TSP Gateway

Concept definition

For the card issuers to leverage the digital services exposed by the payment networks and rely on their tokenization service, integrating with the associated TSPs (Tokenization Service Providers) is key. The card issuers then need to integrate with the exposed TSP interfaces and this can become complex when the banks issue cards from different networks.

The IDEMIA Issuer to TSP Gateway service provides card issuers with a unified connectivity with payment networks’ tokenization services (TSP) to enable various digital cards use cases across different channels. It acts as an abstraction layers between the card issuers and the networks TSP.

Use Cases

The IDEMIA Issuer to TSP Gateway service covers the following use cases:

  • Cardholders can add their card (token) into a mobile wallet, such as Apple Pay, Google Pay, and Samsung Pay for proximity payments and in-app payments if supported by the merchants.
  • Cardholders can register their card (token) with a merchant for recurring payments or future purchases. For this use case, both manual and push provisioning methods can be considered. This use case is limited to participating merchants where an agreement exists between the merchant and the network TSP.
  • For these proximity and remote payment use cases, both manual and push provisioning methods can be considered.

User Experience

Key features

A unique integration for connectivity with networks TSPs

  • The IDEMIA Issuer to TSP Gateway service provides a unified connectivity to payment schemes Tokenization Service Providers including Visa (VTS), Mastercard (MDES), Groupement Cartes Bancaires in France (STET), PostFinance in Switzerland, Elo in Brazil...
  • Connectivity with other domestic networks TSP are already planned in roadmap.
  • This connectivity with TSPs enables the issuers to benefits from a series of card digitization use cases for proximity payment (cards on OEM Pay or into the issuer’s wallet) and remote payments with the “Token-on-File” configuration with merchants or Click to Pay (EMV Secure Remote Commerce).

Support of co-badged cards

A card could have two "badges", meaning two payment instruments, usually for domestic and for international payment transactions, or for close loop payment transactions. In such case, two tokens shall be enrolled for the same card. The IDEMIA Issuer to TSP Gateway service supports co-badged cards configuration, meaning IDEMIA can connect the issuer of co-badged cards to the TSP of the associated networks for future provisioning of two tokens for the same card into the same device for example. The support of this configuration is important in particular for card/token lifecycle management.

Card/token lifecycle management

The IDEMIA Issuer to TSP Gateway service also enables card issuers to manage the card and tokens lifecycle processes and updates in a simplified and unify way through a single set of APIs. In the context of the IDEMIA Issuer to TSP Gateway service, IDEMIA can support the following lifecycle events.

Card life cycle management

The issuer can initiate updates along the card lifecycle. These changes can be:

  • Card update: In case of plastic card renewal – stolen or lost, the issuer might want to update a payment card by changing the card PAN or the card expiration date.
  • Card profile update: The issuer might want to update a payment card profile by changing the card product related properties like product description, Terms & Conditions, contact information, the card arts, color schemes...
  • Card suspension, resumption and termination: A card can be temporary suspended then resumed, or definitely terminated. IDEMIA received the request from the issuer and propagates the operation to all tokens deployed among the different Token Requestors.
Token life cycle management

Once a payment token is created and bound to a specific PAN, a number of different events can affect the function of the token:

  • Token re-personalization: A token contains keys and credentials but also some tags needed to personalize card data on all digital wallets. A token re-personalization is performed when these tags need to be re-personalized throughout the card lifecycle. The token re-personalization is automatically managed, transparently for the end-user and the issuer. The new card characteristics are updated on all devices.
  • Token renewal: A token is renewed when it is reaching its expiry date. The TSP can generate a new expiry date and it is done transparently for the end-user and the issuer.
  • Token reissuance: A token might need to be reissued in case of a transfer from one device to another, a device restoration process, for security concerns or when the Application Transaction Counter (ATC) has reached its maximum value. The token reissuance can be requested by the Token Requestor or by the Issuer.
  • Token suspension, resume and termination: These operations can be triggered by a request from the issuer in case of fraud suspicion, device lost or stolen. It can also be requested by the Token Request on behalf of the end-user or Merchant/PSP when the card is suspended or deleted from the wallet.
Campaign Manager Sub-service

For some card lifecycle events (such as update) and token lifecycle events (such as re-personalization) listed above, IDEMIA can run these updates in a batch mode, also called a campaign. Each campaign will define its execution period, its operation process timeout and the required throughput. The service comes with on-demand status endpoints such as campaign id, status, number of items passed, number of items failed, number of items in progress, failures reasons...

Transaction notification to customer

Payment transaction notification to customers can be pushed automatically by the issuer via the IDEMIA Issuer to TSP Gateway service. IDEMIA allows issuers to notify payment transactions to be forwarded to the customer wallet and for the wallet to retrieve the transaction details/history.

Activate new features

By relying on the IDEMIA Digital First Platforms Suite and integrating the IDEMIA Issuer to TSP Gateway service, card issuers can easily access new services and made new features available via their mobile banking app to the cardholders. The IDEMIA Issuer to TSP Gateway service can be combined with IDEMIA Tap & Pay service, Push Provisioning service and Token Control service. The IDEMIA Digital First Platforms Suite operate as a multi-tenant cloud system offering card issuers a unique interface to activate features from their mobile banking app and for connectivity to Token Service Providers and Token Requestors, for a variety of use cases.

Service Benefits

The IDEMIA Issuer to TSP Gateway service provides issuers with the following benefits:

  • Connect to networks’ token service provider service for digital payment use cases: Simplifies and speeds up tokenization enablement for a variety of proximity and remote payments use cases,
  • A unique set up and maintenance interface with payment networks TSPs: Support Mastercard (MDES), Visa (VTS) and other networks TSP connectivity through a single integration. It removes the burden of maintaining solution certification and compliance,
  • Increase card usage and improve customer satisfaction: Open new opportunities for the enablement of OEM Pays, Issuer Pay and any other Token Requestors,
  • Limit integration effort: Easy to integrate set of APIs reducing integration complexities and time-to-market.

Integration overview

Below are the different end-points the issuer needs to integrate with to benefit from the IDEMIA Issuer to TSP Gateway service:

The issuer will integrate IDEMIA Issuer API for Issuer to TSP Gateway with its Card Management System,

Integration overview On top of this integration, issuer’s customer care agents will access IDEMIA Customer Care portal.