Threat Category: Application-based
ID: PAY-5
Threat Description: HCE payments do not directly leverage the security of storing cryptographic keys in the Secure Element, and therefore must securely manage cryptographic secrets and transaction details at the application level. Operating at a lower security baseline makes HCE-based payment apps attractive targets for financially-motivated attackers. The further-lowered security baseline of rooted or jail-broken mobile devices renders HCE-based apps highly vulnerable to compromise.
Threat Origin
Secure Element Deployment & Host Card Emulation v1.0 1
Exploit Examples
Not Applicable
CVE Examples
Not Applicable
Possible Countermeasures
Deploy EMM or containerization solutions to prohibit the use HCE-based apps on rooted or jail-broken devices.
Use app-vetting services for HCE-based payment apps to determine if they are trustworthy prior to deployment.
Mobile Device UserDo not use HCE-based apps on rooted or jail-broken devices.
Mobile App DeveloperReview additional methods for ensuring the confidentiality and integrity of mobile payments. Sources of additional guidance include the Smart Card Alliance 2 and Mozido 3
References
Secure Element Deployment & Host Card Emulation v1.0, white paper, SIMalliance, 2014; http://simalliance.org/wp-content/uploads/2015/03/Secure-Element-Deployment-Host-Card-Emulation-v1.0.pdf [accessed 10/24/2016] ↩
Host Card Emulation (HCE) 101, white paper MNFCC-14002, Smart Card Alliance Mobile & NFC Council, 2014; http://www.smartcardalliance.org/downloads/HCE-101-WP-FINAL-081114-clean.pdf [accessed 10/24/2016] ↩
HCE Payment - How it works and best practices for banks, white paper, Mozido, 2016; https://members.nfcw.com/1980/hce-payment-works-best-practices-banks/ [accessed 8/1/2022] ↩