Card Issuers across the world are launching their own branded HCE (host card emulation) enabled digital cards on mobile devices. Rapid mobile payments growth is expected as more cash transactions convert to digital driven by the “millennial” generation.

However, the current challenges with any HCE implementation are achieving strong customer authentication, auditability, end-to-end trust and security, and reducing implementation costs. To overcome these challenges, HCE Service has launched the world’s first PKI (Public Key Infrastructure) secured HCE card digitalising managed service – “SWIM” (Software Wireless Identity Module) HCE platform.

“SWIM has drastically dropped the implementation costs of HCE cloud payments while adopting open standards (HCE, EMV, PKI, NFC, PCI-DSS, white box cryptography and biometrics),” said Vivek Singh, Head of Business Development at HCE Service. He further emphasised, “SWIM provides strong customer authentication based on Digital IDs provided to mobile users and this is compliant to Payment Service Directive 2 (PSD2) requirements.”

SWIM comprises HCE Wallet App, PKI based credential management, tokenisation based account enablement, and authorisation processing components delivered as a PCI-DSS compliant private cloud infrastructure to Issuers (banks, wallet providers, transport, corporates, etc.). Issuer mobile apps integrate easily via SWIM Software Development Kits (SDK) and Application Program Interfaces (API).

Hence Issuers can look at launching a secure and certified HCE project in a few weeks, without any significant investment on hardware or development resources. As the adoption of HCE grows within their consumer base, Issuers can then decide to either continue down the path of Managed Service or bring the technology in-house.

PKI offers the strongest possible User & Device authentication for an HCE based implementation

HCE Service solution leverages proven secure technologies: A wireless Public Key Infrastructure (PKI) and best in class encryption standards to deliver PKI-secured HCE EMV mobile payments and value-added services to banks and other card issuers, at the lowest possible costs.

Customer credentials are downloaded to the mobile handset only after a very secure channel has been established between the customer device and the issuer’s private SWIM host. The provisioning of tokenised payment credentials in the mobile wallet apps is done via two distinct highly secure mechanisms: One for digital ID based strong authentication and integrity, and the other for dynamic issuance of HCE tokens. SWIM therefore utilises “dual tokens” to protect the critical data of HCE tokens over the Internet and within mobile devices. HCE tokens are stored securely in devices using whitebox cryptography and enable EMV NFC payments to be performed even if there is no mobile Internet connectivity.

A Software Development Kit (SDK) for mobile application developers and an open and simple Application Programming Interface (API) enables the Issuer or its solutions provider to rapidly implement a highly secure HCE compliant mobile payments platform.

With HCE Service, card issuers have access to an end-to-end HCE tokenisation and authorisation cloud based wallet service. It is open to their ecosystem of partners and developers, while meeting the requirements of the payment card industry with state of the art data protection. It maximises the customer experience and minimises the possible liabilities.

Offered via Software as a Service (SaaS) model, the platform can provide integration with Visa (VDEP) and MasterCard (MDES) Token Service, as well as an option to implement proprietary tokenisation. SWIM is a “one stop shop” secure mobile payments platform that can be tuned to optimise the trade-off between CAPEX, OPEX and risk. It is also future-proof as it integrates seamlessly with existing issuer infrastructures.