Interoperable QR Code

P2P, P2M, Recurring/Bill Payments, etc.,
Overview
Imagine a one-stop feature that your country can build to bridge the digital divide, drive financial inclusion to the last mile, break payments silos, drive e-commerce and GDP, reduce financial crime rates, and spur cross-sectoral innovation - all whilst leveraging existing systems.
Payments made based on an interoperable Quick Response (QR) code standard allow people to make payments to anyone, anytime, and anywhere. Payments can be made in a real-time, and highly secure manner with this digital public infrastructure that allows people to scan a machine readable QR code through any payment application of their choice on their mobile, regardless of which payment app the merchant uses.
Traditional approach of 'digitisation' breeds exclusion
The DPI approach guarantees inclusion + market participation
QR codes can be made interoperable if a standard is set out by a central authority, and can allow a user to participate in a single network of banks, financial institutions, mobile money, wallets, or other payment mechanisms on the backend. This can be a simple and powerful addition to existing payments systems.
QR Codes can be of two types:
  1. 1.
    Static QR Codes: Bill amount has to be manually entered - it is a single code and can be printed as it does not change with each transaction.
  2. 2.
    Dynamic QR Codes: Transaction amount is pre-entered by the merchant by connecting it to a PoS terminal.
Through Interoperable QR Codes:
  1. 1.
    Countries can facilitate seamless payments such as P2P, P2B, P2M and various other entities
  2. 2.
    Merchants can automate the reconciliation of orders and payments, as well as generate receipts and notifications by integrating with existing accounting platforms.
  3. 3.
    Individuals can set up Recurring payments, Bill Payments etc.,
  4. 4.
    The last mile population can be catered to, and raised to the same level of financial inclusion through digital transformation.
  5. 5.
    The rate of fraud will drop, while increasing privacy, security, transparency and trust across the ecosystem.
First-order effects on the ecosystem
Second-order effects on the country's overall growth

P2M Ecosystem Players

  1. 1.
    Merchant
  2. 2.
    Merchant acquiring bank
  3. 3.
    Customer
  4. 4.
    Customer bank
  5. 5.
    Interoperable payment network switch
Additionally, experience layer at merchant and customer can optionally be supported by payment service provider app by fintech ecosystem connected to banks.

Specifications

v0.8.2 (Draft)
v0.1.0 Sample
Status: Draft Version; Request for Comments
Version: 0.8.2 Draft
Date: 19-Jul-2023
Authors: CDPI
Description:
Interoperable QR code specification to Scan & Pay, Click & Pay and to Deep Link between apps and to enable easy one click and authorise one time or recurring payment.
Specification: link | source
Discussions: link
qr_code_sample.json
1
{
2
"version": "1.0.0",
3
"payee_fa": "joeuser@national-bank",
4
"payee_name": "Printing & Stationeries Co",
5
"amount": "138.50",
6
"amount_split": {
7
"sale": "117.37",
8
"igst": "21.13"
9
},
10
"init_mode": "POS",
11
"currency": "ZAR",
12
"mid": "M-12345",
13
"pos_id": "POS-123",
14
"expiry": "20230605T101225+5:30",
15
"order_id": "2023/123456",
16
"ref_url": "https://printing.co/orderId=2023/123456",
17
"additional_data": {
18
"bill_number": "123",
19
"reference_no": "PO123",
20
"key1": "value1"
21
},
22
"sign": ""
23
}

Deep Linking

QR code content can also be represented in URI representation to enable single QR spec in Deep Linking. Deep Linking enables sharing the scanned QR codes across mobile applications with in a device to easily transfer control from business app to payment apps.
It is recommended to represent the JSON QR code spec in URL encodded format. URL encoding shall ensure to accomodate JSON nested attributes in string represenation to carry in an URI.
xxx://pay?%7B%0A%20%20%22version%22%3A%20%221.0.0%22%2C%0A%20%20%22payee_fa%22%3A%20%22joeuser%40national-bank%22%2C%0A%20%20%22payee_name%22%3A%20%22Printing%20%26%20Stationeries%20Co%22%2C%0A%20%20%22amount%22%3A%20%22138.50%22%2C%0A%20%20%22amount_split%22%3A%20%7B%0A%20%20%20%20%22sale%22%3A%20%22117.37%22%2C%0A%20%20%20%20%22igst%22%3A%20%2221.13%22%0A%20%20%7D%2C%0A%20%20%22init_mode%22%3A%20%22POS%22%2C%0A%20%20%22currency%22%3A%20%22ZAR%22%2C%0A%20%20%22mid%22%3A%20%22M-12345%22%2C%0A%20%20%22pos_id%22%3A%20%22POS-123%22%2C%0A%20%20%22expiry%22%3A%20%2220230605T101225%2B5%3A30%22%2C%0A%20%20%22order_id%22%3A%20%222023%2F123456%22%2C%0A%20%20%22ref_url%22%3A%20%22https%3A%2F%2Fprinting.co%2ForderId%3D2023%2F123456%22%2C%0A%20%20%22additional_data%22%3A%20%7B%0A%20%20%20%20%22bill_number%22%3A%20%22123%22%2C%0A%20%20%20%20%22reference_no%22%3A%20%22PO123%22%2C%0A%20%20%20%20%22key1%22%3A%20%22value1%22%0A%20%20%7D%2C%0A%20%20%22sign%22%3A%20%22%22%0A%7D

Stress Testing

Above specification has been stress tested for below use cases. Sample JSONs are provided for easy reference.
No
Scenario
Remarks
1
Initiation Modes
Scan & Pay, Click & Pay, Deep Linking
2
Initiation Locations
Terminals, POS, Online, ATM
3
Static / Dynamic QRs
4
P2M & P2P use cases
5
Subscripitons / Recurring Payments
Fixed amount e.g., Rentals, Equity/MF SIPs, EMIs, Subscriptions, etc.,
6
Bill Payments
Varying amount e.g., Utilities
7
IPO Payments
8
Refunds
9
Buy Now Pay Later
10
Step Up/Down Payments

Technical Considerations

  1. 1.
    Signed QR code content is mandatory to ensure security and detect any malicious requests / phishing attacks.
  2. 2.
    Scanning of QR codes and verification of digitally singed QR code content is the responsibility of the payment apps on customer mobiles.
  3. 3.
    Payment Network provider shall manage the registry of all acquiring banks authorised to onboard merchants and offer digitally singed QR codes.
  4. 4.
    QR Codes perform well if information is sparsely packed for all types of devices displaying and scanning can optimally perform. Where possible, implementers are recommended to use short URLs and optimise size of overall QR code. This QR specs ensured to keep the json attribute values short.

Typical flow

Below is a typical flow to make initiate merchant based QR code based payments:
  1. 1.
    Merchant signs up with acquiring banks to avial QR code based payment service
  2. 2.
    Using merchant's banking interface, merchant requests a static QR code
  3. 3.
    Additionally merchant may integrate with POS terminal to gerneate dynamic QR codes using APIs for each transaction with amount and other customised attributes like description, tax info etc.,
  4. 4.
    Customer using her payment app scans the interoperable qr code
  5. 5.
    Payment app checks singed QR code scanned is non-tampered and is from trusted source. Uses network registry to identify the acquiring banks
  6. 6.
    Customer payment app provides a choice to customer to select linked account to pay for the transaction
  7. 7.
    Customer payment app securly collects banking account pin to authorise the payment from the customer
  8. 8.
    Customer payment app initiate the payment on interoperable payments network to pay to the merchant's account
  9. 9.
    Notification of payment status is notified to merchant and customer by the respective banking apps.

Additional References

  1. 1.
    Interactive closed-door discussion on Scaling Inclusive Payments through Interoperable QR Codes with central bank officials of 30+ countries and speakers from Brazil, India, Philippines, and Nigeria
  2. 2.
    Presentation Deck summarising the need, benefits and specifications of interoperable QR codes in a simple, visually-appealing manner
  3. 3.
    QR Code printing specifications <coming soon>
  4. 4.
    The use of quick-response codes in payments Part of World Bank Fast Payments Toolkit Sep 2021

Attributions