The rapid rise in mobile payments and corresponding growth in the adoption of mobile wallets has made the trusted service manager (TSM) an integral cog in the mobile payments ecosystem.
The role of the TSM is to securely deliver, manage and monitor mobile applications and services by acting as an intermediary between financial institutions (issuers), mobile network operators (MNOs) and other service providers. The importance of the TSM is underscored by the fact that all major industry bodies like the GSM association, GlobalPlatform (GP) and European Payment Council (EPC) are in agreement not only on the role’s necessity, but also its need for standardization.
There are multiple models of TSMs in the industry today. The most prevalent is the multi-TSM model, where one TSM handles the issuer and the other (known as the Root TSM), manages the MNOs and secure element (SE) platform. Then there is the single TSM model, where one entity serves both issuers and MNOs. For reasons of better security and easier management, the majority of large banks and issuers use the multi-TSM model, with their own issuer TSM. In addition, wallet application providers are beginning to take up the specialized role of the Root TSM, interfacing with MNOs and managing the SE platform.
How can an API management solution help a TSM?
API management solutions provide a significant functional fitment and strong case for adoption by the issuer TSM. The API management package simplifies integration between disparate business entities and distributed systems, making it faster and easier to integrate business processes spanning across organizations. API management will help TSMs to create, assemble, orchestrate, and scale various services, such as Web APIs, for multiple players in the ecosystem.
The issuer TSM is required to:
• Securely interface with service providers, financial institutions and multiple wallet providers
• Monitor events and activities, process them and respond accordingly
• Dynamically orchestrate processes across multiple entities based on specified rules
• Handle and transform events/messages using various messaging specifications, including GlobalPlatform Specifications
• Lifecycle management of applications and secure element platform
API management solutions come with several out-of-the-box features that make them an ideal choice for a TSM. These include:
Integration: The package provides easy integration and connectivity capabilities for TSMs to securely connect with various service providers and partners in various formats.
Service management: API provides exciting business opportunities by extending the principles of service-oriented architecture (SOA) and enabling enterprise processes and services to be accessed by multiple environments. In the mobile payments domain, processes may be relevant for entities beyond the enterprise (e.g. deactivation of card, lost or stolen mobile, etc.). API management solutions provide a simpler way for heterogeneous systems to publish and subscribe to their services. For example, if a mobile device is lost or stolen, the notification event from MNO would need to be routed to the concerned parties to take appropriate action (blocking all transactions, generating and issuing a new app, etc.).
Workflow: The package provides capabilities to define workflows of series of steps, the underlying data and event models. When coupled with a strong run-time workflow execution engine, the TSM has the robust environment required to process the millions of transactions he handles.
These transactions can be short lived (for instance, passing a service message takes only a few seconds) or have a longer lifespan (a service change request can take several hours to complete based on the complexity of the updates needed).
Transformation and mapping: Most of the suites have strong transformation support for converting messages from one format to another. Although GlobalPlatform-specific accelerators are not currently offered by vendors, developing a reusable GP component is not a challenging ask.
Logging, monitoring and visibility: To service any requests related to near field communication (NFC) apps, it’s crucial to have an accurate trace of the app lifecycle and a detailed audit trail. API management features can be leveraged for this requirement. In addition, the storage of transactions for the longer-term is specifically required for lifecycle management.
For TSMs, API management solutions are the way forward
API management solutions offer the easy scalability, robust security and good availability required to meet the demanding requirements of a TSM. Providing the TSM with a high level of flexibility and agility will be the key for issuers and service providers to succeed in the mobile payments era, and adopting API management solutions is an important step towards meeting that goal.
Ashok Kumar C. S. brings more than 13 years of experience to his role as a Principal Consultant with Infosys. Over the last several years, Ashok is responsible for conceiving and delivering strategic initiatives for Fortune 100 clients in the financial services space, leveraging the technology areas of enterprise integration, SOA and business process management.
Manas Sarkar is a Principal Architect with Infosys and heads the Technology Council for Business Process Management and Integration Practice. He has led many client engagements in strategizing and implementing solutions based on business process management, complex event processing, service oriented architecture and enterprise integration.