Trustonic’s trusted execution environment (TEE) solution is the first hardware-backed TEE to complete the EMVCo Software-Based Mobile Payments security evaluation process.
EMVCo is the global technical body that facilitates the worldwide interoperability and acceptance of secure payment transactions. As such, this evaluation process “confirms that the Trustonic TEE provides a robust security foundation that meets the requirements of software-based mobile payment (SBMP) and acceptance solutions,” Trustonic said.
According to Dan Rawlings, CCO of Trustonic, the technology is already protecting payment apps from a broad spectrum of companies. These range from small startups through to some of the largest OEMs and mobile payment providers in the world, all via a simple SDK.
“This certification, and the adoption of Trustonic Application Protection in the financial sector, confirms what many fintechs, banks, payment schemes and mPOS developers already know. Trust, credibility and confidence are built and maintained with high levels of assurance. Combining software and hardware-backed security is the only way to achieve that when the stakes are high,” Rawlings said.
The Trustonic Application Protection (TAP)
The Trustonic Application Protection (TAP) development toolkit enables developers to easily build and deploy a range of secure financial applications. These include mobile payment, banking, and acceptance use cases like mobile point of sale (mPOS), ‘tap on phone’ and software-based PIN entry on COTS (SPoC).
It also protects mobile applications by securing sensitive code, data and processes in Trustonic’s heavily protected TEE. The environment continuously upgrades over the course of an app’s lifecycle to take advantage of the most advanced hardware and software security technologies available on smartphones.
The platform includes Trustonic’s Trusted User Interface (TUI). This interface isolates and protects sensitive input and display user interactions from the device operating system – like PIN entry – in app user interfaces.
Rawlings said: “The payments and banking ecosystems are leading the way when it comes to securing apps and data. As regulations like PSD2, SCA and GDPR evolve, privacy is pushed into the consumer domain, security is becoming a differentiator. Developers need to know that hardware no longer limits innovation and user experience, the flexibility of TEE security is nuanced and can be used to deliver simpler, richer and faster user experiences.”