ITSO Portal
Enquire
ITSO Portal
Enquire
Our Products

ITSO Secure Application Module

ISAM

The secure element at the heart of every ITSO scheme

The ISAM (ITSO Secure Application Module) is a mandatory security component at the heart of every ITSO-compliant system. It acts as the trusted security anchor for smart ticketing, ensuring tickets cannot be forged, altered, or misused across the national ITSO network. Put simply, if a device reads, writes, or verifies ITSO tickets, it must contain an ISAM.

The ISAM provides the first line of defence against fraud.

In the ITSO environment, an ISAM performs all critical security functions inside a tamper-resistant, independently accredited hardware module.

80x80

ITSO Specification

The ITSO Specification defines how every part of a smart ticketing system works together.
Learn more
80x80

ISAM

The ITSO Secure Application Module (ISAM) – delivering trusted security for every transaction.
Learn more
80x80

ISMS

The ITSO Security Management Service (ISMS) – managing encryption and authentication to protect ticketing environments.
Learn more
Our Products

What is an ISAM

The ITSO Secure Application Module (ISAM) is a specialised, high-security cryptographic hardware module that underpins the security of the ITSO smart ticketing framework.

It is a mandatory component within every ITSO-compliant ticketing device and back-office system, ensuring that tickets, transactions and scheme data remain secure and trusted across the national network.

Physically, the ISAM is built using secure smartcard chip technology and is typically supplied in a flexible, SIM-style format, allowing it to be installed in a wide range of equipment types.

In simple terms, the ISAM securely stores the keys and rules that allow ITSO products to be created, validated and processed - without risk of tampering or fraud.

isam-v4

What does an ISAM do?

icon-security

Prevents fraud and cloning

The ISAM cryptographically verifies that every smart card or mobile ticket is genuine, protecting against counterfeit media and revenue loss.
ITSO_Reassurance

Secures transaction data

It applies a digital ITSO Seal to every transaction, ensuring records cannot be altered, duplicated or tampered with.
icon-interoperability

Enables interoperability

By enforcing the ITSO Specification at device level, the ISAM allows tickets issued by one organisation to be securely validated by another.
ITSO_Security - C

Protects the passenger

It protects passenger privacy by ensuring only the card issuer can link journeys to an individual.
Our Products

Where is the ISAM used?

Every core ITSO system component requires its own dedicated ISAM to operate securely within the national framework.

Every bus ticket machine, rail gate  or platform validator contains a unique ISAM. This ensures that every ITSO ticket validation, product update or transaction is cryptographically secured at the point it takes place.

In back-office systems, such as the Host Operator Processing Systems (HOPS), a specialised form of ISAM, commonly referred to as an HSAM,   verifies incoming transactions, secures system-to-system messaging, and finalises settlement data, maintaining trust across independently operated schemes.
ITSO-smartcard-desktop
Our Products

Who can purchase ISAMs

ISAMs are tightly controlled security devices and can only be purchased by organisations that hold a valid ITSO Operating Licence and are authorised to operate within the ITSO framework. This ensures that only approved and accountable parties are able to create, validate or process ITSO products.

Orders are placed through ITSO’s controlled supply process, with each ISAM issued against a registered organisation and specific authorised use. Allocation is governed by strict identity verification and security procedures.

This controlled distribution model protects the integrity of the national ITSO environment and ensures that only trusted systems can participate in secure ticketing operations.

meeting-desktop

How security fits together

Learn how the ISMS underpins the security of every ISAM.
Learn about the ISMS