Software-based secure element solution enables mobile payment providers to address critical security vulnerability in Host Card Emulation-based mobile payments by protecting customer data stored in smart phone memory
Sequent, a leading innovator of digital issuance and mobile wallet platform as-a-service, and Arxan Technologies, the leading provider of application protection solutions, today announced a strategic partnership to deliver secure mobile payments for financial institutions and other organisations deploying mobile payment solutions. Sequent and Arxan are combining their industry-leading security technologies in a new solution that protects Host Card Emulation (HCE)-based payment service deployments from threats.
“As a recognised leader in mobile payment security, Sequent maintains the highest level of security in all our products, giving organisations peace of mind when deploying cloud-based HCE mobile payments in global markets,” said Lance Johnson, Chief Security Officer at Sequent. “By combining Arxan’s technology with our PCI and EMV compliant products, we can deliver an industry-leading, software-based security equivalent to a secure element that organisations can use to secure sensitive cardholder data and tokens stored in smart phone memory.”
Financial and retail institutions today are leveraging HCE for mobile payments because of its flexibility and independence from the limitations of the hardware-based secure element in a mobile phone. While HCE provides flexibility, it also brings a new requirement for strong, software-based protection to secure the storage of sensitive card data on the phone/device and to protect static and dynamic keys stored in the device. The requirement is critically important to address since the 2015 Verizon Data Breach Investigations Report (DBIR) found that nearly 25% of breaches are attributable to memory scraping, a hacking technique that enables access to unprotected cryptographic keys and data.
“Arxan provides the industry-leading application code protection and white box cryptographic key protection, demonstrated to protect critical assets in HCE solutions even after 160 hours of independent intrusion testing,” said Vince Arneja, VP of Product Management at Arxan. “We are glad to work with Sequent to empower organisations to deploy HCE-based mobile payments with the highest levels of software security available on mobile platforms today.”
The Sequent and Arxan solution delivers real value to organisations seeking advanced security for mobile payments. For example, for financial institutions, the solution not only makes it possible to implement bank-level security for card data protection on mobile devices, but it also provides quick time to market. Sequent creates a scalable model that gives control to banks deploying HCE services under their own brand, leveraging their own apps. It also gives banks a secure framework to distribute their credentials for safe use by their partner’s apps.
About Arxan
Arxan provides the world’s strongest application protection solutions. Our unique patented guarding technology 1) Defends applications against attacks, 2) Detects at run-time when an attack is being attempted, and 3) Responds to detected attacks to stop them, alert, or repair. Arxan offers solutions for software running on mobile devices, desktops, servers, and embedded platforms – including those connected as part of the Internet of Things (IoT) – and is currently protecting applications running on more than 300 million devices across a range of industries, including: financial services, high tech/independent software vendors (ISVs), manufacturing, healthcare, digital media, gaming, and others. The company’s headquarters and engineering operations are based in the United States with global offices in EMEA and APAC.
About Sequent
Sequent is the leading innovator of digital issuance and mobile wallet platform that delivers secure mobile payments and value-added services to banks, payment processors, mobile operators, and access control providers. With Sequent, customers can extend digitized cards to trusted applications for an open ecosystem of partners and developers while maintaining the strictest requirements of highly secure, regulated industries. Sequent products include: Open Wallet Platform, Digital Issuance and Trust Authority. Sequent is endorsed and used by major customers on four continents.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.