Interoperable QR Code

P2P, P2M, Recurring/Bill Payments, etc.,

Overview

Imagine a one-stop feature that your country can build to bridge the digital divide, drive financial inclusion to the last mile, break payments silos, drive e-commerce and GDP, reduce financial crime rates, and spur cross-sectoral innovation - all whilst leveraging existing systems.

Payments made based on an interoperable Quick Response (QR) code standard allow people to make payments to anyone, anytime, and anywhere. Payments can be made in a real-time, and highly secure manner with this digital public infrastructure that allows people to scan a machine readable QR code through any payment application of their choice on their mobile, regardless of which payment app the merchant uses.

QR codes can be made interoperable if a standard is set out by a central authority, and can allow a user to participate in a single network of banks, financial institutions, mobile money, wallets, or other payment mechanisms on the backend. This can be a simple and powerful addition to existing payments systems.

QR Codes can be of two types:

Static QR Codes: Bill amount has to be manually entered - it is a single code and can be printed as it does not change with each transaction.
Dynamic QR Codes: Transaction amount is pre-entered by the merchant by connecting it to a PoS terminal.

Through Interoperable QR Codes:

Countries can facilitate seamless payments such as P2P, P2B, P2M and various other entities
Merchants can automate the reconciliation of orders and payments, as well as generate receipts and notifications by integrating with existing accounting platforms.
Individuals can set up Recurring payments, Bill Payments etc.,
The last mile population can be catered to, and raised to the same level of financial inclusion through digital transformation.
The rate of fraud will drop, while increasing privacy, security, transparency and trust across the ecosystem.

P2M Ecosystem Players

Merchant
Merchant acquiring bank
Customer
Customer bank
Interoperable payment network switch

Additionally, experience layer at merchant and customer can optionally be supported by payment service provider app by fintech ecosystem connected to banks.

Specifications

Status: Draft Version; Request for Comments

Version: 0.8.2 Draft

Date: 19-Jul-2023

Authors: CDPI

Contact: info@cdpi.dev

Description:

Interoperable QR code specification to Scan & Pay, Click & Pay and to Deep Link between apps and to enable easy one click and authorise one time or recurring payment.

Specification: link | source

Discussions: link

qr_code_sample.json

{
  "version": "1.0.0",
  "payee_fa": "joeuser@national-bank",
  "payee_name": "Printing & Stationeries Co",
  "amount": "138.50",
  "amount_split": {
    "sale": "117.37",
    "igst": "21.13"
  },
  "init_mode": "POS",
  "currency": "ZAR",
  "mid": "M-12345",
  "pos_id": "POS-123",
  "expiry": "20230605T101225+5:30",
  "order_id": "2023/123456",
  "ref_url": "https://printing.co/orderId=2023/123456",
  "additional_data": {
    "bill_number": "123",
    "reference_no": "PO123",
    "key1": "value1"
  },
  "sign": ""
}

Deep Linking

QR code content can also be represented in URI representation to enable single QR spec in Deep Linking. Deep Linking enables sharing the scanned QR codes across mobile applications with in a device to easily transfer control from business app to payment apps.

It is recommended to represent the JSON QR code spec in URL encodded format. URL encoding shall ensure to accomodate JSON nested attributes in string represenation to carry in an URI.

xxx://pay?%7B%0A%20%20%22version%22%3A%20%221.0.0%22%2C%0A%20%20%22payee_fa%22%3A%20%22joeuser%40national-bank%22%2C%0A%20%20%22payee_name%22%3A%20%22Printing%20%26%20Stationeries%20Co%22%2C%0A%20%20%22amount%22%3A%20%22138.50%22%2C%0A%20%20%22amount_split%22%3A%20%7B%0A%20%20%20%20%22sale%22%3A%20%22117.37%22%2C%0A%20%20%20%20%22igst%22%3A%20%2221.13%22%0A%20%20%7D%2C%0A%20%20%22init_mode%22%3A%20%22POS%22%2C%0A%20%20%22currency%22%3A%20%22ZAR%22%2C%0A%20%20%22mid%22%3A%20%22M-12345%22%2C%0A%20%20%22pos_id%22%3A%20%22POS-123%22%2C%0A%20%20%22expiry%22%3A%20%2220230605T101225%2B5%3A30%22%2C%0A%20%20%22order_id%22%3A%20%222023%2F123456%22%2C%0A%20%20%22ref_url%22%3A%20%22https%3A%2F%2Fprinting.co%2ForderId%3D2023%2F123456%22%2C%0A%20%20%22additional_data%22%3A%20%7B%0A%20%20%20%20%22bill_number%22%3A%20%22123%22%2C%0A%20%20%20%20%22reference_no%22%3A%20%22PO123%22%2C%0A%20%20%20%20%22key1%22%3A%20%22value1%22%0A%20%20%7D%2C%0A%20%20%22sign%22%3A%20%22%22%0A%7D

Stress Testing

Above specification has been stress tested for below use cases. Sample JSONs are provided for easy reference.

No	Scenario	Remarks
1	Initiation Modes	Scan & Pay, Click & Pay, Deep Linking
2	Initiation Locations	Terminals, POS, Online, ATM
3	Static / Dynamic QRs
4	P2M & P2P use cases
5	Subscripitons / Recurring Payments	Fixed amount e.g., Rentals, Equity/MF SIPs, EMIs, Subscriptions, etc.,
6	Bill Payments	Varying amount e.g., Utilities
7	IPO Payments
8	Refunds
9	Buy Now Pay Later
10	Step Up/Down Payments

Technical Considerations

Signed QR code content is mandatory to ensure security and detect any malicious requests / phishing attacks.
Scanning of QR codes and verification of digitally singed QR code content is the responsibility of the payment apps on customer mobiles.
Payment Network provider shall manage the registry of all acquiring banks authorised to onboard merchants and offer digitally singed QR codes.
QR Codes perform well if information is sparsely packed for all types of devices displaying and scanning can optimally perform. Where possible, implementers are recommended to use short URLs and optimise size of overall QR code. This QR specs ensured to keep the json attribute values short.

Typical flow

Below is a typical flow to make initiate merchant based QR code based payments:

Merchant signs up with acquiring banks to avial QR code based payment service
Using merchant's banking interface, merchant requests a static QR code
Additionally merchant may integrate with POS terminal to gerneate dynamic QR codes using APIs for each transaction with amount and other customised attributes like description, tax info etc.,
Customer using her payment app scans the interoperable qr code
Payment app checks singed QR code scanned is non-tampered and is from trusted source. Uses network registry to identify the acquiring banks
Customer payment app provides a choice to customer to select linked account to pay for the transaction
Customer payment app securly collects banking account pin to authorise the payment from the customer
Customer payment app initiate the payment on interoperable payments network to pay to the merchant's account
Notification of payment status is notified to merchant and customer by the respective banking apps.

Additional References

Interactive closed-door discussion on Scaling Inclusive Payments through Interoperable QR Codes with central bank officials of 30+ countries and speakers from Brazil, India, Philippines, and Nigeria
Presentation Deck summarising the need, benefits and specifications of interoperable QR codes in a simple, visually-appealing manner
QR Code printing specifications <coming soon>
The use of quick-response codes in payments Part of World Bank Fast Payments Toolkit Sep 2021

Attributions

PreviousFinancial Address NextInteroperable Authentication

Last updated 7 months ago