Payments Industry Questions on HCE and Tokenization Addressed in Updated FIME NFC Security White Paper

Delivers Lessons Learned and Best Practices Drawn From FIME's HCE and Tokenization Projects

Montreal, Quebec, CANADA

SAN FRANCISCO, July 8, 2015 (GLOBE NEWSWIRE) -- In response to significant market interest in host card emulation (HCE) and tokenizationi services as a way to fast-track mobile payment services to market, FIME has broadened the scope of its white paper, "The NFC Security Quiz," to explain how the security framework for delivering near field communication (NFC) services needs to evolve to meet the business and technical requirements of all NFC stakeholders. The free-to-download resource focuses on the work of industry body GlobalPlatform, and the development of the wider mobile payments industry, to clarify and simplify the security certification process to achieve an approach which balances security, functionality and cost requirements.

FIME is currently consulting on 18 HCE, tokenization and mobile application projects around the world, incorporating specification development, specialist training, test plan development and a range of other services, in addition to functional certification and security evaluation. The newly revised paper, "The NFC Security Quiz v2.0 - Updated with HCE & Tokenization: 7 key questions answered," addresses many of the key lines of inquiry raised by FIME's customers, relative to cloud-based payments and tokenization technology.

The paper discusses solutions such as white box cryptography, tokenization, code obfuscation, data ciphering, GlobalPlatform's trusted execution environment (TEE) and encryption of the data over the air that can be used to ramp up security for HCE.

"The mobile payments industry has evolved rapidly in the last 18 months and we have experienced a great deal of demand for our expertise," said Christian Damour, security business line manager at FIME. "The incorporation of HCE into Android kicked off a period of intense activity and innovation in the industry. But questions remain around the security of the cloud-based mobile services model so we are seeking to offer clarity by exploring software-based security techniques and insight into the key role that payment tokenization is playing."

"The paper aims to expose the current state of play in the NFC security certification ecosystem so that service providers can identify a route forward that balances security, functionality and cost. With the NFC services industry more complex than ever, we are in a privileged position to be able to share our broad expertise. As a party that works with players across the marketplace we are excited to support the development of this next phase of mobile payments," said Damour.

The white paper can be downloaded from the FIME website at

About FIME

Read FIME's white paper on the EMV migration for the U.S. merchant community:

FIME is a trusted provider of consulting services, certification and tools. It enables U.S. customers to bring seamless EMV chip card and mobile transactions services to market effectively and confidently using secure contact and contactless EMV, near field communication (NFC), trusted service manager (TSM), trusted execution environment (TEE) and host card emulation (HCE) technologies.

Working with the payment, telecom, transit and identity sectors, FIME supports customers from project initiation to completion by advising on technical requirements, consulting on industry regulations certification authority implementation and streamlining testing and certification activity.

FIME has 11 offices across America (U.S. and Canada), Asia (Japan, South Korea and Taiwan), Europe (France), India and the Middle East (Dubai), offering global expertise and local knowledge through a single point of contact to actively contribute to the advancement and simplification of certification processes.

FIME America's offices are located in San Jose and Montreal. | Twitter | LinkedIn

i Tokenization is the process whereby a consumer's primary account number (PAN) is replaced with a dynamic PAN, otherwise known as a payment token. This token can only be used within a specific set of pre-defined circumstances, for example, at a certain retailer or on a particular device, thus reducing its value to hackers.


Contact Data