Case Study: Credit Card Company achieves secure HCE-enabled mobile payments with Arxan Technologies

Credit Card Giant Trusts Arxan to Secure HCE Enabled Mobile Payment

Credit Card Company, a major credit card issuer, adopted Host Card Emulation (HCE) to enable mobile payments without relying on carrier-controlled Secure Elements. That shift introduced new risks—exposure of payment credentials, OS-level malware attacks, and the potential for malicious users to extract stored cardholder data from the mobile payment app. To secure their SDK and HCE-enabled payment application, Credit Card Company engaged Arxan Technologies to provide application-level protection.

Arxan Technologies delivered a comprehensive application protection solution combining Cryptographic Key/Data Protection and automated Code Protection to harden the mobile payment app. Arxan’s approach ensures cryptographic keys are never present in static form or runtime memory, defends against tampering, detects runtime attacks, and responds with self-repair or alerts. The result was a secure, HCE-capable payment app that compensates for the lack of hardware-based security, protects integrity and confidentiality, and makes it extremely difficult for attackers to exfiltrate credentials or modify app behavior.