Go to content Phone human-readable description of the message we trying to accomplish. Search human-readable description of the message we trying to accomplish. Map pin human-readable description of the message we trying to accomplish.

First solution EMVCo-certified to help developers protect mobile payment & acceptance apps with in-app protection and hardware-backed Trusted Execution Environment.

4 February 2020 – Mobile device and app security leader Trustonic today announces that its trusted execution environment (TEE)* solution is the first hardware-backed TEE to complete the EMVCo Software-Based Mobile Payments security evaluation process.

EMVCo certifies Trustonic to secure mobile payments apps

EMVCo is the global technical body that facilitates the worldwide interoperability and acceptance of secure payment transactions. As such, this evaluation process confirms that the Trustonic TEE provides a robust security foundation that meets the requirements of software-based mobile payment (SBMP) and acceptance solutions.

“This technology is already protecting payment apps from small startups through to some of the largest OEMs and mobile payment providers in the world; all via a simple SDK,” comments Dan Rawlings, CCO, Trustonic. “This certification, and the adoption of Trustonic Application Protection in the financial sector, confirms what many fintechs, banks, payment schemes and mPOS developers already know. Trust, credibility and confidence are built and maintained with high levels of assurance, and combining software and hardware-backed security is the only way to achieve that when the stakes are high.”

The Trustonic Application Protection (TAP) development toolkit enables developers to easily build and deploy a range of secure financial applications including mobile payment, banking, and acceptance use cases like mobile point of sale (mPOS), ‘tap on phone’ and software-based PIN entry on COTS (SPoC). This protects mobile applications by securing sensitive code, data and processes in Trustonic’s heavily protected TEE. The environment continuously upgrades over the course of an app’s lifecycle to take advantage of the most advanced hardware and software security technologies available on smartphones. The platform includes Trustonic’s Trusted User Interface (TUI), which isolates and protects sensitive input and display user interactions from the device operating system – like PIN entry – in app user interfaces.

“Hardware-backed TEE technology plays a big role in enabling the mobile financial ecosystem to mature and achieve its potential,” adds Tim Hartog, Director Mobile Payments at Riscure, the independent security test laboratory that performed the security evaluation. “This is because hardware-backed TEE technology, like Trustonic’s TEE, can protect apps even if attackers have root privileges on the device. With Trustonic providing access to the TEE through TAP, solution developers are now able to effectively secure PIN entry on smartphones. This is a key enabler for using smartphones as acceptance devices.”

The official announcement from Riscure can be found here.

Dan Rawlings concludes: “The payments and banking ecosystems are leading the way when it comes to securing apps and data. As regulations like PSD2, SCA and GDPR evolve, privacy is pushed into the consumer domain, security is becoming a differentiator. Developers need to know that hardware no longer limits innovation and user experience, the flexibility of TEE security is nuanced and can be used to deliver simpler, richer and faster user experiences.”

For more information and case studies on how Trustonic is securing and enhancing banking, payment, fintech and acceptance apps around the world, visit our application protection page.

*The TEE is a hardware-based security enclave of the main processor in a smart phone (or any connected device) that ensures sensitive data is stored, processed and protected in an isolated, trusted environment. The TEE’s ability to offer isolated safe execution of authorised security software, known as ‘trusted applications’, enables it to provide end-to-end security by enforcing data protection, confidentiality, integrity and access rights and interfacing securely with end-users. The TEE offers a level of protection against mass scale attacks originated from the main Rich OS environment.

Related content

Trustonic + Lookout – Advanced Mobile Security for Banking & Fintech Apps

The need for in-app protection for critical mobile apps is greater than ever. The partnership between Lookout and Trustonic brings together two of the most robust app security platforms on the market, delivering the advanced security and protection required by banks and fintechs wishing to offer PSD2-compliant services and Strong Customer Authentication (SCA) requirements.


Lookout & Trustonic Partner to Provide Comprehensive End-To-End Mobile App Security

San Francisco, CA - October 17, 2019 - Lookout, Inc, the leader in securing the post-perimeter world, has announced a record year for its App Defense product with new customer acquisitions and strategic go-to-market partnerships. App Defense helps enterprises protect their customer-facing apps from data compromise and fraudulent transactions. Breaches can have a significant impact on brands as hackers can compromise consumer's credentials, steal PII data and initiate account takeovers.


The Benefits of Trusted User Interface (TUI)

Trusted User Interfaces (TUIs) are the next big thing for securing critical mobile apps. The Trusted User Interface feature allows a Trusted Application to interact directly with the user via a common display and touch screen, completely isolated from the main device OS.


Trustonic joins PCI Security Standards Council to protect payment data and mPoS devices

Trustonic to contribute to the development of PCI Security Standards as Council’s newest Participating Organization.

17 July 2019 - Cambridge, England - Mobile cybersecurity leader, Trustonic, announced today that it has joined the PCI Security Standards Council (PCI SSC) as a new Participating Organization. Trustonic will work with the PCI SSC to help secure payment data worldwide through the ongoing development and adoption of the PCI Security Standards.


What is a Trusted Execution Environment (TEE)?

A Trusted Execution Environment (TEE) is an environment for executing code, in which those executing the code can have high levels of trust in that surrounding environment, because it can ignore threats from the rest of the device.

All Financial Services posts
Back to top