Mobile Payment API

Licensed under the Creative Commons Attribution 3.0 License

Payment system is the core of mobile commerce. Thus it is imperative to use standards based API, for re-usability of Value Added Service (VAS).
A MNO (Mobile Network Operator), by exposing a standards based API, gains by having a lower cost of VAS application portability cost as well as retains the independence on changing its mobile payment platform without disrupting the existing VAS applications. 

Parlay-X API, a Web Services standards adopted by both ETSI and 3GPP, defines Payment API (Part 6 of Parlay-X specification).
Parlay-X is secured and it uses WS-Security protocol.

Since, most VAS application developers only have a web development background and lack Telecom Standards knowledge, they tend to apply the web programming principles to telecom. Though, these two platforms are converging,  and  have many technologies in common like Web Services and Java programming; but fundamentally the difference lies in user experience (due to screen and keyboard constraints) as well as the difference in security framework  (3GPP GAA, Generic Authentication Architecture), which enables a secured authentication relationship between the MNO and its customer.  

All MNO world wide, including India, comply with 3GPP GAA.

The 3GPP GAA has a direct bearing on e-commerce as its transactions are legally enforceable under IT ACT 2000  and also meets the mandatory KYC (Know Your Customer) norms. the direct commercial bearing is that by transacting on mobile that comply with PCI-DSS PIN entry guidelines, the extra Cardholder-Not-Present (CNP) fee can be wavered. 

Mobile Payment Providers 

RBI (Reserve Bank of India), provides a Mobile Payment Guideline.

Mchek ( www.mchek.com)  is an Indian third party Mobile payment gateway, conforming to PCI-DSS standards. It enables payment through mobile phone.
It uses SMS for triggering user initiated payments and provides a Web API for merchant initiated payments. Once a payment request is received by MChek.com it initiates an USSD session and ask for a PIN (shared secret between the mobile user and Mchek.com) from  the mobile subscriber; the user enters this PIN on their mobile phone. The USSD message is then sent back from the mobile device to the MChek server. On receiving the authorization from the mobile user, the Mchek then uses backend payment gateway to communicate with the respective VISA/Marstercard gateways as per PCI-DSS standards.  Once the payment succeeds (or fails), the merchant/user initiating the payment request is notified. In case of Web API call, the function call returns the status and a reference code.  

The Mobile in this case is being used as a PIN entry device and thus should comply with PCI-DSS PIN Entry guidelines (https://www.pcisecuritystandards.org/security_standards/ped/index.shtml)

Apart from Mchek, there are other mobile payment gateways like OxicashObopay, Paymate and more. Banks like ICICI and Citi have mobile payment systems.
Each of these mobile payment service providers expose their own set of API and operating procedures. Also, MNO may allow is customers to deduct amount from their pre-paid balance for paying for merchandise bought through their mobile phones.  


Therefore, to avoid hard wiring a payment system API, a VAS application developer should use SOA principles. In this case, the developer can wrap the specific vendor API with Parlay-X Payment API. Also, for testing purposes, the developer can implement a Dummy payment service. Here is how-to:

Parlay-X How-To:

Prerequisite:   

1. GlassfishESB or Netbeans Full System, installed on your OpenSolaris, Linux or Windows system.
2. Paylay-X 2.1downloaded in your system.
   Spcifically you need:
   A) Common:  http://www.3gpp.org/ftp/specs/archive/29_series/29.199-01/29199-01-630.zip
      and
   B)  Part 6: http://www.3gpp.org/ftp/specs/archive/29_series/29.199-06/29199-06-630.zip
   Extract the WSDL, XSD and put them in one folder.

Skeleton Web Service:

Here are the steps to create a skeleton  Web Service, which can be used as an Wrapper for propitiatory Payment API. The final result is attached below (see attachments).
step 1:
Create a new web project in Netbeans IDE.
File->New Project, from the wizard screen choose Web Application.



Step 2:

 Press Next button.
Select the project name and  location. Press Next button.





Step 3:

Select the Java EE Application server as Glassfish v2 and press Finish button





Step 4:

Right Click the mouse button on the new project. From the 'New' menu select "Web Services from WSDL...". A wizzard dialog box will appear.
Provide appropiate name for the Service and provide a package name. Then select the Parlay-X Payment WSDL file,
parlayx_payment_amount_charging_service_2_1.wsdl

 




Step 5:

Press the finish button and the wizard will generate the Java skeleton code for the Web Services server. Then implement the methods like ChargeAmount()





ċ
PxPay.zip
(21k)
Ashish Banerjee,
Aug 22, 2009, 3:10 AM
Comments