As user devices such as NFC-enabled mobile phones and contactless cards continue to increase in popularity, maintaining the security of payment and other transactions continues to be a concern. For instance, in order to conduct a payment transaction, it is typically necessary to authenticate the user device. One method for authenticating a user device is through the use of a cryptogram generated by the device. The cryptogram is typically generated using sensitive credential data provisioned from a server. If an attacker gains access to the sensitive credential data, he can potentially forge the cryptogram. Thus, the security of the credential data is essential to conducting secure transactions. However, it is a challenge to provide adequate protection of the credential data during transmit and storage as attackers may eavesdrop on the provisioning messages or breach user devices.
Embodiments of the present invention address these problems and other problems individually and collectively.