www.thales-esecurity.com BUILD AND DEPLOY A COMPLETE END-TO-END HCE ECOSYSTEM QUICKLY AND SECURELY WITH A HARDENED ROOT OF TRUST Cover the complete end-to-end ecosystem for HCE-based payments Separate mobile and card PANs in common customer accounts Leverage Google Play store for mobile application downloads Use certified HSMs throughout system to deliver maximum key protection Scale easily to support growth in customer accounts and transaction volumes <Thales e-Security> VERISOFT DELIVERS A COMPLETE HCE CLOUD-BASED MOBILE PAYMENT SYSTEM USING THALES PAYSHIELD THE CHALLENGE: BALANCING RISK AND SECURITY IN MOBILE PAYMENTS The majority of mobile phones today do not have a secure element (SE) and many issuers do not want the cost and complexity of dealing with a third party service provider. Issuers have a challenge in deciding how to offer mobile payments solutions to their customers in a way that delivers profitability but does not compromise security. Many evolving solutions are tightly controlled by handset manufacturers or mobile network operators (MNOs). Recent Android operating system releases offer an alternative approach, based on a more practical balance between security and risk for issuers. HCE: THE CLOUD BASED APPROACH KEEPING ISSUERS IN CONTROL Host card emulation (HCE) allows issuers to store customer account credentials securely in their private cloud, loading only tokenized data in the phone which is typically valid for one transaction – no SE is required in the phone. Issuers are in complete control of deciding when to replenish the credentials based on usage and constant fraud monitoring. Hardware security modules (HSMs) provide the essential protection for keys and sensitive data at all times, complementing the software security mechanisms used by the mobile application. Thales payShield 9000 protects keys and sensitive data used by Verisoft SkySTAR across entire NFC HCE ecosystem Issuer Credentials Management System Mobile Payment Application Account Enablement System Transaction Management System SkySTAR End-to-End Solution Provisioning Synchronization Transaction Thales payShield HSM Thales payShield HSM Thales payShield HSM Digitized Card Delivery Digitized Card Transaction
Transcript
w w w . t h a l e s - e s e c u r i t y . c o m
BUILD AND DEPLOY A COMPLETE END-TO-END HCE ECOSYSTEM QUICKLY AND SECURELY WITH A HARDENED ROOT OF TRUST
Cover the complete end-to-end ecosystem for HCE-based payments Separate mobile and card PANs in common customer accounts Leverage Google Play store for mobile application downloads Use certified HSMs throughout system to deliver maximum key protection Scale easily to support growth in customer accounts and transaction volumes
<Thales e-Security>
VERISOFT DELIVERS A COMPLETE HCE CLOUD-BASED MOBILE PAYMENT SYSTEM USING THALES PAYSHIELD
THE CHALLENGE: BALANCING RISK AND SECURITY IN MOBILE PAYMENTSThe majority of mobile phones today do not have a secure element (SE) and many issuers do not want the cost and complexity of dealing with a third party service provider. Issuers have a challenge in deciding how to offer mobile payments solutions to their customers in a way that delivers profitability but does not compromise security. Many evolving solutions are tightly controlled by handset manufacturers or mobile network operators (MNOs). Recent Android operating system releases offer an alternative approach, based on a more practical balance between security and risk for issuers.
HCE: THE CLOUD BASED APPROACH KEEPING ISSUERS IN CONTROLHost card emulation (HCE) allows issuers to store customer account credentials securely in their private cloud, loading only tokenized data in the phone which is typically valid for one transaction – no SE is required in the phone. Issuers are in complete control of deciding when to replenish the credentials based on usage and constant fraud monitoring. Hardware security modules (HSMs) provide the essential protection for keys and sensitive data at all times, complementing the software security mechanisms used by the mobile application.Thales payShield 9000 protects keys and sensitive data used
by Verisoft SkySTAR across entire NFC HCE ecosystem
Americas – Thales e-Security Inc. 900 South Pine Island Road, Suite 710, Plantation, FL 33324 USA • Tel:+1 888 744 4976 or +1 954 888 6200 • Fax:+1 954 888 6211 • E-mail: [email protected] Pacific – Thales Transport & Security (HK) Lt, Unit 4101-3, 41/F, Sunlight Tower, 248 Queen’s Road East, Wanchai, Hong Kong • Tel:+852 2815 8633 • Fax:+852 2815 8141 • E-mail: [email protected], Middle East, Africa – Meadow View House, Long Crendon, Aylesbury, Buckinghamshire HP18 9EQ • Tel:+44 (0)1844 201800 • Fax:+44 (0)1844 208550 • E-mail: [email protected]
<Thales e-Security>
THE SOLUTION: VERISOFT SKYSTAR HCE SERVER SYSTEM WITH THALES PAYSHIELD 9000 UNDERPINNING THE SECURITY ARCHITECTUREThe importance of data security is ever increasing and Verisoft has worked closely with Thales for many years in the payment card world delivering EMV data preparation, card personalization, and transaction authorization solutions to major issuing banks in many countries. The partnership has been extended to include mobile near field communications (NFC) HCE solutions. Verisoft offers a complete end-to-end solution for banks incorporating all components (including the mobile application) necessary to enable consumers to make contactless mobile payments in a secure manner, while still providing considerable implementation flexibility to the issuer.
Verisoft SkySTAR HCE Server System provides important security features including:
A secure channel between the Credentials Management System and the Mobile Payment Application – this ensures the integrity and security of keys and sensitive data delivered to the phone during both initial provisioning and subsequent replenishment operationsA transparent tokenization and detokenization service operated by the issuer (using the Verisoft Tokenization Server) to manage the relationship between the card primary account number (PAN) and the tokenized PAN used by the mobile application – this saves the issuer money by eliminating the need to pay for third party tokenization services
WHY USE THALES PAYSHIELD 9000 WITH VERISOFT SKYSTAR?Thales payShield 9000 has been pre-integrated with the Verisoft SkySTAR HCE System so there is no need for any additional software development or integration.
Some of the benefits that payShield 9000 delivers to the Verisoft SkySTAR HCE System, and ultimately to customers making mobile payments include:
High levels of cryptographic performance, scalability, and resilience – essential for the mission-critical mobile provisioning and transaction processing environmentsComprehensive support for the latest cryptographic algorithms and key management schemes – helping to future-proof the solution as new standards emergeStrong security administration and key separation – reducing the risk of sensitive data exposure
THALESThales payShield 9000 is the most widely deployed payment HSM in the world. The cryptographic functionality and management features meet or exceed the card application and security audit requirements of the major international card networks, supporting a wide range of issuing and transaction processing requirements for both cards and mobile devices. Independent certification to the PCI HSM and FIPS 140-2 Level 3 standards confirm its security pedigree.
VERISOFTVerisoft SkySTAR HCE Server system in conjunction with SkyWALLET Android HCE NFC applications provides Visa and MasterCard NFC capability on mobile phones running the Android 4.4 KitKat operating system release, or later versions. Verisoft provides all the components necessary to enable the issuer to create a complete end-to-end HCE solution, facilitating easy interfacing with existing card issuing and transaction processing systems where:
Account Enablement System generates card profile data, the digitized card data and card master keysCredentials Management System provisions the digitized card data and set(s) of keys (session keys and single use keys) to the Mobile Payment ApplicationTransaction Management System validates payment transaction cryptograms generated by the Mobile Payment ApplicationMobile Payment Application is a mobile device application (developed by Verisoft and customized in conjunction with the issuer) that enables NFC payments using digitized cards
For detailed technical specifications, please visit www.thales-esecurity.com or www.verisoftgroup.com
VERISOFT DELIVERS A COMPLETE HCE CLOUD-BASED MOBILE PAYMENT SYSTEM USING THALES PAYSHIELD
