Interoperable QR Code
P2P, P2M, Recurring/Bill Payments, etc.,
Overview
Imagine a one-stop feature that your country can build to bridge the digital divide, drive financial inclusion to the last mile, break payments silos, drive e-commerce and GDP growth, reduce financial crime rates, and spur cross-sectoral innovation, all while leveraging existing systems.
Payments made based on an interoperable Quick Response (QR) code standard allow people to make payments to anyone, anytime, and anywhere. Payments can be made in a real-time, and highly secure manner with this digital public infrastructure that allows people to scan a machine-readable QR code through any payment application of their choice on their mobile device, regardless of which payment app the merchant uses.
QR codes can be made interoperable if a standard is set out by a central authority, and can allow a user to participate in a single network of banks, financial institutions, mobile money providers, wallets, or other payment mechanisms on the backend. This can be a simple and powerful addition to existing payments systems.
QR Codes can be classified into two types:
Static QR Codes: Bill amount has to be manually entered. This is a single code that can be printed, as it does not change with each transaction.
Dynamic QR Codes: Transaction amount is pre-entered by the merchant by connecting it to a PoS terminal.
Through Interoperable QR Codes:
Countries can facilitate seamless payments such as P2P, P2B, P2M, and various other entities.
Merchants can automate the reconciliation of orders and payments, as well as generate receipts and notifications by integrating with existing accounting platforms.
Individuals can set up recurring payments, bill payments, and other automated transactions.
The last mile population can be catered to, and raised to the same level of financial inclusion through digital transformation.
The rate of fraud will decrease, while increasing privacy, security, transparency, and trust across the ecosystem.
P2M Ecosystem Players
Merchant
Merchant acquiring bank
Customer
Customer bank
Interoperable payment network switch
Additionally, the experience layer at both the merchant and customer levels can optionally be supported by a payment service provider application by the fintech ecosystem connected to banks.
Specifications
Status: Draft Version; Request for Comments
Version: 0.8.2 Draft
Date: 19-Jul-2023
Authors: CDPI
Contact: [email protected]
Description:
Interoperable QR code specification to Scan & Pay, Click & Pay and to Deep Link between apps, and to enable easy one-click and authorise one-time or recurring payment.
Discussions: link
Deep Linking
QR code content can also be represented in URL representation to enable single QR specification for Deep Linking. Deep Linking enables the sharing of scanned QR codes across mobile applications within a device to easily transfer control from business apps to payment apps.
It is recommended to represent the JSON QR code spec in URL-encoded format. URL encoding shall ensure to accommodate JSON nested attributes in string representation for transmission via URL.
Stress Testing
The above specification has been stress tested for the following use cases. Sample JSONs are provided for easy reference.
1
Initiation Modes
Scan & Pay, Click & Pay, Deep Linking
2
Initiation Locations
Terminals, POS, Online, ATM
3
Static / Dynamic QRs
4
P2M & P2P use cases
5
Subscripitons / Recurring Payments
Fixed amount e.g., Rentals, Equity/MF SIPs, EMIs, Subscriptions, etc.,
6
Bill Payments
Varying amount e.g., Utilities
7
IPO Payments
8
Refunds
9
Buy Now Pay Later
10
Step Up/Down Payments
Technical Considerations
Signed QR code content is mandatory to ensure security and detect any malicious requests or phishing attacks.
Scanning of QR codes and verification of digitally signed QR code content is the responsibility of the payment apps on customer mobile devices.
Payment Network providers shall manage the registry of all acquiring banks authorised to onboard merchants and offer digitally signed QR codes.
QR Codes perform well if information is sparsely packed for all types of devices displaying and scanning can optimally perform. Where possible, implementers are recommended to use short URLs and optimise size of overall QR codes. This QR specs ensured to keep the JSON attribute values short.
Typical flow
Below is a typical flow to make initiate merchant-based QR code based payments:
Merchant signs up with acquiring banks to enable QR code-based payment services.
Using the merchant's banking interface, the merchant requests a static QR code.
Additionally, the merchant may integrate with a POS terminal to generate dynamic QR codes using APIs for each transaction with amount and other customised attributes like description, tax information, etc.
A customer using her payment app scans the interoperable QR code.
Payment app checks signed QR code scanned is non-tampered and is from a trusted source. Uses network registry to identify the acquiring banks.
Customer payment app provides a choice to customers to select linked accounts to complete the transaction.
Customer payment app securely collects banking account PIN to authorise the payment from the customer.
Customer payment app initiates the payment on an interoperable payments network to transfer funds to the merchant's account.
Notification of payment status is notified to both the merchant and customer through their respective banking apps.
Additional References
Interactive closed-door discussion on Scaling Inclusive Payments through Interoperable QR Codes with central bank officials of 30+ countries and speakers from Brazil, India, Philippines, and Nigeria.
Presentation Deck summarising the need, benefits, and specifications of interoperable QR codes in a simple, visually-appealing manner.
QR Code printing specifications <coming soon>
"The use of quick-response codes in payments", Part of World Bank Fast Payments Toolkit, Sep 2021
Attributions
Last updated
Was this helpful?