A vendor hosts virtual secure elements holding cardholder information in their data center. When a cardholder makes a purchase, the vendor creates a payment token which is sent to the cardholder's mobile device. Which of the following best describes the vendor's activities?
Correct Answer: B
Explanation
Host Card Emulation (HCE) provisioning is the process of creating and storing cardholder data in a virtual secure element hosted in a remote server, and generating a payment token that can be used by a mobile device to perform a contactless transaction. HCE provisioning is one of the methods of cloud-based provisioning, which does not require the use of a physical secure element on the mobile device. HCE provisioning is different from Secure Element (SE) provisioning, which involves loading cardholder data into a physical secure element embedded or attached to the mobile device. HCE provisioning is also different from Over-the-air (OTA) provisioning, which involves transmitting cardholder data from a remote server to a physical secure element on the mobiledevice using a wireless communication channel. In this scenario, the vendor hosts virtual secure elements holding cardholder information in their data center, and creates a payment token that is sent to the cardholder's mobile device. This best describes the vendor's activities as HCE provisioning. References:
PCI Card Production and Provisioning Logical Security Requirements, v2.0, April 2019, page 8, section
1.3
PCI Card Production and Provisioning Logical Security Requirements, v2.0, April 2019, page 9, section
1.4
PCI Card Production and Provisioning Logical Security Requirements, v2.0, April 2019, page 10, section 1.5 PCI Card Production and Provisioning Logical Security Requirements, v2.0, April 2019, page 43, Appendix A: Applicability of Requirements
