Thales announces the world’s first software for Hardware Security Modules (HSMs) that enables mobile payment issuers to deliver their mobile payment applications to mobile handsets Over-The-Air (OTA) in a simple, efficient and secure manner.

According to Juniper Research mobile payments for digital and physical goods, money transfers and NFC (Near Field Communications) transactions will reach almost $630bn by 2014. The many recent announcements by handset manufacturers and Mobile Network Operators on the support for NFC on phones suggest 2011 could be the year when phones capable of mobile payments will become widely available.

Today’s mobile payments issuers have to use multiple core cryptographic function calls to build the data needed to issue a payment application and to create the secure messages required to personalize the mobile phone with the application Over-The-Air (OTA). This approach can be lengthy, inefficient, and less secure as it can potentially expose sensitive data.

Thales HSMs now provide for the first time the ability to create a secure message to personalize a payment application hosted in a GlobalPlatform Secure Element, resident in a mobile phone using a single dedicated cryptographic HSM call. The new card and phone personalization software is based on the industry standard specifications for secure messaging developed and published by GlobalPlatform.

“GlobalPlatform is the international organization which standardizes the management of applications on secure chip technology, and has become the foundation for managing and personalizing payment applications on mobile phones”, says Kevin Gillick, Executive Director of GlobalPlatform. “Thales’s implementation of GlobalPlatform’s specifications greatly simplifies the process required by mobile issuers to securely load mobile payment applications onto mobile devices."

“As a leading provider of issuing applications we are witnessing a signification increase in our customers’ requests to provide systems to issue payments applications to mobile phones”, says Patrick Regester, EVP Sales and Marketing at Aconite. “Using the specific card issuing and personalization cryptographic functions provided by Thales HSMs we will be able to respond rapidly to our customers’ needs with market leading, secure and efficient applications.”

“With the widespread adoption of smartphones consumers are increasingly looking for the freedom to make purchases from their mobile handsets,” says Franck Greverie, Thales vice president in charge of information technology security activities. “Thales is the largest supplier of payment HSMs, and our new dedicated cryptographic functions for mobile payment issuers have come at exactly the right time, enabling card personalisation providers, including Trusted Service Managers (TSMs), to simplify the secure implementation of payment applications and take advantage of the huge growth in mobile-based payments that is being widely predicted.”

Thales Mobile payments application issuing functions are available on its latest generation of Hardware Security Modules, payShield 9000, which include market leading performance and resiliency that today’s data centres demand.

Visit our digital media centre for industry issues and comment.

For more information, visit

Edited by Janine E. Mooney, Associate Editor