EnStream offers two types of services to credential issuers:
- Secure Element Access Services; and
- SP TSM Services.
Secure Element Access Services
In the plastic card world, a bank issuing a payment credential prepares the card information and sends it to a card producer, who securely provisions it on a chip that is stored on a card, which is then delivered to the bank’s customer. With mobile payments, instead of delivering the card information to a card producer, it is delivered over the air and stored directly on a secure element that is accessible by the mobile device. While there are different ways to enable a smartphone with a secure element, EnStream uses the Global Platform standard, which uses a secure element on the SIM card. SIM cards are purchased and put into service by mobile network operators, and they provide access to the secure element space on commercial terms. EnStream has resale agreements for secure element space with all MNOs offering mobile payment services in Canada and can provide this secure element access to banks and other issuers through a resale arrangement.
How the end user benefits from a SIM based secure element vs an embedded secure element:
- Portability – When the customer changes phones, a SIM based secure element can be moved from phone to phone with the customer’s account.
- Security – When the customer changes phones, there is no risk of financial account information remaining in the phone being discarded, as it is removed with the SIM card. Furthermore, SIM cards have a proven record of secure performance. They have not been compromised in the history of their commercial deployment, which now spans over twenty years.
- Consistency – SIM based secure elements are certified in accordance with global standards, ensuring consistent performance with different issuers, payment credentials and user interfaces. There is no standards body governing embedded secure elements.
How the issuing bank benefits from resale through EnStream vs dealing with bilateral MNO agreements:
- Efficiency – one agreement convers the customers of up to five mobile networks.
- Consistency – all mobile networks are covered under the same terms, conditions, reporting, operating practices and pricing.
- Performance – all secure element access issues are diagnosed and dealt with by EnStream, rather than working with multiple parties to find and address issues.
- Flexibility – with one agreement, the bank can access as many MNOs as it wishes, phasing in additional MNOs as it sees fit, under the same business terms.
SP TSM Services
A Trusted Service Manager (TSM) is the technology platform that links banks and mobile network systems. There are two sides to the TSM. The issuer or bank side is the Service Provider TSM, or SP TSM. The MNO side is the Secure Element Manager, or SEM (also called the Root TSM). The SP TSM communicates with the SEM and the secure element on the SIM card, on the issuing bank’s behalf. It manages the encryption keys for the secure element space afforded to the issuing bank. Most importantly, it accepts the card information, encrypts it, and securely sends and stores it on the secure element. The issuing bank has the option of building its own SP TSM and connecting it into the MNOs, or to EnStream. The issuing bank can also work with a commercial SP TSM service of its choice.
EnStream uses Bell ID SP TSM technology operated by BlackBerry in a secure BlackBerry data centre. EnStream’s SP TSM is certified by Visa, MasterCard and Interac.
How the bank benefits from using EnStream’s SP TSM:
- Proven performance – EnStream has a track record of success in enabling banks, with integration on the issuing bank’s terms, and providing reliable service.
- Technical neutrality – EnStream and its technology partners are unaffiliated with a payment card manufacturer or SIM card operating system, making it easier to integrate across different technology platforms.
- Preintegration – EnStream’s SP TSM is pre-connected and in commercial service with EnStream’s SEM and participant MNOs, avoiding the need for time consuming integration and testing.
- Scale – EnStream is already in commercial service with multiple issuers. Since EnStream works on a shared costs basis, building credential volume on a single platform ensures scale benefits flow back to the issuers.
- Issue resolution – since EnStream operates the secure element manager, and may be the secure element access provider to the bank, sourcing SP TSM services from EnStream ensures that fewer parties are involved in end-to-end troubleshooting and performance management, making issue resolution and performance improvement more efficient.