Today the Accredited Standards Committee X9 Inc. (X9), the organization accredited by ANSI to develop financial industry standards for the United States, announced the publication of a new standard, "X9.150, Merchant-Presented QR Codes For Secure Payment." The standard can now be downloaded from the ANSI website.
Using payment QR codes for instant or account-to-account transactions bypasses the need for physical cash, checks or cards, and enhances transaction security, which benefits billers, merchants and consumers. How it works is simple: the biller or merchant displays a QR code, which, when scanned by a banking or wallet app using the customer's phone camera, provides the means of making a secure payment. The consumer then authorizes the transaction. No financial details are exchanged, and the payment is completed instantly.
However, the use of instant/account-to-account payments in the United States lags far behind that in many other countries. For example, it is estimated that there are approximately 20 billion instant payments per month in India and eight billion in Brazil. By comparison, there are only 45 million instant payments each month in the United States.
Until now, there has been no standard covering secured merchant-generated QR codes in the United States and thus little interoperability among businesses and financial networks. This fractured landscape has prevented large-scale U.S. implementation of payment QR codes. Adoption of the new X9 QR code standard will allow every bank or merchant app with a QR code reader or generator to be used for secure payments with anyone, anywhere, thus enabling a widespread increase in instant/account-to-account payments.
Most QR codes in the United States currently are URL QR codes, used to share static information such as a restaurant menu or product/service page that has little or no security. Unlike URL QR codes, payment QR codes must be scanned from within an authenticated mobile app (e.g., that of a bank, credit union or merchant wallet) where the user has logged in and the application itself is recognized as an authorized client. This ensures that both the payer and the application making the request are trusted before the protected payment payload can be accessed.
The X9.150 standard defines the structure, content and security requirements for merchant-presented, dynamically generated payment QR codes for initiating push payments in the United States. It specifies the data elements, message structures and associated security requirements governing the QR code content, payment payload data model and payment notification needed to support interoperable, secure initiation and processing of QR-code-based payments across multiple payment networks and service providers.
A key benefit of X9.150 is that the same merchant-presented QR code can initiate payments over different account-based payment methods. These include real-time payment networks such as FedNow and RTP, ACH credit transfers and emerging digital payment methods such as stablecoins. Rather than requiring merchants to support separate payment experiences for each network, X9.150 provides a common framework that allows financial institutions and payment providers to determine the most appropriate payment rail, or method.
"Clear, consistent standards like X9.150 make it easier for everyone to trust the payment experience, whether you're a business accepting a payment or a customer making one," said Amy Burr, executive vice president, chief product and relationship officer, Federal Reserve Financial Services. "When the industry aligns on secure, interoperable approaches, it opens the door to better experiences for consumers and smoother operations for providers across the board."
"Businesses want to get paid faster while making it as simple as possible for consumers to pay. This standard creates a foundation for delivering both. As adoption grows, businesses will be able to offer a consistent payment experience while financial institutions retain the flexibility to choose the payment networks that best serve their customers," said Sarah Hoisington, chair of the X9.150 Work Group and general manager, North America at Matera.
"Additionally, payment QR codes as specified in X9.150 and associated payment information are digitally signed using public key cryptography supported by the X9 Financial PKI, which is helping to usher in the next generation of post-quantum cryptography signatures," said Jeff Stapleton, author and chair of the X9F4 Cybersecurity and Cryptographic Solutions Work Group.
About the Accredited Standards Committee X9 Inc.
The Accredited Standards Committee X9 Inc. is a non-profit organization accredited by the American National Standards Institute (ANSI) to develop and maintain national and through ISO international standards for the financial services industry. The subjects of X9's standards include retail, mobile and business payments; corporate treasury functions; blockchain technology; electronic exchange of check images; processing of electronic legal orders issued to financial institutions; tracking of financial transactions and instruments; financial transaction messaging (ISO 8583 and 20022); quantum computing; AI, QR code secure payments; checks; cloud; data breach notification and more. In addition, X9 is the governing body for a family of X9 Financial PKI products issued by DigiCert.
X9 acts as the U.S. Technical Advisory Group (TAG) for ISO TC68 (Financial Services) and performs the secretariat functions for ISO TC68. Please visit our website (www.x9.org) for more information.
Follow ASC X9 on LinkedIn, Twitter/X and YouTube
View source version on businesswire.com: https://www.businesswire.com/news/home/20260714149667/en/
"Clear, consistent standards like X9.150 make it easier for everyone to trust the payment experience, whether you're a business accepting a payment or a customer making one," said Amy Burr, Federal Reserve Financial Services.
Contacts
For further information:
Judith Vanderkay
jvanderkay@gmail.com
+1 (781) 883-3793


