and their issuance are closely related to each other. The more cards circulate in a payment system, the more interesting it is for a merchant to accept cards of this payment system and, therefore, the easier it is to create an infrastructure for accepting cards. On the contrary, the more developed the infrastructure for accepting cards, the more attractive the card of this payment system looks for its holder, and, consequently, the easier it is for banks to sell their customers a plastic card of a bank of such a payment system.
When a customer of bank A is about to make a purchase at a merchant of servicing bank B, the merchant must first ensure that, in accordance with the agreement with servicing bank B, the transaction on the card presented for payment will be reimbursed. In other words, the merchant must ensure that issuer A and servicing bank B are members of the same payment system. Visually, this is established by the payment system logo printed on the buyer's plastic card.
Generally, the service payment process consists of two parts. The first part is transaction authorization (fig. 1.1).
The cashier of the merchant "reads" from the plastic card presented by the customer to pay for the purchase, the information required to authorize the transaction, and, possibly, receives (sometimes in encrypted form) additional customer verification information directly from the customer (for example, the customer's personal identification number, customer name, other identifiers). Next, the cashier adds information about the purchase - the size and currency of the transaction, sometimes the type of transaction.
Based on the information collected, the merchant decides on the technology for performing the operation (by magnetic stripe or chip), as well as on the mode of authorization of the transaction - online or offline. In offline mode, the decision to authorize or reject the operation is made by the terminal and the card (in the case of a microprocessor card). This decision is made online by the card issuer.
In the case of online authorization, the information received from the client and read from the card, as well as information about the purchase and the merchant (identifiers of the merchant and card receiving devices, the method of entering card information into the payment network, a description of the terminal's capabilities for processing a transaction) are transmitted by the merchant to its service provider. to the bank in the form of an authorization request. With the help of an authorization request, the merchant asks the service bank if it can provide the cardholder with the requested service. The servicing bank must check the data received in the request:
- the bank has an agreement with a trading company that has the requisites specified in the request;
- whether the merchant has a bank authorization to perform the operation requested by the cardholder (is the type of operation allowed, currency code, etc.);
- the integrity of the data received from the terminal;
- presence of the card in the stop lists of the payment system;
- fulfillment of the card issuer's requirements for its servicing (for example, the card is intended only for domestic transactions, the card must be used with mandatory verification of its holder's PIN, the transaction must be serviced in real time, etc.). The issuer's requirements for servicing the card are recorded by the issuer during personalization of the card on the magnetic stripe of the card in the data element "Service Code" (see clause 1.3) and, in the case of a microprocessor card, in the data of the card application (data elements Application Interchange Profile, Application Usage Control, CVM List, Issuer Action Code and Track 2 Equivalent Data).
In the case of online authorization, the servicing bank applies for permission to provide services to the cardholder from his issuing bank A. At the same time, banks A and B exchange messages in accordance with the rules established by the payment system. Therefore, the syntax and semantics of messages should be clear to both banks.
Issuer A, having received a request from servicing bank B, verifies the accuracy of information about the card and its holder: the correctness of the card details and cardholder ID, card status in the issuer's system (active or blocked), restrictions on the use of the card, cardholder PIN, if it is presented, CVC / CW (Chip CVC / iCW) values, ARQC cryptograms, card expiration date, etc. After that, bank A determines the sufficiency of funds on the client's account to pay for the requested service.
If all checks are successful, bank A responds to the request of bank B with permission to make a purchase, having previously debited the purchase amount from the client's account (or only "frozen" on it), possibly together with some commissions set by him (in the case of a purchase operation, a commission is charged from the cardholder is usually prohibited by the rules of payment systems).
Since the permission of bank A according to the rules of any payment system is a guarantee of refund of funds to bank B from bank A, the servicing bank, in turn, allows the purchase operation to its merchant, thereby guaranteeing the latter a refund for the operation performed.
MasterCard
^? 9
In most cases, if the servicing bank has provided the issuer with reliable and sufficient (from the point of view of the system rules) information for authorization, the card issuer is responsible for the result of the transaction. In particular, if the transaction turned out to be performed using a fake card or a stolen / lost card, the responsibility for fraud rests with the card issuer (we are not currently considering the accepted shifts of responsibility towards the servicing bank related to the migration of cards to the technology of microprocessor cards).
The second part of non-cash payment for goods / services consists in settlements between all participants in the transaction. As noted, the merchant receives a refund for the purchase from its service bank. The servicing bank, in turn, receives a refund from the issuing bank. The payment system acts as the guarantor of settlements between banks. This is its most important function. Settlements, as a rule, are made without acceptance (that is, without obtaining special permission from their participants) through special accounts opened by banks in the settlement banks of the payment system.
Finally, the issuing bank debits the transaction funds from its client's account. Thus, with the participation and guarantee of the payment system, funds are transferred from the client's account to the account of the merchant.
The basis for settlements between the participants in the transaction may be authorization messages exchanged during the processing of the transaction by the servicing bank and the card issuer. In this case, at the end of the business day, the payment system, based on the information it has, makes settlements for the past day between all its participating banks. Systems in which settlements are made based on authorization traffic are called Single Message System (SMS).
Sometimes the rules of the payment system are such that in order to initiate settlements between the participants in the transaction, the servicing bank must send a special financial message to the payment system, which is then transmitted to the card issuer. Only on the basis of this message, the payment system will carry out settlements for the performed operation between its participants. The ad-hoc message is called the presentment, and the systems that make calculations based on the presentations are called the Dual Message System (DMS).
Today international payment systems support both types of payment systems - SMS and DMS, giving preference to DMS systems for payments for non-cash purchases. Although DMS systems are functionally more flexible, their technical support is more complex and expensive.
In the payment system, from time to time, for various reasons related to technical problems (for example, duplication of an authorization request by the servicing bank) or with committed fraud, disputes (disputes) may arise between the issuer and the servicing bank. For example, a cardholder may claim that he never made a transaction for which money was debited from his account, or made a transaction, but for a different amount. Life is multifaceted, and there can be many similar “ors”. To resolve disputes that arise, payment systems develop rules that provide for the use of special messages, which, in the event of disputes, are exchanged by banks participating in the system.
In particular, if the issuing bank believes that some transaction on its card was performed in violation of the system rules and the detected violation of the rules is described in the rules of the payment system and is identified by some reason code, it sends a special message to the servicing bank, called a chargeback (refusal to pay) , indicating the reason for the refusal reason code. On the basis of this message, the payment network transfers funds related to the operation on which the refusal occurred from the correspondent account of the servicing bank to the account of the issuing bank. The issuer then transfers the returned money to the account of the card holder.
Usually, in accordance with the rules of the payment system, if the servicing bank does not agree with the opinion of the issuer, he can send him a repeated presentation. In this case, the issuer understands that its next repeated refusal to pay will mean the beginning of an arbitration process between the banks - participants in the transaction. The arbitrator for the dispute that has arisen is, as a rule, the administrator of the payment system. The bank may try to appeal against the decision of the system administrator by going to court for this.
Non-cash transactions in payment systems are called transactions. Payment systems support transactions of various types: purchases, cash withdrawals at a bank branch, cash withdrawals from an ATM, obtaining information about the balance of funds on a client's account, etc.
Transactions also differ in the way the card information is presented to the payment system. There are electronic transactions (information about the card is read from a magnetic stripe / chip) and voice authorization (paper-based) transactions.
MasterCard
^? 9
By definition, a CNP transaction (Card Not Present) is a purchase operation with a plastic card, at the time of which the client is not personally present at the merchant. In this case, he informs the merchant of the details of his card (usually the card number and expiration date) necessary for authorization, in absentia (by letter, by phone, data network, etc.).
A special case of a CNP transaction is an e-commerce transaction. An e-commerce transaction is understood as a CNP-transit action, during which the exchange of data between the plastic card holder and the merchant about the card details and the transaction occurs via the Internet. Other types of CNP transactions are MO / TO (Mail Order / Telephone Order) operations (card details and operations are reported to the servicing bank by mail or phone) and recurring payments (regular payments initiated with the consent of the cardholder by the service provider using the details left by the cardholder your card - card number, expiration date, etc.).
The opportunity to make a purchase in absentia (in the absence of the buyer at the point of sale) has always been attractive for both the buyer and the seller. For the buyer - because of the convenience of the way of buying (without leaving home, at any time of the day, in a quiet mode without queuing, etc.), for the seller - mainly due to the possibility of reducing overhead costs for organizing trade and the ability to advertise and sell your product to a wide audience of potential buyers.
At the first stage of the development of "correspondence" trade, the most common way of ordering goods during the purchase were mail, telegraph and telephone. Therefore, such transactions are called MO / TO transactions. The only problem at that time was the organization of payments for such purchases. The seller wanted to identify the buyer in advance and make sure of his creditworthiness. With the proliferation of plastic cards, this problem has been solved to a certain extent - trade enterprises have the opportunity to obtain relatively reliable guarantees of the buyer's creditworthiness.
The relativity of the guarantee was that with absentee purchases, the likelihood of credit card fraud becomes high. To successfully complete an absentee purchase operation, it is often enough to know just the card number and its validity period.
Due to the increased risk of fraud in CNP transactions, on the one hand, and the attractiveness of such transactions from the point of view of merchants and, consequently, their servicing banks, on the other, payment systems allow such transactions, changing the distribution of responsibility for the financial result of the transaction. in case of fraud. This change is formulated as follows. If a merchant does not support a secure technology (which will be discussed below) for processing CNP transactions, the responsibility for fraudulent transactions in such transactions lies with the merchant's servicing bank.
Today, safe technology in international payment systems means mandatory online authorization using the 3D Secure algorithm. With the support of this technology by the merchant, the distribution of responsibility for the CNP transaction becomes classic: in the event of a conflict in the case of correct presentation of data by the servicing bank, the issuer is responsible for the result of the transaction.
Unfortunately, the first truly secure e-commerce protocol known as Secure Electronic Transaction (SET), due to the complexity and cost of implementation, is currently out of use by the MasterCard and VISA payment systems.
