Trusted Service Management: The Key to Accelerating Mobile Commerce

As major players struggle to define their roles in the emerging mobile commerce ecosystem, how they enable one critical service will make all the difference between slow and rapid acceptance of mobile commerce by consumers.

Imagine you are on your way to work, and you stop somewhere for coffee and a doughnut. Normally you would reach for your wallet and pay in cash. Or maybe you are buying coffee and doughnuts for the entire office and you want to put it on the company card. Again you reach for your wallet.

But today is different, because today you are not carrying a wallet. Instead, you have a commerce-enabled mobile phone. You reach for your phone and pass it near a contactless reader at the checkout. Your contactless transaction is complete in a fraction of the time it takes to make a traditional card or cash purchase.

Nearly everyone has a phone in his or her pocket, but before consumers can use their mobile phones to make purchases, those phones need a few enhancements that will transform them into electronic wallets. Turning a mobile device into an electronic wallet involves adding these components to the device:

  • Near Field Communication (NFC) chip—NFC chips enable mobile devices to send account information to contactless payment readers at customer checkouts and other points of sale. These NFC chips can also read information stored in contactless-enabled tags placed on objects such as advertising collateral and consumer products
  • Secure element—The secure element is a smart card module (USIM, embedded secure element or separate secure element like a secure SD memory card) used for storing and accessing applications and data in a secure manner
  • Electronic wallet application—Mobile phones also need to have a user interface (UI) that allows a user to manage accounts and initiate contactless payments. These UI applications turn a mobile phone into something like a wallet full of cards because a mobile phone can contain many “cards” (credit, debit, prepaid gift card, other special stored-value accounts, public transit tickets and merchant-specific loyalty cards, just to name a few). The electronic wallet allows users to select the right card or application when making a purchase. Some mobile handsets being delivered today come with electronic wallet applications already installed
  • Personalized account information—In the same way that a credit card only works only after personalized account information is put onto the magnetic strip and embossed on the front of the card, a commerce-enabled mobile phone is just a phone until it is loaded with personal account information

NFC-equipped phones are beginning to appear in the market today and there are a number of wallet applications available, many offered by banks and independent mobile account management service providers. These options are discussed in more detail in other papers we’ve written covering mobile commerce.

However, before a consumer can buy something with his or her phone, the device must be “personalized” with appropriate payment application and account information. In some ways, this is similar to the process of personalizing or provisioning a plastic credit or debit card.

When you receive a credit or debit card, the card comes with your personal account information already imprinted on the magnetic strip or stored on an embedded chip, and your name and account number embossed on the front of the card. There are a few companies, like First Data, that provide provisioning services to card issuers. These services involve storing personal account information in accordance with Payment Card Industry Data Security Standards (PCI DSS) and transmitting that data during the card-issuing process. First Data performs this provisioning service today and has more than 700 million credit and debit accounts on file, which represents about half of all active accounts worldwide.

In the case of credit and debit cards, there is one provisioning process for each card. If you open your wallet and look at the cards you have, each one represents a separate provisioning process involving different financial or merchant entities. Companies that offer provisioning services typically maintain contractual relationships with many of these entities. For instance, First Data maintains relationships with a very large number of banks all over the world as well as all the major card associations. These relationships enable First Data to collect the essential personal account information needed for the provisioning process.

Provisioning a mobile NFC phone with personal account information is fundamentally different from card provisioning in two important ways:

  • A commerce-enabled phone can contain many accounts. These can be credit accounts, debit accounts, merchant-specific accounts, transit pass accounts, loyalty accounts and others. Each of these accounts can come with its own personal identity, financial and security information. Putting these accounts into one mobile device brings together account information from many different business entities, some of which could even be competitors
  • The only practical way to get personal account information into an individual’s phone is through the mobile operator’s wireless network. Account information is transmitted to the mobile phone by a process called over-the-air (OTA) provisioning. This transmission can be difficult to accomplish without the active cooperation of mobile network operators

There have been a number of pilot programs to test the viability of mobile commerce in typical consumer scenarios. The recent Bay Area Rapid Transit (BART) pilot in which 230 NFC payment-enabled phones were given to BART commuters is a good example. Those NFC phones were equipped with two accounts—one for purchasing BART tickets and the other for purchasing meals at local Jack-in-the-Box restaurants. Like most mobile payment pilot programs, the phones were preconfigured with account information and then distributed for use by consumers participating in the study.

However, in the real world of mobile commerce, phones might not come pre-configured with account information. Furthermore, consumers will want the flexibility of adding new accounts to their phones in the same way they might want to sign up for a new payment card or a merchant loyalty account.

Clearly, a working mobile commerce solution depends on transparent systems for getting new or updated account information into the phone in a dynamic way. So, how will account information get inside all those mobile devices? This is an essential question that will help define the topography of the emerging mobile commerce ecosystem. The answer involves new mobile commerce-inspired business relationships and a new kind of provisioning role called Trusted Service Manager (TSM).