Host Card Emulation Can Change the Game for Contactless Payments

There’s a paradox at the heart of mobile payments’ spectacular growth. On a global basis, the use of mobile devices for payments of all kinds is booming: Gartner Group projected worldwide mobile payment transactions for 2013 would total $235.4 billion, an impressive 44% increase over the previous year’s $163.1 billion. Future forecasts for mobile’s growth are equally rosy: Yankee Group now projects that the entire mobile economy will be valued at $3.1 trillion by 2017, with all mobile sectors—devices, commerce, broadband, apps and cloud—contributing to the potential earnings.

In the here and now, however, some areas continue to lag behind. One of the most stubbornly slow-growing has been NFC (Near Field Communication) payments—the contactless payment technology used to enable the many mobile wallets vying for consumer and retailer attention and adoption. Consumers are certainly using their phones, PDAs and tablets for more and more functions, but when it comes to paying for purchases they are still reaching into their physical wallets and pulling out cash, credit and debit cards.

“Mobile wallets remain a story of high interest and low adoption, as just 16% of mobile device owners have used their phone to make an in-store payment in the past three months,” said Jordan McKee, Yankee Group analyst, in the February 2014 report US Mobile Wallet Roundup: Gauging the Future Potential of Today’s Solutions. “More concerning, of those using mobile wallets 73% are doing so fewer than five times per month.”

These low adoption rates are particularly perplexing given that Yankee Group estimates two-thirds of consumers are interested in learning more about transitioning to a mobile wallet platform.

To some extent this technology’s failure to gain traction stems from the reluctance between the two participating groups: retailers and consumers. Retailers have been understandably wary about deploying new payment technologies until they are sure that enough customers will use them to justify the investment. For their part, consumers aren’t likely to seek out and/or use mobile wallets until they are a smooth, seamless part of the payment process at their favorite retail stores.

However, the recent adoption of Host Card Emulation (HCE) standards by two major payment providers could be the kick-start needed to fulfill NFC-based mobile payments’ potential. MasterCard and Visa’s February 2014 HCE announcements followed the November 2013 news that HCE would be supported in the Android Operating System (OS) KitKat 4.4 and in subsequent releases. International Data Corporation figures show that 78% of smartphones sold in Q4 2013 run on the Android OS, and that it’s enjoying strong gains in markets outside the U.S., including in China and Latin America.

Host Card Emulation allows a smartphone to perform transactions by “emulating” a contactless smart card, with security credentials stored either on a secure cloud or on the smart device’s host processor, not the device itself. The open architecture solution enables payments and other NFC services, such as loyalty programs, building access, and transit passes, to be delivered without the need for an in-device Secure Element such as an embedded security chip SIM or microSD card.

NFC itself is considered a secure payment technology; the addition of HCE offers both positive and negatives from the payment security angle. It should be noted that simply moving credentialing away from the mobile device is only one element of a secure payment system, which requires a holistic approach encompassing end-to-end encryption, tokenization and compliance with both existing and emerging standards, including PCI and EMV.

However, the NFC Forum, an organization devoted to advancing the use of NFC technology, called the HCE announcements an “exciting development” in March 2014 and noted that HCE is supported by its specifications.

“Service providers need to evaluate and determine the best place to store credentials for their solutions, keeping in mind the trade-off between security risks and convenience,” said NFC Forum Executive Director Paula Hunter in a statement. “Each model has its merits depending on the use case. For instance use cases that rely today upon bar codes could immediately benefit from HCE without raising new security concerns. However transactions currently relying upon tamper resistant secure storage of assets would need more thorough considerations.”

In addition to improving the security of some transaction types, HCE could call a cease-fire in the turf wars that have played their part in slowing NFC adoption. In an April 16 blog post,  PayPal President David Marcus noted that he was now “cautiously optimistic about NFC HCE take-up in very specific shopping use cases.” (Marcus has since left PayPal for Facebook).




Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments:
Not Registered?
You must be registered to post a comment. Click here to register.
Already registered? Log in here
Please note you must now log in with your email address and password.