Near field communication (NFC) mobile payments are presenting banks with both an opportunity and a conundrum. Inexperienced as they are in the mobile space, banks are being challenged by digital players – such as Google, PayPal and Apple – for dominance in the mobile payments ecosystem. In this article, David Worthington Principal Consultant Payment & Chip Technology at Bell ID, discusses how banks can get ahead by seizing the mobile opportunity and managing their services internally.
As an introduction, conceptually a trusted service manager (TSM) acts as a middle-man; coordinating the technical and business relationships of multiple stakeholders – mobile network operators (MNOs) and service providers such as banks, ticketing agencies and other issuing authorities – to deliver and maintain services on mobile devices. The mobile NFC ecosystem already recognises the need for multiple TSMs to communicate with one another. Different players in this ecosystem require different TSM functionality in order to support their individual business focuses, be it as a mobile network operator (MNO), handset provider, a third party broker or as a service provider (SP) directly connecting to the ecosystem.
In the mobile NFC ecosystem there are both Root-TSMs – responsible for managing access and allocation of space and privileges on secure elements (SE) e.g. for an MNO – and SP-TSMs which provide application content to load on to the SE. In most markets this results in each TSM participating in multiple relationships with other TSMs. Service providers such as banks and transit operators can either implement their own SP-TSM capability or outsource to a third party SP-TSM.
The Banking Role
There are many reasons why banks are fundamental to the convergence of the mobile payments and services landscape, and why they should seriously consider becoming their own SP TSM.
1) Management of relationships and customer engagement
Finance is a highly competitive industry, so banks need to be in control of their relationships with partners and consumers in order to keep ahead of their competitors (traditional and emerging).
Not only do banks need to be in direct control of who they are working with, when and on what terms, but they also want to benefit from the data which consumers feedback. This level of information can assist product development in bringing new services to market which truly meet the needs of their existing and prospective customers. When a bank outsources its TSM services it can be confined to the role of payments processor, with little or no control over third party mobile product development and timescales. The bank is then limited to whatever customer market intelligence data it is willing to buy, and can be supplied by its TSM.
2) Flexibility, scalability and time to market
Being in full control of the system allows banks to adjust aspects of the offering immediately and efficiently, rather than having to liaise with their third party TSM provider and negotiate a renewed service level agreement. The ability to do this significantly reduces product time to market, allowing banks to react to the market and keep both partners and customers happy. New partnerships and products represent new revenue streams for banks. This increased income allows banks to invest in new service offerings, expanding their value proposition for new and existing customers – a cyclical growth process that is beneficial for all parties.
3) Simple IT integration and ownership
Where a bank already has, or plans to have, both a card business and mobile/internet banking services it doesn’t necessarily make sense to outsource the bridging activities for mobile NFC payments. Acting as its own SP TSM allows banks to simply integrate the new mobile technology with their own legacy systems and manage everything as one entity, streamlining processes and potentially reducing the resources required. Using an outsourced model could mean that additional, external (mobile) systems are running in parallel with existing internal (card) systems.
Security is at the core of any banking activity – the need to protect data in secure locations is fundamental. Replicating card/account information to be held and processed outside this remit would therefore need careful and assured management, as it involves additional costs and certification. Acting as its own SP TSM allows a bank to align the mobile technology with its existing proven security processes and add precautions to safeguard the information associated with its new mobile platform.
By managing their own mobile payment services, banks have the opportunity to quickly and easily expand and enrich their mobile offering. This is especially relevant for supporting affinity, cobranding and other relationships (such as retailer acquiring). For example, providing mobile loyalty and reward schemes may be important to both the partner relationship and the bank customer’s satisfaction and retention. This can also off-set the cost of infrastructure implementation and offer an additional source of revenue to the programme.
The TSM ecosystem is an increasingly complex space and will become even more intricate as new players join the fray and begin offering innovative services. Becoming an SP TSM will help banks to react quickly and efficiently to market and customer requirements: increasing the speed at which they can respond to potential partnerships and new revenue streams.
It is also important for banks to ensure that any solution they put in place is founded on robust industry standards to ensure that the technology is secure, interoperable and scalable. For example, EMVCo – the EMV standards body jointly owned by American Express, JCB, MasterCard and Visa, GlobalPlatform – the organisation which standardises the management of applications on secure chip technology, and GSMA – the organisation which represents the interests of mobile operators worldwide – all define standards for the mobile payments ecosystem. It is therefore important to use a neutral and flexible platform that will accommodate the changing needs of the banking business and any future regulatory updates.