Responds to influx of HCE and tokenisation projects from around the mobile payments industry.
In response to significant market demand for its host card emulation (HCE) and tokenisation services, FIME has broadened the scope of its white paper, which explains how the security framework for delivering near field communication (NFC) services needs to evolve to meet the business and technical requirements of all NFC stakeholders. The free-to-download document focuses on the work of industry body GlobalPlatform, and the development of the wider mobile payments industry, to clarify and simplify the security certification process to achieve an approach which balances security, functionality and cost requirements.
FIME is currently engaged in 18 projects around the world, offering consultancy support services – incorporating specification development, specialist training, test plan development and a range of other services – in addition to functional certification and security evaluation. The paper, entitled ‘The NFC Security Quiz v2.0 - Updated with HCE & Tokenisation: 7 key questions answered’, addresses many of the key lines of enquiry raised by FIME’s customers, relative to cloud-based payments and tokenisation technology.
The paper discusses solutions such as white box cryptography, tokenisation*, code obfuscation, data ciphering, GlobalPlatform’s trusted execution environment (TEE) and encryption of the data over the air that can be used to ramp up security for HCE.
“The mobile payments industry has evolved rapidly in the last 18 months and we have experienced a great deal of demand for our expertise,” comments Christian Damour, Security Business Line Manager at FIME. “The incorporation of HCE into Android kicked off a period of intense activity and innovation in the industry. But questions remain around the security of the cloud-based mobile services model so we are seeking to offer clarity by exploring software-based security techniques and insight into the key role that payment tokenisation is playing.
“The paper aims to expose the current state of play in the NFC security certification ecosystem so that service providers can identify a route forward that balances security, functionality and cost. With the NFC services industry more complex than ever, we are in a privileged position to be able to share our broad expertise. As a party that works with players across the marketplace we are excited to support the development of this next phase of mobile payments.”