Inside Secure, a leader in embedded security solutions for mobile and connected devices, today announces at Cartes America the launch of a white-label Android application for Host Card Emulation (HCE) based payments.
The new MatrixHCE product enables mobile payment application providers to accelerate time to market by using the pre-validated HCE payment functionality. It includes the highest level of software security to defend against any attacks in the hostile mobile environment.
Introduced on Android 4.4 (KitKat), Host Card Emulation (HCE) allows for contactless payments (and other services including loyalty programs, building access and transit passes) to be made directly between the consumers' bank mobile application and the retailers point-of-sale, using NFC technology. It allows sensitive data used to facilitate transactions to be stored on, and accessed from, cloud servers rather than a mobile device and without the use of a hardware secure element. HCE therefore enables widespread deployment of mobile payments, which have previously been restricted by the limited deployment of hardware secure elements in mobile devices. However HCE adoption has been hampered by the security concerns associated with software payment applications running on open mobile platforms.
MatrixHCE combines INSIDE Secure's long expertise in payments security with the software security expertise it gained from Metaforic, a company acquired by INSIDE Secure on April 5, 2014, to address these concerns and offer the highest possible level of software security.
MatrixHCE supports the HCE payment standards announced by major payment brands such as Mastercard and VISA, in preparation for the global commercial rollout later this year. It benefits from the software obfuscation and whitebox encryption security technologies developed by Metaforic. These have successfully undergone extensive penetration tests at external security labs. MatrixHCE also embeds secure networking communication technologies to protect the exchanges between the cloud server and the mobile application, thereby further protecting banking and payment data.
"The m;The mobile payme payment market has tremendous potential and we are excited to bring this innovative offering to market to accelerate deployments," said Simon Blake-Wilson, executive vice president of Mobile Security division at INSIDE Secure. "Our solution raises the bar on software security by combining application and cloud security to solve the critical problem in delivering workable HCE based payment solutions."
With the addition of MatrixHCE, INSIDE Secure offers the most complete range of client security solutions for the payments market, comprising:
- Micropass, consisting of chip, OS and payments applications for traditional card-based payments
- VaultSEcure, a hardware secure element solution consisting of chip, OS and payments applications for hardware-based mobile payments
- MatrixHCE, a white-label application, building on HCE for software-based mobile payments
INSIDE Secure is uniquely positioned as the only company able to provide security solutions for enterprise secure access, digital entertainment and financial services markets, the three key market drivers for mobile security. Benefitting from this expertise, MatrixHCE is built upon the trusted foundation of MatrixSSE, INSIDE's software secure element, including anti-tampering and code obfuscation technologies, which allows the application to defend itself against malware, 'man-in-the-app' attacks (Trojan horse) and communication spoofing attacks. MatrixSSE provides security capabilities for general applications, while MatrixHCE adds payment specific security mechanisms and transaction security capabilities on top of MatrixSSE. With this level of security, banks and financial applications providers who plan to deploy secure mobile apps can ensure the highest level of protection for the payment transactions.