ISO/TS TECHNICAL SPECIFICATION 12812-3 First edition 2017-03 Core banking Mobile financial services Part 3: Financial application lifecycle management Opérations bancaires de base - Services financiers mobiles - Partie 3: Gestion du cycle de vie des applications financieres Reference number IS0/TS12812-3:2017(E) [so International Organization for Standardization @ IS0 2017 HEJIANG INSTOFSTANDARDIZATION C15956617 IS0/TS 12812-3:2017(E) COPYRIGHTPROTECTEDDOCUMENT IS02017,PublishedinSwitzerland All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISO's member body in the country of the requester. ISO copyright office Ch. de Blandonnet 8 . CP 401 CH-1214 Vernier, Geneva, Switzerland Tel. +41 22 749 01 11 Fax +41 22 749 09 47 [email protected] www.iso.org icensee-ZHEJIANG INST OF STANDARDIZAoISQ s.7 -All rights reserved vided by IHS unde Not for Resale, 2017/5/16 00:51:20 etworking permitted without license from IHS IS0/TS 12812-3:2017(E) Contents Page Foreword ..iv Introduction. ... 1 Scope 2 Normative references 3 Terms and definitions 4 Abbreviated terms ..2 5 Basic principles for application lifecycle management .2 5.1 General. .2 5.2 Portability of MFSs .2 5.3 Entities involved in theapplicationlifecyclemanagement .3 5.4 Security and privacy. .3 5.5 Risk assessment. .3 5.6 Support of multiple applications and multiple MFSPs ..3 5.7 User Interface and branding. 3 5.8 Customer relationship management .3 5.9 Common APIs. 4 5.10 Terms of service .4 6 Location of the application ..4 6.1 General. .4 6.2 Different types of secure environments .4 6.3 Scenarios for mobile proximate payments .4 6.4 Scenarios for mobile remote payments. .5 6.4.1 General. 6.4.2 Payment credentials ..5 6.4.3 Application. 6.5 Scenarios for mobile banking .5 7 Service management roles .5 7.1 General. ..5 7.2 MFSP domain roles. . 6 7.3 SE provider domain roles .7 8 Application lifecycle: functions and processes 8.1 General. .7 8.2 Functions .7 8.3 Processes. .8 9 Scenarios for service models ..9 9.1 General .9 9.2 Scenario 1: UICC. .9 9.3 Scenario 2: Embedded secure element. 9 9.4 Scenario 3: Secure micro SD card ..10 9.4.1 General ..10 9.4.2 Secure micro SD card provided by the MFSP ..10 9.4.3 Secure micro SD card provided by a third party ..10 9.4.4 Secure micro SD card for contactless payment .10 9.5 Scenario 4: Trusted execution environment. ..10 9.6 Scenario 5: Mobile application located in the mobile device host ..11 9.7 Scenario 6: Mobile application on a secured server. ..1 Bibliography ..12 iii ISee=ZHEJIANG INST OF STANDARDIZATION C1 5956617 ted without license from IHS Not for Resale, 2017/5/16 00:51:20