Industry Insights

Mobile Payments: Role of the Trusted Service Manager

It's the Bridge Between Banks and Operators
Mobile Payments: Role of the Trusted Service Manager

In my previous blog post, I made the case that a critical factor to successful near field communication based mobile payment would be the point of connection between the banks and the wireless carriers. I pointed to the fact that the first citywide deployment of mobile payment in Nice France leveraged a trusted service manager to bridge the gap between the issuing bank and the mobile network operator. While this term has been used a lot in recent months when discussing the direction of the mobile payment landscape, there remains some confusion as to what is the specific role of the TSM.

A TSM is the bridging point between banks and operators. Even with all of the industry focus on mobile payments, there seems to be very little understanding of this essential connection point. The TSM provides the ability to extend the reach of the bank into the mobile world. While there are very sophisticated processes and security protocols in place for the delivery and activation of the payment product, the concept is fairly straight forward.

Today, banks or other payment card issuers partner with a card manufacturer for the production and pre-personalization of the payment product. In order to establish a secure connection, a secret digital key exchange takes place. Once this process is complete, account holder information is securely transferred to a personalization facility - a secure independent vendor who embosses the generic card bodies with individual cardholder name and account number and then mails the card to the cardholder. In a mobile payment environment, the same level of security and encryption is established to transmit cardholder information to the TSM.

Since mobile payment will not eliminate the use a traditional card payment product in the near term, most issuers will issue both a mobile and card-based payment product. The advantage of the mobile product is the single step for issuance (i.e., no card or personalization manufacturers required) and the complete lifecycle management of the mobile payment product. To the person receiving the mobile payment product, lifecycle management would be most obvious in the ease of cancelation and reissuance of the payment product if the mobile phone were lost or stolen.

It is at this point where the TSM, a rapidly scalable service, provides the ability to package cardholder information and deliver the cardholder information and payment functionality to the mobile phone. In preparation for this type of transmission, the TSM has established a highly secure connection with the mobile operator and has obtained the ability to communicate with the secure element (e.g., UICC). With a highly secure, encrypted connection established between the bank and the TSM and between the TSM and the mobile operator, the payment information can be securely delivered to the mobile handset of the appropriate account holder.

By leveraging a TSM for lifecycle management of the payment product, issuing banks have a greater ability to manage their payment products. Over-the-air issuance provides instant account activation, the ability to instantly provide additional credit or block transactions all together. Placing this product on a mobile platform also gives the consumer the ability to access more information about their payment product including checking account balance and seeing recent transactions. The winners in this new space will be financial institutions that utilize all the marketing and logistics this new technology has to offer.

This is not simply a theoretical concept. There are several mobile payment implementations beginning to emerge in Asia and Europe leveraging TSM services as the connection point between the banking and mobile worlds. Mobile contactless payment will be a reality in the near future and with the endorsement of global standards organizations (i.e., GSMA, Global Platform, etc) TSM is going to be the technology called upon to bridge the gap.

Jack Jania is the Vice President - General Manager of the Gemalto financial services group in North America. He consults with and advises financial and enterprise institutions on the best business strategies to employ smart card payment and data security solutions. Previously, Jania worked in the mobile communication division, and was involved in the launch of smart cards supporting 3G wireless networks and NFC smart card technology. Jania has extensive component engineering, high speed microprocessor functional test and computer system level architecture design experience.


About the Author




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.