News and developments

Regulation on Generation and Use of TR QR Code in Payment Services has been Published

The Regulation on Generation and Use of TR QR Code in Payment Services (“Regulation”) prepared by the Central Bank of the Turkish Republic (“Bank”) has been published in the Official Gazette dated 21 August 2020 and numbered 31220, entering into force on the same date.The Regulation determines the procedures and principles for services fall into the scope of payment services within the scope of the Law on Payment and Securities Settlement Systems, Payment Services, and Electronic Money Institutions numbered 6493 (“Law”) and rendered by using a QR Code, besides generation of TR QR Code.

With the Regulation, the Bank aims to standardize the payment transactions, enhance the use of a common QR code in retail payments, as well as initiating practical, easier, more efficient, and safer payment transactions.

Notable regulations stipulated within the scope of the Regulation are as follows;

  • TR QR Code will be used in every payment transaction which falls within the scope of payment service under article 12 of Law, such as money transfer and withdrawal and open banking services and those rendered by using a QR code.
  • The Regulation stipulates that for the following cases TR QR Code is not compulsory; (i) domestic payment transactions proceed via instruments exported in compliance with foreign legislation, (ii) where one of the parties of the transaction is residing abroad, and (iii) the infrastructure of a payment service provider located abroad is used for the payment transaction.
  • Payment service providers with QR Code Generator Code (Banks, e-money institutions, payment institutions, PTT) and payment system operators approved by the Bank will be able to generate TR QR Code. Payment service providers will be able to receive external services for generating TR QR Code, as long as compliance with the relevant legislation is ensured.
  • TR QR Code will be generated in accordance with the principles and rules determined by the TR QR Code Principles and Rules (“Technical Document“) annexed the Regulation and in accordance with the ISO / IEC 18004 standard.
  • QR Code Generator Code will be determined and announced by Bankalararası Kart Merkezi A.Ş. (“BKM”) at the request of the payment service provider and payment system operators approved by the Bank.
  • Different QR Code usage models are determined under the Regulation and data organization and naming rules for each usage model and technical standards for the payment process flow are detailed under the Technical Document.
  • TR QR Code is classified as (i) static and (ii) dynamic, as regards to the reusability of the QR Code; (i) merchant-presented QR Code, (ii) customer presented QR Code, and (iii) the QR Code used in transactions from individual to individual as regards to the usage method of QR Code.
  • The Regulation envisages establishing a system (Karekod Yönlendirme Sistemi) to transfer the QR Code and the information contained in QR Code between payment service providers, if necessary. BKM is authorized for establishing and operating the system and the Bank is the authority to determine the wages and the conditions for participation in the system.
  • The Regulation foresees basic obligations such as generating readable quality of QR codes in accordance with the Technical Document, ensuring the security and integrity of the QR Codes on payment service providers. In addition, payment service providers will be able to set an upper limit for payment transactions to be made with TR QR Code, provided that they do not exceed the upper limit set by the Bank for payment transactions made with a QR Code.
  • After the completion of the transaction, the receiver’s payment service provider is obliged to inform the receiver and the payer’s service provider is obliged to inform the payer as soon as possible. The payment service providers will be able to inform the receiver and payer via SMS, phone, or application.
  • BKM will establish a National Business Registration System (Ulusal Üye İşyeri Kayıt Sistemi), where information about merchants accepting electronic payments is kept in order to facilitate the processes of payment transactions made with TR QR Code and to prevent fraud and malicious use in transactions.
  • The payment service providers are obliged to comply with the provisions of the Regulation until 31 December 2021. The Bank may extend this period not exceeding one year.
  • Please see this link for the full text of the Regulation (only available in Turkish).

    The Regulation on Generation and Use of TR QR Code in Payment Services (“Regulation”) prepared by the Central Bank of the Turkish Republic (“Bank”) has been published in the Official Gazette dated 21 August 2020 and numbered 31220, entering into force on the same date.The Regulation determines the procedures and principles for services fall into the scope of payment services within the scope of the Law on Payment and Securities Settlement Systems, Payment Services, and Electronic Money Institutions numbered 6493 (“Law”) and rendered by using a QR Code, besides generation of TR QR Code.

    With the Regulation, the Bank aims to standardize the payment transactions, enhance the use of a common QR code in retail payments, as well as initiating practical, easier, more efficient, and safer payment transactions.

    Notable regulations stipulated within the scope of the Regulation are as follows;

  • TR QR Code will be used in every payment transaction which falls within the scope of payment service under article 12 of Law, such as money transfer and withdrawal and open banking services and those rendered by using a QR code.
  • The Regulation stipulates that for the following cases TR QR Code is not compulsory; (i) domestic payment transactions proceed via instruments exported in compliance with foreign legislation, (ii) where one of the parties of the transaction is residing abroad, and (iii) the infrastructure of a payment service provider located abroad is used for the payment transaction.
  • Payment service providers with QR Code Generator Code (Banks, e-money institutions, payment institutions, PTT) and payment system operators approved by the Bank will be able to generate TR QR Code. Payment service providers will be able to receive external services for generating TR QR Code, as long as compliance with the relevant legislation is ensured.
  • TR QR Code will be generated in accordance with the principles and rules determined by the TR QR Code Principles and Rules (“Technical Document“) annexed the Regulation and in accordance with the ISO / IEC 18004 standard.
  • QR Code Generator Code will be determined and announced by Bankalararası Kart Merkezi A.Ş. (“BKM”) at the request of the payment service provider and payment system operators approved by the Bank.
  • Different QR Code usage models are determined under the Regulation and data organization and naming rules for each usage model and technical standards for the payment process flow are detailed under the Technical Document.
  • TR QR Code is classified as (i) static and (ii) dynamic, as regards to the reusability of the QR Code; (i) merchant-presented QR Code, (ii) customer presented QR Code, and (iii) the QR Code used in transactions from individual to individual as regards to the usage method of QR Code.
  • The Regulation envisages establishing a system (Karekod Yönlendirme Sistemi) to transfer the QR Code and the information contained in QR Code between payment service providers, if necessary. BKM is authorized for establishing and operating the system and the Bank is the authority to determine the wages and the conditions for participation in the system.
  • The Regulation foresees basic obligations such as generating readable quality of QR codes in accordance with the Technical Document, ensuring the security and integrity of the QR Codes on payment service providers. In addition, payment service providers will be able to set an upper limit for payment transactions to be made with TR QR Code, provided that they do not exceed the upper limit set by the Bank for payment transactions made with a QR Code.
  • After the completion of the transaction, the receiver’s payment service provider is obliged to inform the receiver and the payer’s service provider is obliged to inform the payer as soon as possible. The payment service providers will be able to inform the receiver and payer via SMS, phone, or application.
  • BKM will establish a National Business Registration System (Ulusal Üye İşyeri Kayıt Sistemi), where information about merchants accepting electronic payments is kept in order to facilitate the processes of payment transactions made with TR QR Code and to prevent fraud and malicious use in transactions.
  • The payment service providers are obliged to comply with the provisions of the Regulation until 31 December 2021. The Bank may extend this period not exceeding one year.
  • Please see this link for the full text of the Regulation (only available in Turkish).