July 2013 digitaltransactions

42 • digitaltransactions • July 2013

Consider the plight of the trusted service manager.

Its fate is closely tied to mobile payments that use a form of short-range, interactive radio-wave exchange called near-field communi-cation (NFC). But NFC is mired in industry bickering over a host of issues, leaving TSMs to ponder their next step.

“The future role of the TSM, which is closely tied to NFC, is a question mark,” says Mary Monahan, research director for mobile at Pleas-anton, Calif.-based Javelin Strategy & Research.

It’s remarkable how fast TSMs got into this fix. After all, only a few years ago, as NFC emerged as a hot new tech-nology for mobile payments, the future looked bright, and scores of compa-nies jumped into the business. Now TSMs are looking at a range of alter-natives, including cloud-based wallets and person-to-person payments.

Hassle And LiabilityTo parse what’s happened, it helps to take a look at who TSMs are and what they do. It’s a little-understood, much under-rated, unglamorous busi-ness, but one that is essential if mobile payments are to develop based on the NFC standard.

Start with consumers. They don’t think twice about what goes on behind the scenes to turn their phone into a digital wallet, they just expect to seamlessly and securely download any payment and loyalty card over the air, regardless of their mobile device or mobile carrier.

But providing consumers with the flexibility to add cards and delete them at will in the NFC world is no easy task. Technical connections between the mobile network operator (MNO), which typically controls the chip, or secure ele-ment, in the mobile phone where the digital wallet resides, and the service provider, or payment and loyalty card issuer, need to be in place to download a wallet to the secure element.

Beyond a handful of the larg-est banks, most financial institutions don’t have the wherewithal to under-take building such an infrastructure. As a result, the envisioned ubiquity of wallets among carriers and mobile devices has been slow to materialize.

On the other side of the coin, while MNOs are happy to rent out space on the secure element to service provid-ers, they don’t necessarily want the hassle or liability of managing and encrypting sensitive card data or set-ting up the business relationships with

the many service providers in the mar-ket, all of which have varied needs.

Enter the trusted service man-ager, a neutral third party that knows the data-formatting requirements and encryption keys for securely load-ing, or provisioning, the consumer’s account and personal information onto the secure element, regardless of the card brand or MNO.

In essence, TSMs build a bridge between MNOs and service provid-ers, making it possible for them to greatly expand the reach of NFC wal-lets to consumers.

“TSMs provide interconnectivity, which prevents consumers from being locked into a specific wallet applica-tion and mobile carrier,” says Amol Deshmukh, vice president, mobile financial services, North America for Arlington, Va.-based Gemalto Inc.

In many ways TSMs provide the same kinds of services as fulfillment houses that contract with debit and credit card issuers to provision account and personal data onto a card’s mag-netic stripe and emboss the cardhold-er’s name, card account number, and expiration date on the front of the card.

The big difference, of course, is that TSMs provision account and loy-alty card data onto the mobile phone’s secure element over the air using the MNO’s network.

Since TSMs handle all the data formatting and security issues for pay-ment and loyalty cards, MNOs and

The sluggish progress of near-field communication in payments

has TSMs looking to extend their services to cloud-based wallets

and beyond.

The Changing Role of the Trusted Service Manager

Peter Lucas

COMPONENTS

Get connected with

DISCOVER®

PROMOTE the use of these cards with your customers with FREE signage and supplies. Visit DiscoverSignage.com.

VALIDATE your customers’ terminals. Our FREE test cards and incentive programs make the validating process easy and rewarding.

ENGAGE with Discover so your customers can also accept transactions from global brands including:

Enjoy the benefits of partnership today! Email VARconnection@Discover.com

©2013 DFS Services LLC

LIKE US/DiscoverNetwork

JOIN US company/Discover-Network

44 • digitaltransactions • July 2013

the connection to carriers’ TSMs to ensure its clients get access to as many secure elements as possible. When First Data is the secure-element TSM, it sets up security domains on the chip

providers, which means two TSMs are almost always involved in provi-sioning the wallet to the phone.

When working with a service pro-vider, for example, First Data provides

service providers do not need to set up dedicated connections to one another.

In addition, TSMs also provide life-cycle-management services to service providers, such as deleting cards from phones that have been lost or stolen or that the consumer no longer wants in the wallet, managing call centers, application testing, billing, reporting, and in some cases a wallet application for banks that have not developed one.

‘Neutral Entity’Many of the giants of the card-fulfill-ment world double as TSMs. In addi-tion to Gemalto, Atlanta-based First Data Corp., Munich-based Giesecke & Devrient, and France-based Ober-thur Technologies are among the most recognizable names.

Other smaller players, such as Red-wood City, Calif.-based Sequent Soft-ware Inc. and Alpharetta, Ga.-based SK C&C USA, service either service providers or MNOs, working in con-junction with their TSM counterpart to provision digital wallets and their content to the secure element.

“Some TSMs have software around the wallet itself or the secure element and some like First Data and Gemalto already do card provisioning and are simply taking those services to the next payment ecosystem,” says Javelin’s Monahan.

Because TSMs that serve as card-fulfillment houses already have their foot in the door for card provisioning, their cost to set up a dedicated TSM is much less than if they were to start up the business from scratch. The same goes for TSMs that have applications for NFC-based payments.

“Companies like Gemalto already have huge sunk costs in their provi-sioning business, so they are just lever-aging their basic infrastructure for that business to start a TSM,” says Cherian Abraham, a senior business consultant with Costa Mesa, Calif.-based Experi-an’s global consulting practice.

TSMs typically focus on servic-ing either secure elements or service

The changing role of the trusted service manager has led to speculation about whether Visa Inc. and MasterCard Inc. might enter the fray. The

giant card networks, after all, provide many of the same core services as TSMs, such as virtual card management, global interconnectivity to banks, data security and encryption.

Further, both networks have card-provisioning units. Visa’s over-the-air provisioning service for smart phones for use with its payWave mobile-payments system launched in 2012 and was co-developed by Oberthur. MasterCard launched its mobile over-the-air provisioning ser-vice, MoTaps, in 2011. MasterCard did not respond to interview requests.

The benefit to card issuers is that, as TSMs, Visa and MasterCard could offer small banks a more affordable solution through the sheer scale they could bring to the business.

“Nevertheless, the question around Visa and MasterCard becoming TSMs is whether they would remain neutral or have an agenda they want to push,” says Mary Monahan, research director for mobile at Pleasanton, Calif.-based Javelin Strategy & Research.

The question of Visa’s neutrality was raised earlier this year when it announced its deal with handset maker Samsung to pre-load its payWave applet on embedded secure elements in select Samsung devices. The deal could open the door for banks to offer NFC payments without any involvement from mobile network operators.

Whether or not cutting MNOs out of provisioning digital wallets is Visa’s intention is unclear, as Visa executives were unavailable for com-ment. Despite the yellow flags seen by some payments experts arising from the deal, Cherian Abraham, a senior business consultant with Costa Mesa, Calif.-based Experian’s global consulting practice, argues that potential for a conflict of interests between Visa and MNOs does not exist.

“The Visa-Samsung deal is around the embedded SE [secure ele-ment], not the SIM-based SE, which the MNO owns. Therefore, MNOs do not and are not expected to play a role in limiting the extent of Visa’s solution,” says Abraham. “Are MNOs happy that Visa has its own solu-tion, no, but Samsung is the only OEM that has the scale and the clout to pull something off like this in the Android ecosystem. Now with Google’s acquisition of [handset maker] Motorola Mobility, we should see embed-ded SEs popping up on Moto devices too.”

While having an agenda has not stopped Visa from competing with banks and technology partners in the past—Visa did have an acquiring unit at one time and provides fraud-detection services through its CyberSource unit—the bottom line is growth prospects for TSMs serving only the NFC market are not robust enough to draw the networks’ attention to the business.

“Without real growth, there is no reason for either Visa or MasterCard to jump into this market,” says Abraham.

Could Visa and MasterCard Become TSMs?

46 • digitaltransactions • July 2013

servers that initiate a money transfer from one consumer to another via a mobile device. The service has not yet been introduced in the U.S.

The company is also nudging into cloud-based wallets and is the TSM for the Merchant Customer Exchange (MCX), a joint venture by leading U.S. retailers to create a new mobile-payments platform. MCX is rumored to be developing a cloud-based wal-let that creates single-use QR codes that can be scanned from a consum-er’s phone at the point of sale. The QR code is generated using a stored copy of a consumer’s credit card on a

secure server.“As a technologically agnos-

tic company, we can enable NFC and cloud-based wallets and help companies bridge the gap between the two worlds,” says Gemalto’s Deshmukh. “Our plat-form also allows us to personalize and secure card data for P2P pay-ments. We see a big opportunity for this service in Mexico, North and South America, and Asia.”

With TSMs lessening their reliance on NFC, payment experts are debating whether they are staying true to their mis-

sion of securely downloading and managing data on an NFC chip.

“The definition of a TSM may be changing, but whether it is secur-ing cards for a mobile wallet, P2P, or some other type of mobile payment, TSMs are essentially filling the same role as they do with NFC wallets,” says The Strawhecker Group’s Fill-inger. “TSMs do not have to be totally reliant on NFC for growth.”

And MNOs and service providers looking to adopt NFC still need trusted, neutral third parties to bridge the gap between their two worlds so they can expand their service to consumers.

Indeed, until the business case for NFC wallets collapses, TSMs will be there to link MNOs and service provid-ers—just don’t expect them to exclu-sively focus their business on NFC. DT

NFC chips on its iconic iPhone leaves the future of NFC wallets shrouded in a fog. Making matters worse is that banks are not lining up to contract with MNOs to support their digital wallets. Instead, the parties are bick-ering over who owns the customer.

All of this puts TSMs in an unde-sirable position, because their business model is directly tied to supporting NFC technology. Without wide-scale consumer adoption, which could take years or may never happen, their rev-enue streams are severely crimped, as they make the bulk of their money from recurring service fees. Giesecke

& Devrient, for example, receives monthly fees for managing the secu-rity of the wallet on the secure element.

“Lifecycle management and other add-on services is where TSMs earn a good portion of their revenues,” explains Lauri Pesonen, group vice president, global head of business line for NFC at Giesecke & Devrient.

While companies such as Gie-secke & Devrient, First Data, and Gemalto have dedicated TSM units to service NFC wallet providers and mobile networks, they are setting up divisions within their companies to gain a toehold in other emerging seg-ments of mobile payments that require provisioning, such as person-to-person payments and money transfers.

Gemalto, for instance, has part-nered with Western Union to certify

and makes them available to service-provider TSMs. Additionally, it will rotate encryption keys and manage the chip’s memory for the MNO.

“Card issuers want access to as many MNOs as possible through a sin-gle third-party and vice versa, and as a neutral entity we can facilitate that,” says Christopher Cox, vice president, product development for First Data.

In some cases, however, TSMs are set up to service both the MNO and the service provider. Some MNOs and service providers find this arrangement more appealing because they can use a common TSM, which means one less third party han-dling sensitive card data and hav-ing access to the secure element.

Says Chuck Fillinger, a senior associate for Omaha-based con-sultancy The Strawhecker Group: “Every new party that enters the NFC-wallet ecosystem is one more player that has to be carefully man-aged by the bank and the MNO.”

‘A Big Opportunity’That’s what TSMs have been doing so far, but now the painfully slow adoption of NFC wallets—which consumers tend to view as a new form factor rather than a revolutionary technology—is prompting many TSMs to hedge their bets. They’re positioning themselves to provide over-the-air pro-visioning for digital wallets stored not in the phone but on a secure server, i.e. the cloud, and accessed from an app on a mobile phone.

“Mobile payments and digital wallets are starting to converge in the cloud and someone has to manage the provisioning of those wallets,” says Monahan. “Look at Google Wallet; it has started to move away from NFC with the introduction of a cloud-based component to its wallet.”

Indeed, despite more handset makers introducing models equipped with NFC chips, the double whammy of consumers’ indifference and Apple Inc.’s persistent reluctance to include

The NFC Infrastructure: Small But GrowingNFC has developed at a snail’s pace so far, but handset makers and point-of-sale terminal suppliers are finally starting to make NFC-capable devices available.

Worldwide Installed Base (Current and projected)

2012 2017

Handsets 170 million 2.1 billion

Terminals 6.7 million 44.6 millionNote: As a fraction of all handsets, NFC-ready devices are expected to grow from 3% in 2012 to 32% in 2017.

Source: Berg Insight