Abstract

Disclosed are methods for securing a mobile application on a cardholder-owned device, including defining principles and minimum security requirements for mobile applications that are designed to capture contactless payment instrument data and perform a cryptographic authentication of the contactless payment instrument. The present disclosure provides a solution that outlines minimum security requirements and evaluation guidance for mobile applications designed to capture data (e.g., a PAN, a cardholder’s name, an expiry data, an EMV cryptogram, etc.) of a contactless payment instrument using short-range communication, such as near-field communication (NFC), and further designed to perform a cryptographic authentication of the payment instrument.

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.

Share

COinS