HCE Service brings to host card emulation (HCE) mobile payments a unique new level of trust and security via Public Key Infrastructure (PKI) that is PSD2 ready

Share Article

HCE Service launches its SWIM (Software Wireless Identity Module) host card emulation mobile payments platform which provides a new and unique level of trust and security via the use of Public Key Infrastructure (PKI). "The SWIM platform is European Union Payment Service Directive 2 (PSD2) ready", says Vivek Singh, Head of Business Development at HCE Service.

SWIM Mobile Payments Apps

With SWIM, issuers and wallet providers can securely enable HCE mobile payments for their consumers with strong authentication!

Card Issuers across the world are launching their own branded HCE (host card emulation) enabled digital cards on mobile devices. Rapid mobile payments growth is expected as more cash transactions convert to digital driven by the “millennial” generation.

However, the current challenges with any HCE implementation are achieving strong customer authentication, auditability, end-to-end trust and security, and reducing implementation costs. To overcome these challenges, HCE Service has launched the world’s first PKI (Public Key Infrastructure) secured HCE card digitalising managed service – “SWIM” (Software Wireless Identity Module) HCE platform.

“SWIM has drastically dropped the implementation costs of HCE cloud payments while adopting open standards (HCE, EMV, PKI, NFC, PCI-DSS, white box cryptography and biometrics),” said Vivek Singh, Head of Business Development at HCE Service. He further emphasised, “SWIM provides strong customer authentication based on Digital IDs provided to mobile users and this is compliant to Payment Service Directive 2 (PSD2) requirements.”

SWIM comprises HCE Wallet App, PKI based credential management, tokenisation based account enablement, and authorisation processing components delivered as a PCI-DSS compliant private cloud infrastructure to Issuers (banks, wallet providers, transport, corporates, etc.). Issuer mobile apps integrate easily via SWIM Software Development Kits (SDK) and Application Program Interfaces (API).

Hence Issuers can look at launching a secure and certified HCE project in a few weeks, without any significant investment on hardware or development resources. As the adoption of HCE grows within their consumer base, Issuers can then decide to either continue down the path of Managed Service or bring the technology in-house.

PKI offers the strongest possible User & Device authentication for an HCE based implementation
HCE Service solution leverages proven secure technologies: A wireless Public Key Infrastructure (PKI) and best in class encryption standards to deliver PKI-secured HCE EMV mobile payments and value-added services to banks and other card issuers, at the lowest possible costs.

Customer credentials are downloaded to the mobile handset only after a very secure channel has been established between the customer device and the issuer’s private SWIM host. The provisioning of tokenised payment credentials in the mobile wallet apps is done via two distinct highly secure mechanisms: One for digital ID based strong authentication and integrity, and the other for dynamic issuance of HCE tokens. SWIM therefore utilises “dual tokens” to protect the critical data of HCE tokens over the Internet and within mobile devices. HCE tokens are stored securely in devices using whitebox cryptography and enable EMV NFC payments to be performed even if there is no mobile Internet connectivity.

A Software Development Kit (SDK) for mobile application developers and an open and simple Application Programming Interface (API) enables the Issuer or its solutions provider to rapidly implement a highly secure HCE compliant mobile payments platform.

With HCE Service, card issuers have access to an end-to-end HCE tokenisation and authorisation cloud based wallet service. It is open to their ecosystem of partners and developers, while meeting the requirements of the payment card industry with state of the art data protection. It maximises the customer experience and minimises the possible liabilities.
Offered via Software as a Service (SaaS) model, the platform can provide integration with Visa (VDEP) and MasterCard (MDES) Token Service, as well as an option to implement proprietary tokenisation. SWIM is a “one stop shop” secure mobile payments platform that can be tuned to optimise the trade-off between CAPEX, OPEX and risk. It is also future-proof as it integrates seamlessly with existing issuer infrastructures.

About HCE Service

HCE Service Ltd, UK and HCE Secure IT Services (Private) Ltd, India deliver innovative, secure and exciting mobile tokenisation services to our card issuing customers globally with the aim that their consumers can use SWIM secured mobile apps and contactless NFC mobile payments at Points of Sales. Our state-of-the-art hosted infrastructure provides services to telecom, transport and retail enterprises as well as banks and other financial institutions. Our SWIM (Software Wireless Identity Module) solution provides strong cryptographic security to a wide range of applications and services on mobile devices. Our MAP (Mobile Application Platform) host provides the most advanced HCE EMV card/token issuance payment service for most card/token issuers. For more information, visit: http://www.HCEservice.com.

Vivek Singh, Head of Business Development, sales(at)hceservice(dot)com

HCE Service Limited, Level39, One Canada Square, Canary Wharf, London, UK, E14 5AB.

HCE Secure IT Services (Private) Limited, 401, Princes Business Skypark, Scheme Number 54, PU-3 Commercial, Vijay Nagar, Indore, MP, India, 452010.

Share article on social media or email:

View article via:

Pdf Print

Contact Author


HCE Service Limited
since: 08/2015
Like >
HCE Service Limited

Visit website