Page 26 - GS140501
P. 26
Feature
Mobile payments update:
An overview on HCE
By Jeff Crawford
First Annapolis Consulting
Editor's Note: This article is reprinted from First Annapolis' Navigator,
March 2014 edition. Copyright © First Annapolis Consulting; reprinted
with permission. All rights reserved.
n late October 2013, Google announced an update
to its mobile phone operating system. Android
4.4 (KitKat) changes the way in which the mobile
I device can interact with an installed near field com-
munication (NFC) antenna. This feature, known as Host
Card Emulation (HCE), has the potential to shape the
future of mobile payments. HCE is an open architecture
that allows mobile applications to emulate a contactless
smartcard.
Unlike traditional NFC transactions that rely on an
embedded or SIM card Secure Element (SE), HCE is a
purely software-based solution. This new approach is
significant for the industry because: 1) it takes control
away from mobile network operators (MNOs) who
control access to a mobile device's SE and, 2) it creates
new possibilities for using a phone's NFC feature. While
many questions remain, HCE has the potential to simplify
the way in which issuers and cardholders load payment Figure 1: Example HCE Transaction
credentials and complete transactions. Source: First Annapolis Consulting research and analysis
HCE works by storing payment credentials on a remote Visa and MasterCard have also independently announced
cloud rather than the SE (see Figure 1). Conceptually, a their intentions to provide software development kits that
mobile application could be programmed to send requests would allow issuers and other potential wallet providers
to allow access to these credentials via a secure token. This to write HCE applications that conform to the existing
token would then be passed via the phone's NFC antenna contactless payment specifications.
to another contactless reader to complete a payment
transaction. Although it is too early to tell if HCE will be the long-
awaited catalyst that leads to meaningful mobile payments
A key requirement is ensuring that the token is recognized adoption, HCE is a promising development with the
by the reader as a valid payment credential. In late potential to reduce some of the legacy barriers that have
February, the two leading payment acceptance networks, slowed progress to date.
Visa and MasterCard, addressed this issue by updating
their contactless payment specifications, PayWave and Furthermore, the HCE approach could be used to store
MasterPass, respectively, to read and accept these tokens. and pass a variety of other credentials, such as offers,
loyalty credentials, and transit and ticketing information,
This development may prove troubling to some mobile which support payment transactions. While HCE by
wallets, like the MNO-led Isis, which relies on the SE no means addresses all hurdles related to meaningful
approach. Isis currently requires card issuers to integrate mobile payments adoption, including the requirement for
with a Trusted Service Manager (TSM) to facilitate access merchants to deploy the necessary contactless readers, it
to a device's SE. HCE provides an alternative to TSM is a potential "game changer" that should be monitored
integration, which can be expensive and time consuming. closely in the months to come.
To date, only a few European banks have explored HCE
deployment, but there are service providers that are For more information, please contact Jeff Crawford,
prepared to enable similar solutions in the U.S. market. Manager in the Deposit Access practice, specializing in
Mobile Payments, jeff.crawford@firstannapolis.com.
26
Mobile payments update:
An overview on HCE
By Jeff Crawford
First Annapolis Consulting
Editor's Note: This article is reprinted from First Annapolis' Navigator,
March 2014 edition. Copyright © First Annapolis Consulting; reprinted
with permission. All rights reserved.
n late October 2013, Google announced an update
to its mobile phone operating system. Android
4.4 (KitKat) changes the way in which the mobile
I device can interact with an installed near field com-
munication (NFC) antenna. This feature, known as Host
Card Emulation (HCE), has the potential to shape the
future of mobile payments. HCE is an open architecture
that allows mobile applications to emulate a contactless
smartcard.
Unlike traditional NFC transactions that rely on an
embedded or SIM card Secure Element (SE), HCE is a
purely software-based solution. This new approach is
significant for the industry because: 1) it takes control
away from mobile network operators (MNOs) who
control access to a mobile device's SE and, 2) it creates
new possibilities for using a phone's NFC feature. While
many questions remain, HCE has the potential to simplify
the way in which issuers and cardholders load payment Figure 1: Example HCE Transaction
credentials and complete transactions. Source: First Annapolis Consulting research and analysis
HCE works by storing payment credentials on a remote Visa and MasterCard have also independently announced
cloud rather than the SE (see Figure 1). Conceptually, a their intentions to provide software development kits that
mobile application could be programmed to send requests would allow issuers and other potential wallet providers
to allow access to these credentials via a secure token. This to write HCE applications that conform to the existing
token would then be passed via the phone's NFC antenna contactless payment specifications.
to another contactless reader to complete a payment
transaction. Although it is too early to tell if HCE will be the long-
awaited catalyst that leads to meaningful mobile payments
A key requirement is ensuring that the token is recognized adoption, HCE is a promising development with the
by the reader as a valid payment credential. In late potential to reduce some of the legacy barriers that have
February, the two leading payment acceptance networks, slowed progress to date.
Visa and MasterCard, addressed this issue by updating
their contactless payment specifications, PayWave and Furthermore, the HCE approach could be used to store
MasterPass, respectively, to read and accept these tokens. and pass a variety of other credentials, such as offers,
loyalty credentials, and transit and ticketing information,
This development may prove troubling to some mobile which support payment transactions. While HCE by
wallets, like the MNO-led Isis, which relies on the SE no means addresses all hurdles related to meaningful
approach. Isis currently requires card issuers to integrate mobile payments adoption, including the requirement for
with a Trusted Service Manager (TSM) to facilitate access merchants to deploy the necessary contactless readers, it
to a device's SE. HCE provides an alternative to TSM is a potential "game changer" that should be monitored
integration, which can be expensive and time consuming. closely in the months to come.
To date, only a few European banks have explored HCE
deployment, but there are service providers that are For more information, please contact Jeff Crawford,
prepared to enable similar solutions in the U.S. market. Manager in the Deposit Access practice, specializing in
Mobile Payments, jeff.crawford@firstannapolis.com.
26
