Secure Mobile Payment White-Box Cryptography

by Orhan Akdemir

In today’s digital age, people are making more transactions through their mobile devices than ever before. This shift has resulted in an increased demand for secure mobile payments and the need for innovative solutions to protect against fraud. This is why the topic of secure mobile payments has gained immense importance in recent times. In this blog post, we will explain what White-Box cryptography is, its applications in secure mobile payments, and the effect of contactless payments on Host Card Emulation (HCE).

White-Box Cryptography refers to a method of encrypting sensitive information within a secure environment to prevent unauthorized access. In the context of mobile payments, White-Box cryptography is used to secure the payment data during transactions by encrypting it on the device itself. This technique is used to protect the keys from being extracted or manipulated by attackers. White-Box cryptography ensures that the encryption keys are stored in a secure environment, making it much more difficult for hackers to access them. This enhances the security of transactions conducted via contactless payments, as the keys are protected at all times.

One of the key applications of White-Box cryptography is in Host Card Emulation (HCE). HCE is a technology that enables mobile devices to mimic a smart card, allowing them to be used as contactless payment devices. HCE has been instrumental in the widespread adoption of mobile payments, but it has also been a source of security concerns. The use of White-Box cryptography in HCE can help to reduce these security risks by providing a secure environment for the storage and use of cryptographic keys.


HCExpert is a software solution from PayCore that aims to serve in the area of cloud-based card credential management. HCExpert solution initially targets the support of payment card solutions covering the Mastercard and Visa cloud-based payment specifications. The core functionality of the HCExpert is to provision end users’ card credentials into the cloud environment and enable their wallets to use these credentials securely and efficiently. Therefore, HCExpert solution can be useful for card issuers who want to store the card credentials of end users in the cloud instead of provisioning them into the physical secure element of the end user’s device.

Paycore HCExpert Mobile Device contains following modules:

  • Secure Channel Communacation: This module ise used to register application to the backed and getting unique device derived keys from the host during the Registration process.
  • Attestation Control Services: This module is used to send device information and status to Host for the security monitoring purposes.
  • Runtime Application Self Protection (RASP): This module performs runtime security controls.
  • LD (Local Database – Encrypted): This module is used to provide confidentiality and integrity to the assets stored in the internal storage of the application.
  • White-Box Cryptography: This module contains the White-Box cryptography implementation.
  • MASTERCARD and Visa SDK: This module includes the MasterCard and Visa EMV Card logics to perform transactions with the Payment Devices (POS, ATM etc.)

Paycore HCExpert Mobile SDK uses following features:

  • Secure communication (SSL pinning)
  • Name obfuscation,
  • String encryption,
  • Reflection,
  • Code obfuscation,
  • Code virtualization,
  • Removing logging code and stack traces,
  • Asset encryption,
  • Resource file encryption,
  • Resource string and metadata encryption,
  • Native library encryption,
  • Class encryption,
  • Tamper detection

Secure mobile payments are essential for both consumers and merchants. Consumers want to ensure that their personal and financial information is protected, and merchants want to reduce the risk of fraudulent transactions. In the past, mobile payments were often considered less secure than traditional methods, but the introduction of white box cryptography has changed this perception. Paycore HCExpert SDK (White-Box) cryptography management has made users mobile payment transactions more secure. On each network request, the HCExpert SDK transmits its version to the backend in attestation control mechanism. If the version is outdated, the backend will not response.

Software Protection Tool ;

  • Obfuscation
  • White-Box Crypto
  • Device Binding
  • Root Detection
  • Anti-Instrumentation
  • Tamper Detection
  • Anti- Emulation

In addition to improving the security of mobile payments, white box cryptography can also help to reduce the cost of mobile payment systems. Traditional payment systems often require a secure element, such as a smart card, to store the cryptographic keys. This can be expensive, and it requires the use of specialized hardware. With White-Box cryptography, the cryptographic keys can be stored in software, eliminating the need for a separate secure element.

The rise of contactless payments has had a profound impact on the payment industry, and this trend is set to continue in the coming years. As more and more consumers adopt mobile payment technology, it is essential that payment processing systems are secure and robust enough to meet this demand. White-Box cryptography is an innovative approach to cryptography that provides enhanced security for mobile payments and has the potential to be a major contributor to the growth of the payment industry.

In conclusion, White-Box cryptography is an important development in the field of cryptography that provides enhanced security for mobile payments. By utilizing multiple layers of encryption and decryption, White-Box cryptography helps to secure Host Card Emulation (HCE) payments and ensures that sensitive data is protected throughout the entire payment process. As the payment industry continues to evolve, White-Box cryptography is an important tool that can help organizations to keep pace with the growing demand for secure and convenient payment options. As mobile payments continue to grow in popularity, the use of White-Box cryptography is becoming increasingly important for ensuring the security of these transactions.

If you’re looking to enhance the security of your mobile payments, consider incorporating White-Box cryptography into your security strategy. At Paycore, we are committed to providing our customers with the best possible security and a seamless payment experience. Contact us today to learn more about how we can help you stay ahead of the curve in the world of secure mobile payments.

This site is registered on as a development site.