Canadian banks issue landmark NFC payments guidelines that focus on open mobile wallets and consumer data protection

The Canadian banking and credit union industry’s Mobile Payments Reference Model provides a detailed blueprint for how NFC mobile payments can be offered in Canada, how open mobile wallets will be and how consumer privacy will be assured.

Maple leaf
CANADA: Mobile wallets should "protect end user and merchant data"

The Canadian banking industry and credit union system has published a set of guidelines for the development of mobile payments at the point of sale in Canada.

The voluntary guidelines, known as the Canadian NFC Mobile Payments Reference Model, “will serve as a blueprint for how mobile payment capabilities can be offered in the Canadian market, including guidelines around how information is exchanged among various parties to a transaction including financial institutions, payment card companies, telecommunications companies and merchants,” says the Canadian Bankers Association.

“While voluntary, the financial institutions that developed the guidelines are committed to these principles in the mobile market, and these guidelines are intended to create a path to help all market participants move forward in developing mobile payment solutions,” the association adds. Those institutions include:

  • BMO Financial Group
  • National Bank (NB)
  • CIBC
  • Credit Union Central of Canada (Canadian Central)
  • Desjardins Financial Group
  • Royal Bank of Canada (RBC)
  • Bank of Nova Scotia
  • Toronto Dominion Bank (TD)

The 133-page model begins with a set of guiding principles for mobile payments in Canada, explaining that they must be:

Open —

  • Allows for different business models
  • Fosters innovation
  • Ensures competition among market participants

Safe and secure —

  • Protects confidential personal, financial, and transactional information within the mobile payments ecosystem
  • Facilitates secure interactions between financial institutions and the mobile payments ecosystem

Responsive to end user and merchant needs —

  • Provides for ease of use, speed, availability, security, transparency, choice and consistency for users

Standards-based —

  • Establishes clearly defined standards essential for interactions between financial institutions and the mobile payments ecosystem
  • Aligns with the Canadian regulatory environment and avoids overlap with existing standards
  • Considers and respects international standards as a means of facilitating interoperability

Sustainable —

  • Creates a path forward for standards to support the long term viability of mobile payments in Canada
  • Encompasses activities between financial institutions and the mobile payments ecosystem
  • Adapts over time as technology and the ecosystem evolve
  • Allows for economically viable business models that accelerate mobile payments adoption for the mobile payments ecosystem

Focused on mobile technology initiated transactions —

  • Focuses on payment transactions and enabling capabilities
  • Considers pre-payment and post-payment services that enable transactions
  • Considers multiple currencies and payment types
  • Focuses on mobile NFC enabled devices and NFC enabling technologies

Of particular interest is the section on data and security, which explains that strict rules have been set regarding who can access an NFC mobile wallet user’s personal data:

The data and security section was designed around the general guideline that each ecosystem participant should only have access to the minimum information required to perform its primary role. The default for ecosystem participants should be to protect end user and merchant data. Access to and usage of data must be disclosed to the end user and the end user’s permission explicitly granted.

This means, for instance, that only the wallet provider and the end user will be able to access the list of payment products stored in a wallet — but the wallet provider’s access to payment product information will be restricted to only the information that is needed to service the wallet. And, while the wallet provider will have access to the list of payments products in the wallet, they will not be allowed to have any access to information on the individual transactions conducted by a wallet’s user.

Readers can download a summary of the Mobile Reference Model from the Canadian Bankers Association’s website. The full document is also available to download in PDF format.

Next: Visit the NFCW Expo to find new suppliers and solutions