HCE Service Unveils EU PSD2 Compliant Mobile Payments Solution

HCE Service Unveils EU PSD2 Compliant Mobile Payments Solution
24.10.2016 11:30 am

HCE Service Unveils EU PSD2 Compliant Mobile Payments Solution


The EU (European Union) PSD2 (Payment Services Directive 2), which will apply from January 2018, aims in particular at ensuring that all payment services offered electronically are carried out in a secure manner, adopting technologies able to guarantee the safe authentication of the user and to reduce, to the maximum extent possible, the risk of fraud.

HCE Service announces the launch of its PKI (Public Key Infrastructure) based “SWIM” (software wireless identity module) platform which ensures the highest degree of security and safety in terms of authentication, while enabling user-friendly, convenient one-click NFC/In- App/Web payments. SWIM already complies to the PSD2 Regulatory Technical Standards requirements of Strong (2-Factor) Customer Authentication (SCA)!

With the open and insecure mobile Internet, higher levels of security, other than simple password and ID presentation, have to be introduced to limit payment fraud. PSD2 mandates Regulatory Technical Standards (RTS) on authentication and communication (Article 98):

•    Ensuring the safety of users’ funds and personal data;

•    Allowing for the development of user-friendly, accessible and innovative payments.

RTS specifies that strong customer authentication must use two of the three factors:

•    Knowledge (something only the user knows),

•    Possession (something only the user possesses), and

•    Inherence (something the user is).

Article 97(1) of PSD2 requires that payment service providers apply strong customer authentication where the payer:

•    Accesses its payment account online;

•    Initiates an electronic payment transaction;

•    Carries out any action through a remote channel with potential fraud risk

“The launch of our SWIM solution leverages proven secure technologies to be PSD2 compliant no matter what the application, account to account faster payments, use of blockchain technology in payments, and of course HCE mobile payments which are growing rapidly”, said Dr. Chandra Patni, CEO, Founder and Director of HCE Service Limited. He added, “SWIM delivers HCE EMV mobile payments and other value-added services to banks and wallet providers, at the lowest possible costs.”

The SWIM platform uses PKI (Public Key Infrastructure) security measures to protect the confidentiality and the integrity of the Payment Service Users’ (PSU) personalised security credentials as well as ensuring secure communication. “Host Card Emulation” (HCE) tokenised cards are securely delivered to mobile devices using public/private key pair digital identities. Hence public key cryptography within secure software whiteboxes on mobile devices ensures user and tokenised card data integrity.

SWIM protects the confidentiality and integrity of users’ personalised security credentials:

•    Data on personalised security credentials are masked when displayed and not readable in their full extent.

•    Personalised security credentials data as well as encryption cryptographic keys are not stored in plain text and can only be used in tamper resistant whiteboxed cryptographic processing environments.

SWIM security measures prevent unauthorised use of the personalised security credentials and of the authentication devices and software due to their loss, theft or copying. SWIM ensures:

•    Secure bilateral identification when communicating between user’s device and the tokenisation host.

•    Protection against misdirection of communication to unauthorised third parties.

•    All payment transactions and other interactions with the user are traceable, with post event audit.

•    All communication session use unique identifiers, log transactions and are network time- stamped.

Related News

Major Eurozone banks start the implementation phase of a new unified payment scheme and solution, the European Payments Initiative (EPI)

A group of 16 major European banks from five countries (Belgium, France, Germany, the Netherlands and Spain) paved the way for the future launch of the European Payments... Read more »

BNY Mellon To Deliver Real-Time Account Validation Services to Corporate and Bank Clients

BNY Mellon today announced a strategic collaboration with risk and payments solution provider Early Warning Services, LLC (EWS). Through this... Read more »

PPRO adds European Paysafecash to its robust local payment method platform

Today, PPRO, the leading local payments platform-as-a-service, announces that it has released a direct integration with Paysafecash, in a move that signifies the brand’s... Read more »

Paycircle and PayDashboard partner to fully digitise payroll and payday experience

Cloud-based payroll provider, Paycircle, and interactive payslip platform... Read more »

SumUp ramps up support for local businesses via Gift Card partnership with Google My Business

UK-based payments service provider SumUp (www.sumup.co.uk), today announces a  partnership with Google - which will... Read more »

Royal Bank launches ‘Tyl’ to help Scottish business build for the future

Royal Bank of Scotland has announced the launch of a new, innovative payments service in Scotland. ‘Tyl’ is designed to make it easier for... Read more »

Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel