Regulatory Rules of the Libyan National Payment Scheme

Regulatory Rules of the Libyan National Payment Scheme

© 2023 Central Bank of Libya. All Rights Reserved.

BOOK 1 Regulatory Rules of the Libyan National Payment Scheme

PRINCIPLES OF REGULATION

Important Information on Confidentiality and Copyright

© 2023 Central Bank of Libya. All Rights Reserved.

This information is confidential and proprietary to the Central Bank of Libya. It is distributed to participants in the Libyan National Payment Scheme. It must not be copied, published, distributed, or disclosed, in whole or in part, to merchants, cardholders, or any other person without prior written permission from the Central Bank of Libya or the National Payment Scheme Operator.

The logos, trade names, trademarks, and service marks within Libya, whether registered or unregistered, are trademarks owned by the Central Bank of Libya.

NOTE: All unspecified values denoted by the symbol X or multiple Xs in this document will be defined later by the relevant departments of the Central Bank of Libya.

Table of Contents

Chapter 1 - Regulatory Rules of the Libyan National Payment Scheme Introduction 1.1 Purpose of this Document 1.2 Definitions and Terms 1.3 Scope of Regulation and Instructions 1.4 Supervisory Authority 1.5 Role of the National Payment Scheme Operator and Other Entities 1.6 Methodology Followed in Issuing Rules and Regulations 1.7 Discrepancies 1.8 Membership and Its Types 1.8.1 Obligations of Members and Participants 1.8.2 Classification of Participants 1.8.3 Management of Participating Members 1.8.4 Procedures for Obtaining Licenses 1.8.5 Service Provision Contract / Service Request Form 1.9 Relevant Parties 1.9.1 Roles and Responsibilities of Relevant Parties 1.9.2 Obligations of Relevant Parties 1.9.3 Termination of Relevant Parties 1.10 Intellectual Property Rights 1.10.1 Ownership and Privacy of Regulations and Rules 1.10.2 Right to Manage and Operate the National Payment Scheme Operator 1.11 Use and Application of Regulations and Rules 1.11.1 Product Management 1.11.2 Co-branding Rules 1.11.3 Brand Usage Rules 1.11.4 Clearing, Settlement, and Electronic Transaction Acceptance Rules 1.11.5 Pricing and Interchange Rules 1.12 Fraud and Risk Management 1.12.1 Detection of Unusual Activities 1.12.2 Customer Awareness and Data Security 1.12.3 Application System Security 1.12.4 Securing Information Confidentiality 1.13 Compliance with Regulations and Rules 1.14 Waivers and Exceptions 1.15 Rules for Handling Waivers and Exceptions 1.16 Workflows 1.16.1 Purchase Authorization Flow 1.16.2 ATM Authorization Flow (us-off) 1.16.3 Clearing and Settlement Flow 1.16.4 Chargeback Flow 1.16.5 3D Secure 2.0 eCommerce Flow

Chapter 2 - Member Compliance 2.1 Standards 2.2 Variances 2.3 Failure to Comply with a Standard 2.4 Conduct of Activity 2.5 Obligations of a Sponsor 2.6 Payment Service Providers 2.7 Financial Health 2.8 Compliance 2.9 Limitations of Liability and Indemnity 2.10 Legal Jurisdiction 2.11 Right of the Scheme to Investigate and Audit 2.12 Rights and Obligations of Members 2.12.1 Payment of Fees 2.12.2 Taxes and Other Charges 2.12.3 Responsibility for Transactions 2.12.4 POS Transactions - Unbiased 2.12.5 ATM and Bank Branch Transactions - Unbiased 2.12.6 Cooperation and Good Coexistence with Other Scheme Members and the National Payment Scheme Operator 2.12.7 Prevention of Unjustifiable Enrichment 2.12.8 Transaction Queries and Disputes 2.13 General Penalties and Violations 2.14 Process Penalties and Violations 2.15 Persistent and Intentional Violations 2.16 Compliance Certification 2.17 Appeals 2.18 Resolution of Appeal 2.19 Use and Provision of Information 2.19.1 Obligation of Member to Provide Data 2.19.2 Confidential Information of Members 2.19.3 Member Use of Scheme Information 2.19.4 Confidentiality of Scheme Information 2.20 Data Security 2.20.1 Processing of Personal Data Related to Transactions 2.20.2 Subject Data Notice and Consent 2.20.3 Subject Data Access to Personal Data 2.20.4 Integrity of Personal Data 2.21 Quarterly Submitted Report 2.21.1 Reports Not Received 2.21.2 Erroneous or Incomplete Reports 2.21.3 Claim for Overpayment / Refund of Fees 2.22 Transaction Requirements 2.23 Payment Authorization Service 2.24 Integrity of Brand and Network

Chapter 3 - Issuing 3.1 Issuer Requirements 3.1.1 Card Issuance - General Requirements 3.1.2 Credit Card Issuance 3.1.3 Debit and Prepaid Card Issuance 3.1.3.1 Eligible Accounts - Debit 3.1.3.2 Ineligible Accounts 3.1.4 Marketing and Appeals - Linked Card Programs 3.1.5 Selective Authorization 3.1.6 Information for Cardholders 3.1.7 Limitation of Cardholders' Liability for Unauthorized Use (Liability Waiver) 3.1.8 Reporting Lost or Stolen Card 3.1.9 Emergency Card Replacement 3.1.10 Emergency Request - Penalties and Fines 3.1.11 Loyalty Programs for Cardholders of Proprietary Scheme 3.1.12 ATM Usage 3.1.13 ATM Issuer Requirements 3.1.14 ATM Balance Inquiry Service 3.1.15 Account Tokenization 3.1.16 In-Stand Processing 3.1.17 Chip Issuer Liability 3.1.18 EMV Liability Shift 3.1.19 Address Verification Service (AVS) 3.1.20 3D Secure Participation Requirements 3.1.21 Penalties for Non-Compliance with 3D Secure Participation 3.1.22 Cardholder Authentication 3.1.23 Membership Management 3.1.24 Self-Service Tools Requirements for Client Portfolio Management 3.1.25 Data Retention and Transmission 3.1.26 Card Shipping Requirements 3.2 Types of Products 3.2.1 Consumer 3.2.2 Commercial 3.2.3 Governmental 3.3 Prepaid Cards 3.3.1 Prior Consent of the National Payment Scheme Operator 3.3.2 Reservation of Rights 3.3.3 Responsibility for the Prepaid Card Program 3.3.4 Categories of Prepaid Card Programs 3.3.5 Return of Unspent Value 3.3.6 Value Loading 3.3.7 Automatic Value Loading from Payment Cards 3.3.8 Marketing and Communication Materials 3.4 Non-Personalized Prepaid Card Programs 3.4.1 Ownership and Control of the Co-brand Program 3.4.2 Use of Accepted Brand Logos 3.5 Proprietary Accounts 3.5.1 Access to Proprietary Account 3.5.2 Types of Proprietary Accounts 3.5.3 Reporting Requirements and Fees 3.6 Virtual Accounts 3.7 Youth Card Programs 3.7.1 Disclosure and Appeal Requirements 3.8 Card Requirements 3.8.1 Principles of Standardization 3.8.2 BIN Range and Account Usage 3.8.3 Primary Account Number 3.8.4 Signature Panel 3.8.5 Magnetic Stripe Encoding 3.9 Chip Cards 3.9.1 Chip Card Applications 3.9.2 Integrated Circuit Chip Providers 3.9.3 Multi-Application Chip Cards 3.10 Contactless Payment Cards and Devices 3.11 Contactless Payment Cards and Mobile Devices 3.12 Cardholder Verification Method 3.12.1 Fallback CVM (PIN Bypass) Card Verification Form 3.13 Consumer Device Cardholder Verification Method (CDCVM) 3.14 Card Verification Value 3.14.1 Issuer Requirements for Card Verification Value 1 3.14.2 Issuer Requirements for Card Verification Value 2 3.14.3 Methods for Calculating Card Verification Value 3.15 Service Codes 3.15.1 Valid Service Codes 3.15.2 Additional Service Code Information 3.16 Card Authentication Method 3.16.1 Additional Information 3.17 Post-Issuance Updates for Chip Cards

Chapter 4 - Payment Acceptance 4.1 Acquirer Requirements 4.1.1 Acquirer Jurisdiction 4.1.2 Acquirer Onboarding 4.1.3 Merchant Agreements; Aggregated Transactions 4.1.4 Merchant Compliance with Standards 4.1.5 Display of NUMO Logo 4.1.6 Transaction Message Data 4.1.7 Presentment of Transaction Records 4.1.8 Retention of Transaction Records 4.1.9 PCI DSS Certification for Acquirers, PSPs, and Merchants 4.1.10 NUMO Tokens 4.1.11 Acquirer Obligations Regarding Merchants 4.2 ATM and Other Cash Transactions 4.2.1 Display of NUMO Logo at ATMs 4.2.2 ATM Network Requirements 4.2.3 ATM and Bank Branch Terminal Requirements 4.2.4 Use of PIN for ATM and Bank Branch Transactions 4.2.5 ATM Decline 4.2.6 ATM Dispense Error 4.2.7 ATM Transaction Restrictions 4.2.8 ATM Balance Inquiry Service 4.2.9 ATM Access Fees 4.2.10 Manual Cash Disbursement Transactions 4.3 Merchant Requirements 4.3.1 Use of the Numo Brand 4.3.2 Merchant Location 4.3.3 Agent Location 4.3.4 Responsibility for Transactions 4.3.5 Merchant Obligations for Card Acceptance 4.3.6 Partial Payment 4.3.7 Specific Terms of a Transaction 4.3.8 Floor Limit 4.3.9 Returned Products and Canceled Services 4.3.10 Refund Transactions 4.3.11 Transaction Records 4.4 Present Card Environment 4.4.1 General Requirements - Chip Card Acceptance 4.4.2 Contactless Chip Transaction 4.4.3 Magnetic Stripe Transaction 4.4.4 Merchant Procedures - Present Card Transactions 4.4.5 Purchase with Cash Back Transactions 4.5 Present-Not-Card Environment 4.5.1 E-Commerce Transactions 4.5.2 Keyed-Entered Transactions 4.5.3 Mail Order / Telephone Order Transactions 4.5.4 File-On-Credential Transactions 4.5.5 Recurring Payment Transactions 4.6 Specific Transaction Types 4.6.1 E&T Charges 4.6.2 General E&T 4.6.3 E&T Authorizations - Exemptions 4.6.4 Car Rental Merchants 4.6.5 Charges for Damage, Theft, or Loss 4.6.6 Amended or Delayed Charges 4.6.7 Car Rental Advance Deposit 4.6.8 Guaranteed Hotel Reservations 4.6.9 Timeshare Merchants 4.6.10 Education Payments 4.6.11 Tax and Other Government Payments 4.6.12 Government Payment Requirements 4.6.13 Unattended Fuel Dispensers and Other Unattended Terminals 4.6.14 Terminal Eligibility 4.6.15 Terminal Requirements 4.6.16 Terminal Function Keys 4.6.17 Terminal Responses 4.6.18 Terminal Transaction Log 4.6.19 POS Terminal Requirements 4.6.20 Hybrid Terminal Requirements 4.6.21 Contactless-Enabled POS Terminals 4.6.22 Contactless-Only POS Terminals 4.6.23 Mobile POS (MPOS) Terminals 4.6.24 Terminals without a Printer 4.7 Transaction Receipts 4.7.1 General Requirements 4.7.2 Contents of Transaction Receipt 4.7.3 Transaction Receipts - CNP Transactions 4.7.4 Requirement for Delayed Delivery of Transaction Receipt

Chapter 5 - Authorization - Clearing and Settlement Management 5.1 Authorization Platform 5.1.2 Types of Messages: Dual Message System and Single Message System 5.1.3 Authorization Processing Functionality 5.1.4 Authorization Processing Flows 5.2 Clearing System 5.2.1 Participation in the Clearing System 5.2.2 Clearing Messages 5.2.3 Clearing System Functionality 5.3 Settlement System 5.3.1 Participation in the Settlement System 5.3.2 General Settlement Obligations 5.3.3 Best Settlement Practices 5.3.4 Service and Interchange Fees 5.3.5 Obligations to Transfer Settlement Funds 5.3.6 Limitation and Indemnification of the National Payment Scheme Operator's Liability 5.3.7 Failure of a Principal Member to Discharge Settlement Obligation 5.3.8 System Liquidity 5.3.9 Liability for Owned or Controlled Entities 5.3.10 Risk of Loss 5.3.11 Adjustment of Settlement Positions - Loss Allocation Among Members 5.3.12 Non-Compliance with Settlement - Cost Reimbursement, Non-Compliance Assessments, and Compensation 5.4 Transaction Requirements and Processing Procedures 5.4.1 Authorization Service 5.4.2 Interchange System Delivery 5.4.3 Authorization Routing 5.4.4 In-Stand Processing Service 5.4.5 Obtaining Authorization 5.4.6 Authorization Responses