ISO/TS 20022-5:2004 describes the following set of required activities:

• extract relevant information from existing Industry Message Sets and compare it to the related information in the ISO 20022 Repository;
• use the results of this comparison for the development of ISO 20022 compliant Business Transactions and Message Sets;
• submit the resulting update requests to the Registration Authority;
• prepare the migration to the ISO 20022 compliant Business Transactions and Message Sets.

The main objectives of the "ISO 20022 reverse engineering" are as follows:

• capture the industry knowledge covered by existing Industry Message Sets;
• build upon former standardization efforts in the industry when building ISO 20022 compliant Business Transactions and Message Sets;
• ensure that the resulting ISO 20022 compliant Business Transactions and Message Sets fully cover the business scope of existing Industry Message Sets;
• maximize interoperability between existing Industry Message Sets and ISO 20022 compliant Business Transactions and Message Sets;
• support the migration from existing Industry Message Sets to ISO 20022 compliant Business Transactions and Message Sets.

ISO/TS 20022-5:2004 gives some specific terms that are used in the document. It then describes the major activities that will be conducted during reverse engineering and also describes at a high level the resulting deliverables. A detailed workflow is presented, explaining all activities, inputs and outputs. Finally, a detailed description of the Convergence Documentation is given in an appendix.

ISO/TS 20022-4:2004 contains a set of XML design rules, called ISO 20022 XML. These design rules define how a standardized Message – described by a Message Definition in UML according to the Modelling Guidelines of ISO/TS 20022-3 – must be represented as a valid ISO 20022 compliant XML document.

A valid XML document (referred to as an "XML instance") as defined by W3C is any XML document that has an associated description and that complies with the constraints expressed in that description. The associated description in this case is derived from the Message Definition, which is originally described in UML.

ISO/TS 20022-4:2004 also describes how (a part of) the UML Message Definition can be converted into a W3C XML Schema. This XML schema will then make it possible to use a validating XML schema parser to automatically verify that a given XML instance complies with (a subset of) the constraints described in the Message Definition.

The ISO 20022 methodology is composed of a set of activities. These activities are grouped into the following phases:

• business analysis,
• requirements analysis,
• logical analysis,
• logical design (message design),
• technical design.

For each of these activities, ISO/TS 20022-3:2004 describes

• the artefacts needed to start this activity (required input),
• the artefacts that should be the result of this activity (expected output)
• an example – where useful,
• any modelling and other guidelines that should be followed or taken into account.

One of the most important aspects of the MFS environment is mobile payments to businesses. There are many ways a consumer, or a business as a consumer, can make a payment to a merchant. ISO 12812 provides a comprehensive standard for using the mechanisms involved in mobilizing the transfer of funds regardless of who is involved in the process. This document is intended to be used by potential implementers of mobile retail payment solutions, while ISO 12812-4 is intended for potential implementers of solutions for mobile payments to persons.

NOTE ISO 12812-1:2017, 5.4 explains the differences in the use of these terms. As such, the ISO 12812 (all parts) seeks to support all possible technologies and is not designed to highlight or endorse specific technologies in the competitive marketplace.

Although this document deals with mobile payments made by a consumer or a business acting as a consumer, which transactions are subject to a variety of consumer protection requirements, in terms of the relationship to the MFSP, the consumer (or business) is the customer of the MFSP. Nevertheless, this document will use the term "consumer."

The emphasis is placed on the principles governing the operational functioning of mobile payments-to-persons systems and processes, as well as the presentation of the underlying technical, organizational, business, legal and policy issues, leveraging legacy infrastructures of existing payment instruments (see ISO 12812-1:2017, Annex C).

ISO/TS 12812-4:2017 includes the following items:

a) requirements applicable to mobile payments-to-persons;

b) recommendations regarding mechanisms involved in the operation of interoperable mobile payments-to-persons;

c) a description of the different use cases for mobile payments-to-persons;

d) a generic interoperability model for the provision of different mobile payments-to-persons;

e) recommendations for the technical implementation of the generic architectures for the mobile payments-to-persons program;

f) recommendations for mobile remittances;

g) use cases with the corresponding transaction flows;

h) discussion of the financial inclusion of unbanked and underbanked persons (Annex A);

i) some legal aspects to consider for mobile payments-to-persons (Annex B).

ISO/TS 12812-4:2017 is structured as follows:

– Clause 6 sets forth the requirements that a mobile payments-to-persons program must comply with.

– Clauses 7, 8 and 9 provide the different levels of implementation for the interoperability of mobile payments-to-persons.

– Clause 7 describes the interoperability principles for mobiles payments-to-persons.

– Clause 8 describes:

1. a three-layer high-level architecture for mobile payments-to-persons programs;
2. payments instruments sustained by these programs;
3. processing details for a series of significant use cases of mobile payments-to-persons using these payment instruments.

– Clause 9 provides a step-by-step data flow description for different mobile payments-to-persons implementations: bank-centric, non-bank centric and card-centric. They can be mapped into the processing use cases of Clause 8, where abstraction is made in the nature of the payment service providers.

This document deals with different types of applications which is the term used to cover authentication, banking and payment applications, as well as credentials.

Clause 5 describes the basic principles required, or to be considered, for the application lifecycle management.

Because several implementations are possible with impacts on the lifecycle, this document describes the different architectures for the location of the application and the impacts of the different scenarios regarding the issuance of the secure element when present (see Clause 6), the different roles for the management of the application lifecycle and the domains of responsibilities (see Clause 7). It also specifies functions and processes in the application lifecycle management (see Clause 8) and describes scenarios of service models and roles of actors (see Clause 9).

– a generic model for the design of the security policy,

– a minimum set of security requirements,

– recommended cryptographic protocols and mechanisms for mobile device authentication, financial message secure exchange and external authentication, including the following:

1. point-to-point aspects to consider for MFS;
2. end-to-end aspects to consider;
3. security certification aspects;
4. generation of mobile digital signatures;

– interoperability issues for the secure certification of MFS,

– recommendations for the protection of sensitive data,

– guidelines for the implementation of national laws and regulations (e.g. anti-money laundering and combating the funding of terrorism (AML/CFT), and

– security management considerations.

In order to avoid the duplication of standardization work already performed by other organizations, this document will reference other International Standards as required. In this respect, users of this document are directed to materials developed and published by ISO/TC 68/SC 2 and ISO/IEC JTC 1/SC 27.

ISO/TS 10674:2011 does not apply to the assessment of the creditworthiness of classes of, or individual obligations of, such companies or securities traded in the financial markets, nor does it relate to the provision of services assessing the creditworthiness of individuals (consumer scoring).

The terms included in this document have been selected because they are:

• widely accepted and used in financial markets;
• sourced from supranational organization(s) or initiative(s), or national regulatory authorities;

NOTE            With priority given to the source with the larger geographic coverage.

• likely to be used in documents from ISO/TC 322 and other related International Standards;
• of international prevalence and interest.