tor networks with the back-end financial provid-  We describe each of the components of this eco-
               ers and for administering the customer’s informa-  system below:
               tion in a secure fashion, and allowing for services,
               such as audits. In order for these operations to   a)  Mobile Device
               be secure, the DFS operator must be confident   The mobile device provides a platform for the mobile
               that the person accessing the data is who they   wallets to be accessed, it hosts the digital wallet/
               claim to be. Audit logs must also be enabled to   application, the device OS and the secure element
               allow assessment of the contents of data within   which is key for securing the DFS and application
               the network and of commands issued through the   data.
               DFS application. Determining customer identity,   The figure below illustrates some of the compo-
               credentialing, storing customer transaction data,   nents of the user’s mobile device.
               providing enabling interfaces like API’s for third
               parties, processing transactions from the differ-  i.  The NFC controller and the NFC antenna:  The
               ent sources,  is also a role performed by the DFS   NFC controller handles Near Field Communication
               operator.                                         protocols and routes communication between the
            f)  Third-Party Providers: External providers allow   application and the Secure Element, and between
               for the interfacing between carrier-based mobile   the Secure Element and the point-of-sale termi-
               money systems and provide the basis for con-      nal. The NFC antenna relays the signals between
               necting with back-end financial networks such as   the controller and the POS terminal.
               the banking infrastructure. Other roles that can   ii.  The Secure Element:  The Secure Element (SE)
               be assumed by these external providers include    is a tamper-resistant platform, typically a one-
               operating the IT system or performing customer    chip secure microcontroller designed for secure-
               support, and, in some cases, they may interface   ly hosting applications and their confidential and
               directly between DFS systems or act as service    cryptographic data. The use of the SE depends on
               and transaction aggregators.                      the type of mobile wallet application and the type
            g) Digital Financial Services Application: The appli-  of mobile payment modes, for example, the SE in
               cation provides the interface by which the cus-   Apple devices emulates the card when used for
               tomer interacts with the DFS ecosystem. Applica-  Apple Pay. SEs exist in different forms to address
               tions can vary widely in the interfaces and richness   the  requirements  of  the  various  payment  appli-
               of experience they provide to the customer, from   cations or digital wallets and their market needs.
               menu-based systems on feature phones, designed    The  SE  can  be  an  embedded  and  integrated  in
               to communicate via USSD, STK or SMS to voice      the mobile device hardware such as the SE in the
               designs that make use of IVR, or rich graphi-     iPhone. The SE can also be a SIM/UICC, networks
               cal interfaces on smartphones with end-to-end     using  the  GSM  standard  prefer  this more  com-
               transport security provided by Internet-standard   monly in the form of SIM Toolkit (STK) applica-
               cryptographic algorithms. Interactions may occur   tions that leverage on the SIM as the secure ele-
               using special application menus enabled by code,   ment to offer a secure mobile money application.
               password, fingerprint, etc., enabling users to send   The SE can also be a secure memory card that is
               money, make bill payments, top-up airtime, and    pluggable into the mobile device.
               check account balances.                         iii. Host Card Emulation:  Mobile devices can emu-
                                                                 late a contactless card using Host Card Emulation
                                                                 (HCE), which does not rely on a hardware secure
            4�2  Elements of a DFS ecosystem based on appli-     element for storage of sensitive data such as pay-
            cations and digital wallets (e�g Google Pay, Apple   ment card data.  The HCE is a software infrastruc-
            pay, WeChat Pay, Samsung Pay)�                       ture solution that enables a mobile wallet app to
            There are different elements in ecosystems based     securely communicate through the NFC control-
            on digital wallet models, among the key models are;   ler to pass payment card credentials or payment
            device-centric mobile proximity wallet, device-cen-  tokens to a contactless NFC-enabled POS termi-
            tric mobile in-app wallet, Card-not-present card-    nal or reader, eliminating the need to use a secure
            on-file wallet, QR code and digital checkout wallets.   element (SE). HCE is most commonly used on
            All these have different technology platforms and    Android mobile devices to support Google Pay.
            employ different security models.                  iv. Mobile Wallets:  Mobile Wallets are applications/
                                                                 services accessed through the device that allows



                                                                Digital Financial Services Security Assurance Framework  15