What is a trusted service manager / TSM?

You may have heard the term TSM, or trusted service manager, being used in association with mobile payments recently. If you are in the financial industry, this post may not be for you as you probably are already aware of the nature of a TSM. However, the public are unaware of the security procedures that are put into place for mobile payments, and understanding the nature of a trusted service manager can alleviate some of these concerns.We can all be guilty of using vernacular and industry specific acronyms. They generally come along with technical concepts that we try to shorten for everyday use, but if you haven’t been in the loop they can seem impossible to understand. This is true of TSM, which you may or may not know stands for “Trusted Service Manager“. If you are not in the industry you may still not know what a trusted service manager is and so be none the wiser. TSM is a phrase you are going to hear a lot about over the next couple of years, with announcements from banks, NFC mobile wallets and other applications that require security. So, today we thought we would define what a trusted service manager / TSM is from a user’s perspective, as it pertains to the security of services you may well use in the next 12 months or so.

Trusted Service Manager / TSM demystified

Let’s start off with the overall concept before we get into the nitty gritty aspects of what a trusted service manager (TSM) is and does. In essence, a trusted service manager / TSM is a middleman that sits between your mobile device and a financial institution. A trusted service manager creates security procedures to ensure you are who you say you are, and makes certain that requests go correctly to the bank or financial institution in an untampered state. TSM’s add extra security procedures along the way such as one use codes that protect card holders from being skimmed in line at a grocery store and manage access to secure elements on NFC-enabled phones. We found a really nice process chart over at VeriFone that shows the process in an easy to read format, find it here

That’s an overall description of a TSM, but in essence the service works like a payment gateway for an e-commerce website. Like payment gateways, TSMs make sure that the connection is secure. You may be aware of SSL encryption in websites and a similar principle, but different technology is true of a TSM. Also in common with an e-commerce system, it is the TSM that makes the request to your bank for funds for a purchase and it is not done directly straight from your phone.

How a trusted service manager / TSM handles security and data

When you first setup your credit card with a mobile wallet, you will find you have to input a code that pulls your credit card or banking details through to your phone instead of entering the actual account details. That code is managed and provided by the trusted service manager, and your credit card or banking organization shares your details with the trusted service manager. Once you add the code you have been provided to your phone, the TSM will push the correct data onto your phone that represents your account details. It won’t actually be your account details as that would be a security risk. When this task has been done, the TSM enables the secure element within your phone which then protects your account, by securing the data on your phone.

If you lose your phone or have it stolen, it is the TSM that actually prevents your details from making anymore purchases. The trusted service manager also works with your wireless carrier to ensure the data is secure during transmission of payments. If you have used a credit card on a regular basis, you will have no doubt seen the three or four digit number on the back of your card that is referred to as a CVV. This code is used as a further identity check to make sure the person who is using the card is in possession of the card. A trusted service manager goes one better by making each CVV code dynamic to every transaction. The same code cannot be used twice and only your phone and the trusted service manager knows what the code it expects is. This is a level of security that is not found in old style credit cards.

Any new payments technology may appear scary at first glance, but when you dig a little you will find that processes are in place, such as a trusted service manager to keep you safe, as long as you take your own precautions to secure your phone. So, there you have it – you now know what a trusted service manager is and what the service does.