With smartphones an integral part of daily life and routines, mobile payments are seeing a rapid rise in popularity and usage. The monetary nature of these functions requires higher security standards in guarding payment-related data, such as critical keys and payment credentials.

Cloud Based Payments make use of tokenized credit card keys and other fraud detection mechanismsto mitigate the security risks of a pure software-based security approach when designing a mobile payment application. However, banks need to put in place additional mobile software security mechanisms to protect the mobile applications. V-Key provides an easy-to-integrate software module to help banks easily fulfill their security obligations and protect their mobile payments from cyber-attacks.

A leading bank on the cusp of partnering with a global payment platform provider to roll out Cloud Based Payments (CBP), needed to integrate their mobile wallet application with the provider’s CBP mobile software development kit. However, the payment provider did not provide adequate software security for the CBP module, and the bank needed to find a security provider to help protect the CBP keys and transaction information due to the financial risks.

After an internal security evaluation, the bank selected V-Key’s virtual secure element solution as their security provider. The primary component of the solutions was a Cloud Based Payment Trusted Application (CBP TA) that was built to run within V-OS.

V-Key integrated the CBP TA directly with the payment provider’s CBP Software Development Kit (SDK) with minimal impact on the CBP’s business logic.

The secure V-OS environment also protected the bank’s sensitive CBP cryptographic logic. With V-Key's complete solution for CBP security, the bank was assured that its new mobile wallet application and payment logic would be secure from cybercrime such as the theft of payment credentials.

The bank’s mobile wallet also adopted the V-Guard mobile application protection suite, which implemented mobile-specific threat intelligence for back-end fraud detection. This allowed for the protection from V-OS to further encompass the entire mobile wallet app, thereby providing an all-round protection for the bank.

Challenges faced by banks include:

Processing protected key materials so that data would never get extracted from V-OS or get exposed during cryptogram generation.

Processing and decrypting encrypted payloads such as keys from the CBP server.

Performing housekeeping operations on protected keys, allowing seamless synchronizations between the original CBP SDK and CBP TA