| A | B | C | D | E | F | G | H | I | J | K | L | M | ||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | Service Provider Capacity Assessment | |||||||||||||
2 | Item No. | List of Requirements | Minimum Service Requirements | Example | ||||||||||
3 | General Information | |||||||||||||
4 | STATUS | ACTIVE | ||||||||||||
5 | 1 | Service in a nutshell | Short description of the product | MobiCash was launched in February 2017 by the Wahda bank based on the Masarat18 platform. The service allows buyers to credit the seller’s bank account directly through a smart phone application downloaded on the seller's smart phone. The buyer and seller then receive an SMS message confirming that the transaction has been completed. Transactions via MobiCash, require simple SMS from the buyer and do not require for him/her to have a smartphone to make payments, nor does the merchant have to have a point-of-sale device. The limitations of MobiCash include holding an account with Wahda bank and the need for a reliable internet connection. | ||||||||||
6 | 2 | Agreement | What is the agreement between the humanitarian agency and the service provider? | The agreement will be between The Humanitarian Agency as the first party and Masarat and/or partner bank as the second party. Masarat is responsible for providing the Service and support including the Merchant/Agent network for The Humanitarian Agency. The PoC will be treated like a bank customer and The Humanitarian Agency will have full access to the system as if they were bank employees. Masarat will cover legalities in order to ensure service in local markets. Masarat will take full risk responsibility in terms of technical issues including fraud. The Humanitarian Agency’s responsibilities are primarily: - To transfer the funds to Masarat bank account. - To define the bulk transfer rules and/or the data entry of the bulk transfer using the interface of the account. - To do tracking, auditing and follow up. | ||||||||||
7 | 3 | Other Privileges | What privilegies are granted to humanitarian service providers? | - The project will be considered partially as a Masarat Social responsibility activity. - System is built based on the local context. - Client will have full control of his account. - Client staff will be trained. - Full support and training for the Client. - Access to 5 bank services: “Masarat partners” - For some type of contracts, there is no fee for account establishment and transactions. - Offline payment will be available in the future. - PoC “customers” will benefit from special discounts at merchant network. Discounts will be up to 50% in some seasons. | ||||||||||
8 | Payment Product Details: Corporate (payer) | |||||||||||||
9 | 4 | Transaction Tracking Capabilities | How the transaction happens? Where the money from humanitatian agency are transferred? What is the documentation provided? | The account has a full interface and reporting tools which enable users to track activity based on the authority designed by the main user of the account. Details as follow: - The humanitarian agency will define the rules to allow the top-up of each wallet user from a special interface which will be provided to monitor the top up amounts per account and per group. - The humanitarian agency can change the settings of the daily limits or transaction limits per merchant or customer. - Merchants will have the ability to track any transaction in their wallet or in their bank account using special mobile application. - The humanitarian agency will have monitoring/reporting tools to monitor all transactions. | ||||||||||
10 | 5 | Registration and Know Your Customer Requirements (Corporate Account) | Legal requirements to be a client: registration, having a bank acocunt, where the money should be transferred from (within ILibya or from outside as well….) | The service will be provided in partnership with one of the partners of Masarat bank. The following financial regulations will apply: - Corporate License - Sign up application form - Having merchant account on the bank - KYC level 1 of the merchant owner. | ||||||||||
11 | 6 | Full description of disbursement (Payment Process) | Describe all the process form registration of the user until distribution and post ditribution | Digital Wallet Accounts Top-up Process - Each PoC “customer” should sign up to have the digital wallet account. - The humanitarian agency will transfer the total amount required to be topped up to the PoCs “customer” account. - The humanitarian agency will top up the PoC “customer” wallet accounts within the limit of the amount transferred to Masarat bank account. The top-up process could be automated using predefined rules or manually for each wallet account or group of wallet accounts. - Each PoC “customer” will receive SMS notification when they receive the amount in his wallet account. Payment process - Any PoC “customer” can pay using their wallet account in four different ways: 1) Using SMS authentication, 2) Using Hardware token authentication, 3) Using NFC card, 4) Using QR code authentication. The first method, SMS authentication, is the default method in the system. The Humanitarian agency can choose to use a different method. The full description of each method is below, the success scenario is described in each case, the exceptions or failure due to any reason is not described here: 1) SMS-based authentication: - Merchant starts the process by entering the customer ID and amount in special mobile app or POS terminal. - Customer will receive SMS containing OTP, merchant ID, transaction number, and the amount. - Customer gives the OTP to the merchant should he agree to finalize the payment process. - Merchant enters the OTP in the merchant app and confirms the payment. - The payment is completed when the amount is deducted from the customer wallet account and transferred to the merchant wallet account. - Both merchant and customer can verify the payment process using SMS service or mobile app by entering the process number. 2) Hardware OTP token generator -based authentication: - Merchant starts the process by entering the customer ID and amount in special mobile app or POS terminal. - Customer will read the OTP from the hardware token. - Customer gives the OTP to the merchant should the merchant agree to finalize the payment process. - Merchant enters the OTP in the merchant app and confirm the payment. - The payment is completed when the amount is deducted from the customer wallet account and transferred to the merchant wallet account. - Both merchant and customer can verify the payment process using SMS service or mobile app by entering the process number. This method is designed especially for the Libyan market due to unsuitability of mobile operator coverage and delay of SMS services. The other advantage of this method is that the customer doesn’t need to have a mobile to benefit from the service when he needs to make a payment. 3) NFC-based authentication : - Merchant starts the process by entering the customer ID and amount in special mobile app with NFC support or POS terminal with NFC support. - Customer will use his NFC card and place it on the merchant POS or mobile. - Customer enters Password in the merchant app or the POS terminal should the merchant agree to finalize the payment process. - The payment is complete when the amount is deducted from the customer wallet account and transferred to the merchant wallet account. 4) QR code-based authentication: - Customer starts the process by entering the merchant ID in customer app, or reading the merchant ID by camera in QR format encrypted using the customer key. - Customer enters the payment amount to the merchant in the app. - Customer enters his password in the confirmation dialog screen. - Customer app generates QR code containing all the required information including customer ID, amount, date, time, and merchant ID. MERCY CORPS Cash Delivery Mechanism Assessment - September 2017 11 - Merchant reads the QR code using the merchant app on his POS terminal or his mobile phone. - Customer confirms the payment process by entering his password in the merchant app. - The payment is completed by deducting the amount from the customer wallet account; it is then transferred to the merchant wallet account. In all cases above both the merchant and customer can verify the payment process using SMS service or mobile app by entering the process number. | ||||||||||
12 | 7 | Account balance and transaction volume limitations | Describe the minimum and maximum amount that can be deposited and any limitations | No regulations currently defined for digital wallet, but the bank usually sets rules to minimize risk. Some of the rules applied to the merchant are included below as a reference. - Payments of funds are transferred to the pool account before the merchant can access it. - Merchant funds are transferred from pool account to merchant access account in 2 to 7 days. - Merchant can receive up to 200K payment transaction volume per day. | ||||||||||
13 | 8 | User Authorization | How is authorized to check the accounts? How to add another authorized person? | Masarat system support multi-level user authorization system - The humanitarian agency admin can define multiple users with different authorities on the system. - Merchant can define multiple users to operate the POS terminal or app, each user with a different ID and password. | ||||||||||
14 | 9 | Brochure, Catalog and Booklet | The company can provide any material/flyer about the service? | Masarat provides special visibility items for the merchant, taking into account the unique characteristics of the service available. As such, Masarat commits to the printing of focused booklets, posters and catalogs to provide information about this service | ||||||||||
15 | 10 | Interoperability | Is the servive interoperable with others? | Masarat has developed a special function for Cash-In and Cash-out which functions with other system, especially local systems such as Tadawel. In the future, Masarat will also integrate with other local providers. | ||||||||||
16 | 11 | Pricing | Fixed costs and percentage per transactio… | Masarat agrees to offer this service completely free of all transaction fees. Other commercial services provided by Masarat include: For every payment transaction : - Merchant transaction tariff depends on the business type (1% for food, education, medicine up to 4% for cosmetics, entertainment, 4 and 5 star hotels). - Customer is charged 1 LYD per transaction or 0 to 1% per transaction. | ||||||||||
17 | 12 | Data Storage | Where the data are physically stored? Is there a backup storage outside the country? | Masarat has its system running at a Libya Telecom & Technology Data center plus a backup location at Masarat data center. Masarat also has a third location for data backup, which is internal. Data records will be stored in the system database organized by customer and merchants IDs. All data will be available to the authorized users based on the specified rules. | ||||||||||
18 | Payment Product Details: End User (payee) | |||||||||||||
19 | 13 | Receipt of Funds | SMS message or any other mean? . | SMS message or Email. | ||||||||||
20 | 14 | Registration | Documentation required… | The service will be provided in partnership with one of the Masarat bank partners. The following financial regulations are applied: - PoC “Customer” should be Libyan citizens or foreigners registered with the Libyan authorities and have official documents. - PoC “Customer” should fill out a Sign-up application form. - PoC “Customer” should be physically present at the signing of a contract, where a Masarat agent will also be present. This requirement may be negotiated with the bank to give this authority to the humanitarian agency representatives. - Any special government or regulation requirements will be applied. - Know Your Customer (KYC) level one is required, with basic information such as Name, ID/Passport number, Date of birth , Address, National Number) | ||||||||||
21 | 15 | Account balance and transaction volume limitations (End User Account) | Limits… | There are no local regulations which define the limitations of the account balance of digital wallet or the volume transaction, but based on the experience of Masarat, banks set some limitations the average of which is generally 5,000 LYD as account balance, volume transaction is based on the merchant business; in general limitations are adapted to the need of the market, but these should be defined to minimize risk. - Account balance should have a maximum limit to minimize the risk for all parties. This limit should be discussed per case and will require bank approval. Though there are no technical limitations for volume of transaction, Masarat and the humanitarian agency should together define suitable limitation by merchant business. | ||||||||||
22 | Distribution | |||||||||||||
23 | 16 | Coverage Area and Distribution network | Where, how many etc | While the service has slowly been increasing the number of Points of Sales as well as their coverage with a network of 860 POS, it remains limited as in the western region it is available only in Tripoli (39 POS), Yefren (18 POS), Misrata (8 POS) and Gharyan (1 POS)19. Whereas, in the eastern region, it has a more concentrated presence in Benghazi at 616 POS with a selection of other cities. Collectively, in the eastern region, their customer base is estimated at over 33,000 customers. It is notable that MobiCash is attempting to diversify presence in the central and southern regions of the country as well by setting up POS in Jalu (20), Jkharra (12), Ojla (10), Kufra (6) and Sabha (5). | ||||||||||
24 | 17 | Cash in/Cash out Liquidity Controls | In which facilities, cash out point etc | - Cash-In will be provided to client admin through a specific user interface. - Cash-out will be provided through Masarat agents and merchant POS. - Liquidity control rules can be defined in the system to avoid risks, based on client rules and local regulations. | ||||||||||
25 | Customer Service/Training: Corporate (payer) | |||||||||||||
26 | 18 | Training for staff | What kind of training they are providing to the staff? | Masarat will provide all client-based training. | ||||||||||
27 | 19 | Technical Support/Service Level Agreements | Technical and legal support provided to the client | Masarat has the ability to offer a high level of technical support due to the fact that the bank is already providing technical support to six other banks (about 700,000 customers). Masarat is also in the process of developing their systems in-house, making it easier to modify and add features and functions as they become necessary. Masarat will define the service level agreement based on the authentication technology used during the payment process. In general, Masarat’s system availability can be guaranteed at about 99%, but the bank cannot be held responsible for the availability of systems outside of its control, such as ISP or mobile operator service. | ||||||||||
28 | 19 | Disbursement Troubleshooting | How it works between the client and the FSP? | - Masarat Call center is active 14 hours per day - System engineers are working 24/7 - Masarat has a special interface for Masarat systems engineers, which enables them to provide thorough end user support and troubleshooting. - Masarat developed a self-diagnosis component in its systems that notify system engineers when something has gone wrong. | ||||||||||
29 | Customer Service/Training: End User | |||||||||||||
30 | 20 | Training for end users (recipients) | Do they provide tranining for users on the usage of the service? | Masarat will provide all the training and awareness material for the End User. | ||||||||||
31 | 21 | Technical Support | Call centers…. | Masarat has the ability to offer a high level of technical support due to the fact that the bank is already providing technical support to six other banks (about 700,000 customers). Masarat is also in the process of developing their systems in-house, making it easier to modify and add features and functions as they become necessary. Masarat will define the service level agreement based on the authentication technology used during the payment process. In general, Masarat’s system availability can be guaranteed at about 99%, but the bank cannot be held responsible for the availability of systems outside of its control, such as ISP or mobile operator service. | ||||||||||
32 | 22 | Recipient Troubleshooting | Call centers…. | - Masarat Call center is active 14 hours per day. - System engineers are working 24/7. - Masarat field technicians are available in most Libyan cities to provide technical support for Agents/Merchants. - Masarat provides a special app to the PoC “customer”, providing self-service features. | ||||||||||
33 | Data Privacy/Security/Service Provider Internal Controls | |||||||||||||
34 | 23 | Security of Funds | Standards, certifications, etc | Since Masarat is working in partnership with other banks, all bank policies will be applied to the digital wallet accounts. Some of the fund security measures applied are : - AML and anti-fraud - Shadow account will be synced up in the partner bank to synchronize all the funds available in the wallet system. This makes it possible for the bank to control and apply its policies. | ||||||||||
35 | 24 | Data Security | Backups, standards… | Masarat is a bank and as such, it applies bank requirements related to data security: - All transaction data stored in Masarat systems is encrypted. - All transaction data has a backup in different location. | ||||||||||
36 | 25 | Data Privacy | Standards, encryption etc | Masarat is a bank and as such, it applies bank requirements related to data privacy: - Customer data is stored and encrypted. - No data or information is printed or manipulated manually. - No sensitive data is displayed to system users. - Accounts have different user levels of authority to define what user can access on the system data. | ||||||||||
37 | ||||||||||||||
38 | ||||||||||||||
39 | ||||||||||||||
40 | ||||||||||||||
41 | ||||||||||||||
42 | ||||||||||||||
43 | ||||||||||||||
44 | ||||||||||||||
45 | ||||||||||||||
46 | ||||||||||||||
47 | ||||||||||||||
48 | ||||||||||||||
49 | ||||||||||||||
50 | ||||||||||||||
51 | ||||||||||||||
52 | ||||||||||||||
53 | ||||||||||||||
54 | ||||||||||||||
55 | ||||||||||||||
56 | ||||||||||||||
57 | ||||||||||||||
58 | ||||||||||||||
59 | ||||||||||||||
60 | ||||||||||||||
61 | ||||||||||||||
62 | ||||||||||||||
63 | ||||||||||||||
64 | ||||||||||||||
65 | ||||||||||||||
66 | ||||||||||||||
67 | ||||||||||||||
68 | ||||||||||||||
69 | ||||||||||||||
70 | ||||||||||||||
71 | ||||||||||||||
72 | ||||||||||||||
73 | ||||||||||||||
74 | ||||||||||||||
75 | ||||||||||||||
76 | ||||||||||||||
77 | ||||||||||||||
78 | ||||||||||||||
79 | ||||||||||||||
80 | ||||||||||||||
81 | ||||||||||||||
82 | ||||||||||||||
83 | ||||||||||||||
84 | ||||||||||||||
85 | ||||||||||||||
86 | ||||||||||||||
87 | ||||||||||||||
88 | ||||||||||||||
89 | ||||||||||||||
90 | ||||||||||||||
91 | ||||||||||||||
92 | ||||||||||||||
93 | ||||||||||||||
94 | ||||||||||||||
95 | ||||||||||||||
96 | ||||||||||||||
97 | ||||||||||||||
98 | ||||||||||||||
99 | ||||||||||||||
100 | ||||||||||||||