Sie sind auf Seite 1von 20

Information about this New Document

New document This Mobile Provisioning Service Product Guide, dated August 2008, is an entirely new document. This document introduces the MasterCard Mobile Provisioning Service. Contents

Mobile Provisioning Service Product Guide


August 2008

Proprietary Rights The information contained in this document is proprietary and confidential to MasterCard International Incorporated, one or more of its affiliated entities (collectively MasterCard), or both. This material may not be duplicated, published, or disclosed, in whole or in part, without the prior written permission of MasterCard. Trademarks Trademark notices and symbols used in this manual reflect the registration status of MasterCard trademarks in the United States. Please consult with the Customer Operations Services team or the MasterCard Law Department for the registration status of particular product, program, or service names outside the United States. All third-party product and service names are trademarks or registered trademarks of their respective owners. Media This document is available: On MasterCard OnLine On the MasterCard Electronic Library (CD-ROM)

MasterCard Worldwide 2200 MasterCard Boulevard OFallon MO 63368-7263 USA 1-636-722-6100 www.mastercard.com

2008 MasterCard Mobile Provisioning Service Product Guide August 2008

Publication Code: PYM

Table of Contents

Using this Document


Purpose ................................................................................................................... 1 Audience................................................................................................................. 1 Times Expressed..................................................................................................... 1 Excerpted Text ....................................................................................................... 2 Language Use ......................................................................................................... 2 Revisions ................................................................................................................. 2 Contact Us .............................................................................................................. 3

Chapter 1

Introduction to the Mobile Provisioning Service


Overview .............................................................................................................1-1 Key Features ........................................................................................................1-1 Platform................................................................................................................1-2 Personalization Process.......................................................................................1-3 Step 1: Consumer Registration......................................................................1-4 Step 2: Transfer of details to the Mobile Provisioning Service ...................1-5 Step 3: MasterCard Routing to OTA Vendor................................................1-6 Step 4: OTA Personalization Undertaken by the Consumer .......................1-6 Cryptographic Management................................................................................1-8 Branding Opportunity .........................................................................................1-8 Customer Service.................................................................................................1-9 Constraints ...........................................................................................................1-9 Intellectual Property ..........................................................................................1-10 Issuer Pricing .....................................................................................................1-11

2008 MasterCard Mobile Provisioning Service Product Guide August 2008

Using this Document


This chapter contains information that helps you understand and use this document.

Purpose ...................................................................................................................1 Audience.................................................................................................................1 Times Expressed.....................................................................................................1 Excerpted Text .......................................................................................................2 Language Use .........................................................................................................2 Revisions .................................................................................................................2 Contact Us ..............................................................................................................3

2008 MasterCard Mobile Provisioning Service Product Guide August 2008

Using this Document


Purpose

Purpose
The MasterCard Mobile Provisioning Service Product Guide helps issuers, vendors, and other interested parties understand the high-level workflow of the handset personalization process that transfers the cardholders card details to their mobile phone and enables it for use at a PayPass terminal.

Audience
MasterCard provides this document for members and their authorized agents. Specifically, the following personnel should find this document useful: Issuers Vendors Mobile Network Operators

Times Expressed
MasterCard is a global company with locations in many time zones. The MasterCard operations and business centers are in the United States. The operations center is in St. Louis, Missouri, and the business center is in Purchase, New York. For operational purposes, MasterCard refers to time frames in this document as either St. Louis time or New York time. Coordinated Universal Time (UTC) is the basis for measuring time throughout the world. You can use the following table to convert any time used in this document into the correct time in another zone.
St. Louis, Missouri USA Central Time
Standard time

Purchase, New York USA Eastern Time 10:00

UTC 15:00

09:00

(first Sunday in November to second Sunday in March a)


Daylight saving time

09:00

10:00

14:00

(second Sunday in March to first Sunday in November b)


a b

For Central European Time, last Sunday in October to last Sunday in March. For Central European Time, last Sunday in March to last Sunday in October.

2008 MasterCard Mobile Provisioning Service Product Guide August 2008

Using this Document


Excerpted Text

Excerpted Text
At times, this document may include text excerpted from another document. A note before the repeated text always identifies the source document. In such cases, we included the repeated text solely for the readers convenience. The original text in the source document always takes legal precedence.

Language Use
The spelling of English words in this document follows the convention used for U.S. English as defined in Merriam-Websters Collegiate Dictionary. MasterCard is incorporated in the United States and publishes in the United States. Therefore, this publication uses U.S. English spelling and grammar rules. An exception to the above spelling rule concerns the spelling of proper nouns. In this case, we use the local English spelling.

Revisions
MasterCard periodically may issue revisions to this document to accommodate enhancements and changes, or as corrections are required. With each revision, a Summary of Changes describes how the text changed. Revision markers (vertical lines in the right margin) indicate where the text changed. The date of the revision appears at the right of each revision marker. MasterCard may publish revisions to this document in a MasterCard bulletin, another MasterCard publication, or on MasterCard OnLine. A subsequent revision is effective as of the date indicated in that publication or on MasterCard OnLine and has precedence over any previous edition. In the event of a conflict between this document and a subsequently published edition, the subsequently published edition shall have precedence.

2008 MasterCard August 2008 Mobile Provisioning Service Product Guide

Using this Document


Contact Us

Contact Us
Please take a moment to provide MasterCard with your feedback about the Mobile Provisioning Service Product Guide. MasterCard continually strives to improve user documents. User feedback helps MasterCard accomplish this goal. Please provide feedback about this document to Manuals and Publications at publications@mastercard.com.

2008 MasterCard Mobile Provisioning Service Product Guide August 2008

Introduction to the Mobile Provisioning Service


This document describes the MasterCard Mobile Provisioning Service and provides the high-level workflow of the handset personalization process that transfers the cardholders card details to their mobile phone and enables it for use at a PayPass terminal.

Overview .............................................................................................................1-1 Key Features ........................................................................................................1-1 Platform................................................................................................................1-2 Personalization Process.......................................................................................1-3 Step 1: Consumer Registration......................................................................1-4 Step 2: Transfer of details to the Mobile Provisioning Service ...................1-5 Step 3: MasterCard Routing to OTA Vendor................................................1-6 Step 4: OTA Personalization Undertaken by the Consumer .......................1-6 Cryptographic Management................................................................................1-8 Branding Opportunity .........................................................................................1-8 Customer Service.................................................................................................1-9 Constraints ...........................................................................................................1-9 Intellectual Property ..........................................................................................1-10 Issuer Pricing .....................................................................................................1-11

2008 MasterCard Mobile Provisioning Service Product Guide August 2008

1-i

Introduction to the Mobile Provisioning Service


Overview

Overview
MasterCard offers the Mobile Provisioning Service to enable issuers to launch MasterCard PayPass on Mobile programs for their customers quickly and with minimal development and implementation effort.

Definition Over the air (OTA) personalization is the secure transfer of the consumers payment account details via the carrier network, in to the secure area of the consumers NFC (Near Field Communication) enabled mobile phone.

Previously, to complete field trials, issuers have had limited optionseither undertake manual personalization of NFC-enabled handsets with payment accounts or find an OTA personalization service provider independently. The process can be prohibitively expensive, and issuers have found it difficult to maintain control over stock and distribution. MasterCard streamlines this process by offering the Mobile Provisioning Service.

Key Features
The Mobile Provisioning Service delivers to issuers the capability to provision mobile handsets with MasterCard payment credentials over wireless networks. A number of features comprise the service, such as: A Web services interface for issuers to initiate provisioning and to receive provisioning lifecycle information A standardized Web services interface from MasterCard to Trusted Service Managers (TSMs) that execute the provisioning into the cardholders handsets A standard MasterCard user interface for the provisioning process, with MasterCard branding components End-to-end security certification Real-time performance of provisioning transactions, initiated by the cardholder Dynamic, intelligent routing to multiple TSMs Event status reporting to issuers, which issuers can use in their customer service interactions with cardholders Global coverage and reach

2008 MasterCard Mobile Provisioning Service Product Guide August 2008

1-1

Introduction to the Mobile Provisioning Service


Platform

Direct interface to planned MasterCard mobile Type Approval database Ability to personalize, lock, unlock, and delete account details, which helps the issuers customer service team to manage the lifecycle of the consumer account

Platform
With just a few preliminary steps, issuers can easily integrate with the Mobile Provisioning Service. As more and more vendors and mobile service providers become available, issuers can quickly connect with these certified vendors. MasterCard certifies vendors for the personalization process, which ensures that the vendors have been subject to: Security due diligence Compliance Assessment and Security Testing (CAST) approval PCI Security Standards Council (PCI) compliance

MasterCard also will manage the type approval of handsets to ensure the personalization is limited to type approved devices. To request this functionality, the issuers consumers would normally register for PayPass on a Phone through their issuers Web site. There, the user would be prompted to provide specific phone details (such as mobile phone number, handset model, network operator) and to establish a one-time verification code for use within the personalization process. Once an issuer has correctly established the consumers registration for PayPass on a Phone, the consumer is presented on the handset with a simple and secure personalization interface. MasterCard developed the user interface after extensive usability analysis. The Mobile Provisioning Service also provides customer service capability via the interpretation of the responses provided through the Web interface. This allows the issuers customer service team to track and manage the lifecycle of the consumer account.

1-2

2008 MasterCard August 2008 Mobile Provisioning Service Product Guide

Introduction to the Mobile Provisioning Service


Personalization Process

Personalization Process
Within the system, there are four distinct phases of the process involving interaction between different entities. Figure 1 provides a global view of the process and the entities that are involved.
Figure 1High-level Overview of Personalization Process

Registration/Validation

Consumer/ cardholder Provisioning Data

Issuer

Web Service Interface Mobile Network Operator Personalization Data Personalization Requests and Responses

OTA Vendor OTA Vendor OTA Vendor

MasterCard

The subsequent sections describe in greater detail the process that culminates in the consumers NFC-enabled handset being personalized with their card details.
2008 MasterCard Mobile Provisioning Service Product Guide August 2008

1-3

Introduction to the Mobile Provisioning Service


Personalization Process

Step 1: Consumer Registration


The issuer will need to extend their consumer registration process to allow a consumer to enter specific details about the mobile phone. The application must allow consumers to register only eligible NFC handsets that are included within the MasterCard list of type approved handsets.
Step 1. Consumer registers for product at issuers Web site.

Registration/Validation

Consumer/ cardholder
Step 1.1 Description

Issuer

The consumer accesses the issuers registration Web site and enters details, including the consumers personal information (sufficient for Know Your Customer (KYC) processes), the mobile phone model, phone number, and mobile network operator.

1-4

2008 MasterCard August 2008 Mobile Provisioning Service Product Guide

Introduction to the Mobile Provisioning Service


Personalization Process

Step 2: Transfer of details to the Mobile Provisioning Service


MasterCard has developed a standard Web interface for communication between the issuer and MasterCard for the provision of personalization requests. Issuers will need to develop an interface to this standard to allow real-time supply of these requests to MasterCard.
Step 2. Issuer transmission of details to MasterCard.

Issuer

Web Service Interface

MasterCard
Step 2.1 Description The issuer validates the application made by their consumer (for KYC requirements), determines the validity of the entry, and ensures that all of the required details are provided. The issuer then sends the personalization request to MasterCard via the secure, tested Web service interface.

2.2

2008 MasterCard Mobile Provisioning Service Product Guide August 2008

1-5

Introduction to the Mobile Provisioning Service


Personalization Process

Step 3: MasterCard Routing to OTA Vendor


Once MasterCard confirms that the data supplied by the issuer is valid, the request the request is repackaged into a standard format and forwarded to one of the certified OTA vendors who participate in the Mobile Provisioning Service. At each step of the process, a status is recorded within the Mobile Provisioning Service, which is accessible by the issuer (for care and troubleshooting purposes) via MasterCard OnLine.
Step 3. Mobile Provisioning Service routes request to available certified vendor.

Personalization Requests and Responses MasterCard

OTA Vendor OTA Vendor OTA Vendor


StepDescription

3.1 MasterCard validates the request and identifies the available vendor to carry out the OTA personalization. 3.2 MasterCard transmits the personalization request to the vendor via secure link. 3.3 The status is recorded for access by the issuer via the Web interface.

Step 4: OTA Personalization Undertaken by the Consumer


The OTA vendor initiates a Wireless Application Protocol (WAP) session via a WAP push to the NFC handset (mobile number) that was registered by the consumer during the first phase of the process. When its convenient, the consumer will begin the personalization process on their handset and identify themselves as the registered owner of the handset using the authentication PIN established by the consumer at the time of registration.

Definition WAP push is a communication method to allow WAP content to be pushed to the mobile handset with minimum user intervention. A WAP push is a specially encoded message that includes a link to a WAP address.

1-6

2008 MasterCard August 2008 Mobile Provisioning Service Product Guide

Introduction to the Mobile Provisioning Service


Personalization Process

Step 4. OTA service provider initiates personalization, undertaken by consumer.

Consumer/ cardholder Provisioning Data

Mobile Network Operator Personalization Data

OTA Vendor OTA Vendor OTA Vendor


Step Description 4.1 The OTA Vendor initiates personalization session via WAP push on the consumers handset (number recorded at registration within step 1). 4.2 The consumer confirms the start of the download application on the handset and authenticates themselves prior to downloading their card details. 4.3 During the personalization process, MasterCard records the status within the Mobile Provisioning Service, for access by the issuer via the Web interface.

Once personalization is completed, the consumer is able to initiate PayPass transactions with their phone at any retail outlet that accepts MasterCard PayPass.

2008 MasterCard Mobile Provisioning Service Product Guide August 2008

1-7

Introduction to the Mobile Provisioning Service


Cryptographic Management

Cryptographic Management
To complete the personalization of the secure element within the phone, the issuer must share key information with the certified vendors. The Mobile Provisioning Service leverages the security of the MasterCard Key Management Centre (KMC) to help streamline the personalization of a PayPass device. Standard setup using in-house track data generation begins with the issuer delegating to MasterCard the use of the issuer master key. CVC 3 delegation is typical when issuers use the PayPass On-behalf Services for mapping and CVC 3 pre-validation. When a personalization request is received, a call to the KMC derives the KDcvc3 from the issuer master key and the primary account number that is being personalization. The KDcvc3 is used to calculate dynamic CVC 3 values when the PayPass device is used at a terminal.

Definition CVC 3 is a code algorithmically derived by a MasterCard PayPass card or device. This code is used by the mag stripe issuer to authenticate the PayPass card or device initiating a transaction.

Using in-house track data generation provides many benefits including track data format definition, derivation of values necessary for Dynamic CVC 3, secure transport of data, and, most importantly, the security of the Issuer Master Key stored in the MasterCard Key Management Centre.

Branding Opportunity
The user interface presented to the consumer at the time of personalization offers a unique branding opportunity to issuers. MasterCard can incorporate the issuers brand artwork into the user interface. Issuers that want to leverage this opportunity must submit brand artwork when the project begins so that MasterCard can incorporate it into the user interface. The dimensions of this artwork should be 220 x 50 pixels set against a white background. This can be provided in a .jpeg, gif, or .png file format.

1-8

2008 MasterCard August 2008 Mobile Provisioning Service Product Guide

Introduction to the Mobile Provisioning Service


Customer Service

Customer Service
The issuer retains control of the consumer relationship throughout the process, and the issuers systems authenticate the consumers identity. The issuer will connect with MasterCard via a proven Web services interface to provide the predefined data elements within the personalization details. These data elements are then validated by MasterCard to ensure that the request is complete. Issuers can perform any of the following events to manage the product lifecycle: Provision and/or personalize the device De-provision device De-personalize the device Re-personalize Temporary locking of the personalized details (as a risk management tool) Unlocking of the personalization details

MasterCard records the details of these events and responds with event logs related to the requests. MasterCard has designed a detailed method of communication of events between the vendor and the Mobile Provisioning Service, and these event logs are returned to the issuer through the Web interface connection. For a detailed list of these events, please contact MasterCard.

Constraints
MasterCard will ensure that only certified vendors act as service providers within the Mobile Provisioning Service and that only type approved handsets are personalized; however, the following factors are beyond the control of the Mobile Provisioning Service:
Signal strengthThe download of the application and the preferred user

interface has been optimized for speed and convenience; however, variations in signal strength depend on where the consumer initiates the OTA personalization process. Issuers should clearly notify consumers within their product literature that the consumer must ensure sufficient signal strength to allow the OTA personalization process to complete.

2008 MasterCard Mobile Provisioning Service Product Guide August 2008

1-9

Introduction to the Mobile Provisioning Service


Intellectual Property

Subscription to necessary data servicesThe availability of applicable services taken by the network subscriber may not allow data transfer.

Issuers should state very clearly, during the registration process and subsequently in after-care, that the consumer should ensure that data services are available for their network subscription. Without access to these services, it will be highly unlikely that their network provider will allow data to be passed to the handset.
NFC-enabled handset availabilityNFC handset availability for the various networks (CDMA versus GSM).

Note

Global System for Mobile communications (GSM: originally from Groupe Spcial Mobile) is currently the most popular standard for mobile phones in the world. Its promoter, the GSM Association, estimates that 82 percent of the global mobile market uses the standard.

Note

Code Division Multiple Access (CDMA) is a method for transmitting simultaneous signals over a shared portion of the spectrum. The foremost application of CDMA is the digital cellular phone technology from QUALCOMM that operates in the 800MHz band and 1.9GHz PCS band. CDMA phones are noted for their call quality.

There are two types of handsets available depending on the network for which they are functional. MasterCard will provide to NFC handset manufacturers guidelines about how to obtain type approval for new handset models as they arrive on the market. MasterCard will communicate the list of type approved handsets to the issuer as they become available.
Handset battery lifePersonalizing the mobile phone with the consumers card details does not take more than a minute; however, the issuer should warn their consumer that sufficient battery life is required for the completion of the process.

Intellectual Property
MasterCard will retain all intellectual property rights against the solution developed within the Mobile Provisioning Service. This will be fully documented within any legal agreements to be signed by both parties prior to the issuer taking the services 1-10
2008 MasterCard August 2008 Mobile Provisioning Service Product Guide

Introduction to the Mobile Provisioning Service


Issuer Pricing

Issuer Pricing
MasterCard will charge issuers a one-time set-up fee of USD 60,000 in addition to tiered pricing, indicated as follows.
Transaction Volume (per year) Up to 500,000 transactions from 500,001 to 1,000,000 transactions from 1,000,001 to 2,500,000 transactions from 2,500,001 to 5,000,000 transactions from 5,000,001 to 10,000,000 transactions from 10,000001 to 99,999,999 transactions Price (per transaction) USD 0.60 USD 0.55 USD 0.50 USD 0.40 USD 0.35 USD 0.30

These fees are specific to the Mobile Provisioning Service and are in addition to any other fees an issuer may incur for other products or services.

2008 MasterCard Mobile Provisioning Service Product Guide August 2008

1-11