Over the last two years or so, the mobile payments landscape has been abuzz with the supposedly disruptive potential of near field communications (NFC) technology. Predictions have been made about the imminent obsolescence of plastic cards and controversies
have erupted over Apple’s refusal to acknowledge NFC and rumors about Verizon blocking Google Wallet on its Galaxy Nexus phones. However, in spite of all the excitement, the technology is still not dominating the payments space as predicted, and adoption has
been slow. One of the primary reasons for this has been the customer ownership conundrum, an issue I had raised in a previous post on mobile payments.
Dependence of NFC on the Secure Element and the MNOs
Traditionally, the NFC-based mobile payment app had to be deployed on the phone’s secure element, which, in most cases, was the SIM card. The NFC controller would communicate with the app through a Single Wire Protocol (SWP). By eliminating the mobile phone
CPU/OS from the transaction workflow, this mode of payments ensured that no malware could infect the payment message, thereby reducing vulnerability to hacking and fraud. However, another implication of this flow of information was the introduction of an additional
entity in the transaction, the mobile network operator (MNO), consequently raising questions about the ownership of the customer. The cost of transactions was also higher since the MNOs could charge a fee for hosting the app or demand a commission on every
transaction. Further, MNOs have also started offering payment and wallet solutions, encroaching upon the domain of banks and financial institutions.
HCE: Eliminating MNOs from the Payment Workflow
Host Card Emulation (HCE), a technology that has been adopted by Google in its Android Kit Kat OS, allows payment solution providers to bypass the secure element in mobile payment transactions, thereby negating the role of MNOs. It enables HCE APIs to communicate
directly with the NFC controller, which is no longer hard-wired to a secure element. The downside of this technology, however, is that sensitive information is exposed to the mobile devices OS and the resident applications. To resolve this, payment solution
providers enable storage of payment credentials on a cloud-based secure element. A secure channel allows the HCE enabled payment application to retrieve tokenized and encrypted packets of information. These tokens can be temporary, valid for either a single
transaction or an instance.
Will HCE Redefine m-Commerce
With the elimination of the secure element controlled by MNOs, retail banks will now be able to focus their efforts towards the development and enhancement of online and mobile apps. Also, with better clarity of customer ownership and the elimination of
an additional player in the payments value chain, merchants are likely to get more enthused about NFC. As adoption becomes more and more prevalent, merchants and consumers will also gain confidence about investing in a new technology, without the risk of it
becoming redundant or being replaced by a competing technology.
As the major hurdle in adoption of NFC has traditionally been the ambiguity in the ownership of the secure element, the introduction of HCE-enabled NFC payments could well be the pivotal factor that could ensure that NFC delivers on its promise and finally
justifies the hype surrounding it.
Watch this space! HCE could be the next big thing for mobile payments.