Software-based secure element solution enables mobile payment providers to address critical security vulnerability in Host Card Emulation-based mobile payments by protecting customer data stored in smart phone memory
Sequent, a leading innovator of digital issuance and mobile wallet platform as-a-service, and Arxan Technologies, the leading provider of application protection solutions announced a strategic partnership to deliver secure mobile payments for financial institutions and other organisations deploying mobile payment solutions. Sequent and Arxan are combining their industry-leading security technologies in a new solution that protects Host Card Emulation (HCE)-based payment service deployments from threats
“As a recognised leader in mobile payment security, Sequent maintains the highest level of security in all our products, giving organisations peace of mind when deploying cloud-based HCE mobile payments in global markets,” said Lance Johnson, Chief Security Officer at Sequent. “By combining Arxan’s technology with our PCI and EMV compliant products, we can deliver an industry-leading, software-based security equivalent to a secure element that organisations can use to secure sensitive cardholder data and tokens stored in smart phone memory.”
Financial and retail institutions today are leveraging HCE for mobile payments because of its flexibility and independence from the limitations of the hardware-based secure element in a mobile phone. While HCE provides flexibility, it also brings a new requirement for strong, software-based protection to secure the storage of sensitive card data on the phone/device and to protect static and dynamic keys stored in the device. The requirement is critically important to address since the 2015 Verizon Data Breach Investigations Report (DBIR) found that nearly 25% of breaches are attributable to memory scraping, a hacking technique that enables access to unprotected cryptographic keys and data.
“Arxan provides the industry-leading application code protection and white box cryptographic key protection, demonstrated to protect critical assets in HCE solutions even after 160 hours of independent intrusion testing,” said Vince Arneja, VP of Product Management at Arxan. “We are glad to work with Sequent to empower organisations to deploy HCE-based mobile payments with the highest levels of software security available on mobile platforms today.”
The Sequent and Arxan solution delivers real value to organisations seeking advanced security for mobile payments. For example, for financial institutions, the solution not only makes it possible to implement bank-level security for card data protection on mobile devices, but it also provides quick time to market. Sequent creates a scalable model that gives control to banks deploying HCE services under their own brand, leveraging their own apps. It also gives banks a secure framework to distribute their credentials for safe use by their partner’s apps.