ISO-12812 – Within the year 1996, the most recent versatile phones of the time permitted us to form calls on the move, play straightforward diversions (Wind & Stepping stool kind) and text messages to our family and companions. Nowadays, able to utilize them to get to the Web, make video calls, take photographs, Video record, offer assistance us to explore goals on an outline, pay for administrations and merchandise, send cash to each other, permit us for managing an account and the list is for all intents and purposes unending with numerous other applications.

Introduction – ISO-12812

ISO-12812 primarily targets the industry in dire need of attention. Possible paraphrases: – There is a need for systems and rules that govern international or global activities. – The international community requires mechanisms and standards to manage and oversee various operations. – From a global perspective, it is important to establish frameworks and policies that control and regulate different aspects. The promotion and assurance of consumers’ protection are being prioritized through the ISO-12812 standards for mobile financial services, including mobile money, payments, banking, etc. Although still in the early stages and considered a draft, these standards have been released to the public.

The dialogue for our post centres on Versatile Money, Mobile Installments i.e. individual, person-to-business etc. In today’s time, we utilize as well much of mobile devices instead of any conventional or ancient strategy for performing budgetary administrations (i.e. installments and managing an account). This can be giving a relentless rise in the number of users for Web, GSM, Versatile Information & Versatile Monetary Administrations.


The key is to perceive that sedimental things put away within the consumer’s intellect and blocking the oxidational kind of straightforwardness will now not be the case. Presently shoppers would presently or will have at slightest all the data accessible sometime recently getting into the kind of trap or comfort trade as customers without numerous complaints. Components and debate determination will offer assistance to them to moderate down. In spite of the fact that clarity of its pertinence is still hazy i.e. as it were to centre managing an account or fintech and MNO as well are secured.

ISO-12812 : Outlook

Make it easy and encourage coordination among the distinct aspects or features of constructing financial services for mobile devices. Governance, transparency, and accountability, as well as e-governance applications, models, successes, limitations, and potential, along with citizens’ charters and institutional measures, are being compiled and organized for application within an industry that currently lacks regulations. This is a significant initiative.

The payment industry is constantly evolving, leading to the development and implementation of mobile financial services by various providers in different regions of the world. Encouraging safeguards for consumers such as equitable terms in agreements, regulations for clear communication of fees, and explanations of responsibility.
Currently, the potential for the advancement of Mobile Financial Services is apparent due to the availability of mobile devices. As far as my understanding goes, it would be appropriate to refer to it as Mobile Financial Services because the services provided on mobile devices extend beyond just the device itself.

Enabling the consumer to choose from different providers of devices, interfaces or mobile financial services including the possibility to contract with several mobile financial service providers for services on the same device or different services from different service providers or the ability to migrate service from one device to another one (portability).

What Is It – Little Details

When any organisation decided to implement ISO 12812, the first international standard for Mobile Financial Services as it expands its Financial Services business and platforms. The company has to embark on a project to gain ISO 12812 Certifications. This in turn give confidence, peace of mind and international recognition. The Standard is divided into 5 parts covering as below.

  • ISO 12812-1 General Framework and Common Terminology – This defines the general framework of mobile financial services (payment and banking services involving a mobile device).
  • ISO 12812-2 Security and Data Protection – A Security Framework including an analysis of vulnerabilities, threats and countermeasures for the operation of MFSs.
  • ISO 12812-3 Application Management – ISO/TS 12812-3:2017 specifies the interoperable lifecycle management of applications used in mobile financial services. As defined in ISO 12812-1, an application is a set of software modules and/or data needed to provide functionality for a mobile financial service.
  • ISO 12812-4 Mobile Payments to Persons (P2P) – This document provides comprehensive requirements and practices involved in mobilizing the transfer of funds as well as specific use cases for the implementation of interoperable mobile payments to persons. The great debate over titles- what is a person?
  • ISO 12812-5 Mobile Payments to Business – It focuses on mechanisms by which a person (“consumer”, “payer” or “business”) uses a mobile device to initiate a payment to a business entity (“merchant” or “payee”). Such a payment may use the traditional merchant point of interaction (POI) system, where the manner of settling the payment follows well-established merchant services paradigms.

A collection of definitions that are widely accepted among global participants in the finance industry. Our aim is to present a visual representation of the various efforts towards standardization in the realm of mobile financial services. The latest ISO standard emphasizes the importance of creating a secure setting, instilling confidence in both customers and merchants and enabling MFS providers to assume their risk management responsibilities. The ISO organization has introduced a fresh collection of guidelines for mobile banking with a view to advancing financial accessibility.

Who Should Care

It is crucially important that stakeholders enjoy the benefits of changes in services, while service providers maintain their competitiveness and autonomy to pursue their own business goals. The ISO 12812 standard focuses on technical interoperability, specifically examining the implications of incorporating mobile devices into financial services by incorporating new components and interfaces. The ISO framework has been enriched with a new standard that surfaced in 2017.

The standard consists of five individual components, with the initial component setting up the overall framework for mobile financial services. The core idea behind this proposal is to make it easy and advance the exchangeability, safety, and excellence of monetary operations on mobiles, specifically banking and payment transactions. These transactions could be sourced from more than just traditional banking establishments and may come from Banking as a Service or Banking as Platform providers using mobile devices as the main transactional tool.

To guarantee the safety and legitimacy of signatures, it is crucial to separate the identification of individuals in the system from their private and confidential identity information. To preserve the authenticity of the system and thwart any attempts at fraudulence, this precautionary measure is deemed essential. It is essential that the messages remain unaltered while being transmitted.

Nevertheless, it is permissible for them to be included in encapsulated messages created by intermediaries. This approach is consistent with the appropriate procedure for safeguarding the accuracy and security of transmitted information. The ISO 20022 Data Dictionary was designed to cater to a vast range of financial service asset classes. The security deficiency of the mentioned problem is quite significant due to the absence of any existing security measures within its apparatus.

Part-2 ISO-12812

ISO 12812 – Part 2 directly references data at rest, data in transit, HMAC, encryption, tamper-resistant key material storage, keys to encrypt keys, channel security for general protection and encryption of sensitive information within the messages themselves, keys that encrypt other keys. The weakness of each component varies, and attackers will always strike vulnerabilities with the highest expected payoff which is the sad reality of the matter and the reason why we need all these standards, policies, procedures and frames works.

If we look at today’s payment, electronic payment or in today’s modern times it’s now called digital payments and ask questions to our self. What is the payment the simple answer (maybe a bit technical though) would be “Its an information in bits and bytes that travel on information technology networks and consists of many small attributes i.e currency, amount, a and b party info etc pass through several components like computers, communication channels, software, and users—each subject to attack and requiring defence. Developers / Engineers can’t protect all the components all the time so we must work on protecting the underlying data.

This requires a data protection framework that spans the UI to the very data storage. A proper framework will allow the web/internet to be used as the payment pipes. Without such a data protection framework it will be impossible to safely use the web/internet because of the uncertainty of security of each network node a transaction goes through. In order to put a security framework to recognize the global nature of technology which yet avoid guidance based on country of origin, which would impede international commerce. National cybersecurity concerns can be addressed in alignment with an international standard that drives and tailors risk vs security.

Only part 1 is formally an international standard, as parts 2 thru 5 could not gain sufficient support to be accepted as full standards, but instead were pushed through to publication as Technical Specifications which is a classification that addresses work still under technical development, or where it is believed that there will be a future, but not immediate, possibility of agreement on an International Standard. More and more to do on intellectual property, technical locks, liability policy; CP in cash transfers & remittances; Keep up the good work. Due to the nature of payments and preventing fundamental challenges.

While each actor must be identifiable, a number of use cases that need to be addressed include low-value or less-sensitive payments which do not require the knowledge of a participant’s identity as a part of the transaction. It must be possible to provide read-only access to transaction information to third parties (with user consent).  Patrice Hertzog, chair of the ISO technical subcommittee that developed the series, says that with more people having mobile phones than bank accounts in the world, developing this technology will bring secure financial services to a wider audience. Some expert says to refer to the suite of 12812 publications as standards, or even “technical standards” is inaccurate.

Books + Other Readings Referred

  • Open Internet – News Portals, Economic development report papers of  world bank
  • ISO Forum documents
  • Personal experience & work of  @AILabPage members

Conclusion – Not yet finished but probably yes in both cases it’s a required deal and need of the time.  Well, I would say that wouldn’t be in case Payment schemes define identifier syntax and semantics (e.g., primary account numbers (PANs) for credit cards, or Bitcoin account identifiers).

We expect to support scheme-specific identifiers. But where global identifiers are required and are not scheme specific. ISO-12812 standard is a welcome move and a long way to go to put some breakers and nuts & bolts. it is important that every actor/system be uniquely identifiable to other actors and systems participating in the payments process.

#Any information extracted from any site/blog/post – remains their proprietary and all credit accordingly remains with them. The idea here is to simplify and cascade the information further.

====================== About the Author =================================

Read about the Author  at : About Me 

Thank you all, for spending your time reading this post. Please share your feedback / comments / critics / agreements or disagreement.  Remark for more details about posts, subjects and relevance please read the disclaimer.

FacebookPageTwitter                          ContactMe                          LinkedinPage   ==========================================================================

Posted by V Sharma

A Technology Specialist boasting 22+ years of exposure to Fintech, Insuretech, and Investtech with proficiency in Data Science, Advanced Analytics, AI (Machine Learning, Neural Networks, Deep Learning), and Blockchain (Trust Assessment, Tokenization, Digital Assets). Demonstrated effectiveness in Mobile Financial Services (Cross Border Remittances, Mobile Money, Mobile Banking, Payments), IT Service Management, Software Engineering, and Mobile Telecom (Mobile Data, Billing, Prepaid Charging Services). Proven success in launching start-ups and new business units - domestically and internationally - with hands-on exposure to engineering and business strategy. "A fervent Physics enthusiast with a self-proclaimed avocation for photography" in my spare time.

Leave a Reply