Over the past several years, more and more countries around the world are seeing the value of real-time payment systems as a core piece of infrastructure to enable peer-to-peer payments between citizens as well as commercial payments to merchants (e.g., via QR codes). The roll-out of Unified Payments Interface (UPI) in India has shown that an important piece of functionality and driver of adoption of that system was the ability for third-parties to initiate payments on behalf of users. This paper aims to define the guidelines and best practices for introducing support for third-party participants on real-time payment systems, in particular for third-parties aiming to act as payment initiators.
These guidelines have been split into three categories: security, privacy, and user-experience, and the conclusions are based on a thorough examination of the downstream consequences of alternatives, real-world experience of integrating with several different systems, and work done to build a reference implementation of third-party payment initiation in an existing open-source real-time payment system called Mojaloop. Drawing on this work, the final section outlines implementation guidelines for building support for third-party payment initiation in a real-time payment system.