Licensed under the Creative Commons Attribution 3.0 License
Payment system is the core of mobile commerce. Thus it is imperative to use standards based API, for re-usability of Value Added Service (VAS).
A MNO (Mobile Network Operator), by exposing a standards based API, gains by having a lower cost of VAS application portability cost as well as retains the independence on changing its mobile payment platform without disrupting the existing VAS applications.
Parlay-X API, a Web Services standards adopted by both ETSI and 3GPP, defines Payment API (Part 6 of Parlay-X specification).
Parlay-X is secured and it uses WS-Security protocol.
Since, most VAS application developers only have a web development background and lack Telecom Standards knowledge, they tend to apply the web programming principles to telecom. Though, these two platforms are converging, and have many technologies in common like Web Services and Java programming; but fundamentally the difference lies in user experience (due to screen and keyboard constraints) as well as the difference in security framework (3GPP GAA, Generic Authentication Architecture), which enables a secured authentication relationship between the MNO and its customer.
All MNO world wide, including India, comply with 3GPP GAA.
The 3GPP GAA has a direct bearing on e-commerce as its transactions are legally enforceable under IT ACT 2000 and also meets the mandatory KYC (Know Your Customer) norms. the direct commercial bearing is that by transacting on mobile that comply with PCI-DSS PIN entry guidelines, the extra Cardholder-Not-Present (CNP) fee can be wavered.
Mobile Payment Guideline.
Mchek ( www.mchek.com) is an Indian third party Mobile payment gateway, conforming to PCI-DSS standards. It enables payment through mobile phone.
It uses SMS for triggering user initiated payments and provides a Web API for merchant initiated payments. Once a payment request is received by MChek.com it initiates an USSD session and ask for a PIN (shared secret between the mobile user and Mchek.com) from the mobile subscriber; the user enters this PIN on their mobile phone. The USSD message is then sent back from the mobile device to the MChek server. On receiving the authorization from the mobile user, the Mchek then uses backend payment gateway to communicate with the respective VISA/Marstercard gateways as per PCI-DSS standards. Once the payment succeeds (or fails), the merchant/user initiating the payment request is notified. In case of Web API call, the function call returns the status and a reference code.
The Mobile in this case is being used as a PIN entry device and thus should comply with PCI-DSS PIN Entry guidelines (https://www.pcisecuritystandards.org/security_standards/ped/index.shtml)
Apart from Mchek, there are other mobile payment gateways like Oxicash, Obopay, Paymate and more. Banks like ICICI and Citi have mobile payment systems.
Each of these mobile payment service providers expose their own set of API and operating procedures. Also, MNO may allow is customers to deduct amount from their pre-paid balance for paying for merchandise bought through their mobile phones.
Therefore, to avoid hard wiring a payment system API, a VAS application developer should use SOA principles. In this case, the developer can wrap the specific vendor API with Parlay-X Payment API. Also, for testing purposes, the developer can implement a Dummy payment service. Here is how-to:
GlassfishESB or Netbeans Full System, installed on your OpenSolaris, Linux or Windows system.
2. Paylay-X 2.1downloaded in your system.
Spcifically you need:
A) Common: http://www.3gpp.org/ftp/specs/archive/29_series/29.199-01/29199-01-630.zip
B) Part 6: http://www.3gpp.org/ftp/specs/archive/29_series/29.199-06/29199-06-630.zip
Extract the WSDL, XSD and put them in one folder.
Create a new web project in Netbeans IDE.
File->New Project, from the wizard screen choose Web Application.
Press Next button.
Select the project name and location. Press Next button.
Select the Java EE Application server as Glassfish v2 and press Finish button
Right Click the mouse button on the new project. From the 'New' menu select "Web Services from WSDL...". A wizzard dialog box will appear.
Provide appropiate name for the Service and provide a package name. Then select the Parlay-X Payment WSDL file,
Press the finish button and the wizard will generate the Java skeleton code for the Web Services server. Then implement the methods like