Blog article
See all stories »

How HCE helps banks leverage the mobile app revolution

The world can’t get enough of mobile applications. Last year alone there were 102 billion application downloads according to the analyst firm Gartner. And Google research says 84% of shoppers are now using their mobile phone while they shop in the physical world. Banks would be smart to leverage this revolution. And they would be even smarter to enable existing applications instead of trying to compete with hundreds of other apps for a customer’s attention.

After all, leveraging existing consumer behavior is much easier than changing it. Issuers who are first to put their credentials into applications that consumers already use, have the best chance of achieving and maintaining “top of application” status in this new and potentially huge channel. Being early in this endeavor is dependent on making it easy for everyone involved: the issuer, the merchant partner, and customers.

Host Card Emulation (HCE) has greatly simplified the mobile payment ecosystem by allowing issuers to put credential directly into mobile applications for transactions in the physical world without third party wallets, secure elements, or TSMs. However Host Card Emulation by itself doesn’t:

• Make sure every application that wants to use the credentials is a trusted application.

• Authenticate users to download and use credentials from third party HCE applications.

• Provide for testing and certifying every HCE application that uses the credential.

This means that each time a bank issuer wishes to extend their credentials to new partner applications, it will take the same amount of overhead for each new application. The bank issuing the credential will need to make sure each application manages card lifecycle, application permissions, cardholder authentication, tokens, and trust. All this takes time and resources from the issuer and its merchant and other partners, making it difficult to scale and move at a speed necessary to be first and “top of application.”

Banks should have systems that automate and simplify the work of distributing credentials to applications. HCE does enable apps to communicate directly with the NFC controller, bypassing the secure element. But apps still need to handle sensitive tokenized card data to do payments. Banks cannot expect partner app developers to be knowledgeable about payments industry standards and compliance, Javacard security or obscure terms like “APDU commands.”

That means banks will need systems to vet and authenticate new partners and apps, platforms with easy APIs to distribute credentials to these apps securely and monitor usage of credentials by the third party apps. All of this is needed to make it easy for merchants and other partners to add bank credentials and HCE mobile payment functionality to their applications. The result is banks will reduce overhead to support and certify third party applications and customers can use credentials in applications they already use and love.

And the bank will achieve another metric that will soon become as important as “top of wallet” — being the “top of app”!



Comments: (6)

A Finextra member
A Finextra member 18 August, 2014, 10:161 like 1 like

Marcelo, great post! This is one of the reasons why, I think, banks will generally be reluctant to provide third party access to their issuers via HCE. I think banks will focus on providing payment capabilities within their own apps - this will also ensure that banks collect much more customer data and improve loyalty. Actually, this is likely to appeal to customers too - as a consumer you would know that there is one app (you bank's app) that can be used to pay at ANY retail location.

A Finextra member
A Finextra member 18 August, 2014, 18:47Be the first to give this comment the thumbs up 0 likes

Hi Andrei, thank you for your comment. Let me tell you I agree with you 100% in the short term. Yes, they first need to focus on their apps and enabling their apps to become repeat use transaction tools for consumers, protecting their brand, improving their customer engagement and adding lucrative VAS. But that's only the first step. The app ecosystem is very, very big, and banks, as powerful as they are, are only one actor in the payments ecosystem. Merchants for example, by their role in acceptance hold trump cards that banks need. It is in the bank's interest to bring them and others into programs and enable them and their apps. Banks need to think how they can scale their mobile commerce initiatives and increase card distribution, usage and differentiation. The back-end tokenization, cloud-based and on-device SW and risk management that enable secure HCE transactions allow banks to think of their app, not only as a single app, but as a hub for mobile commerce innovation. If banks don’t enable the ecosystem at large, someone else will.

A Finextra member
A Finextra member 19 August, 2014, 19:301 like 1 like

Yes, some segment of customers will look first to their bank's mobile application when they think about secure payments at retail.

Other segments of customers will be actively engaged in the merchant's application during the shopping experience and merchants will work to keep them there when the shopping experience moves to a payment event.  Whether for the delivery of ads and offers to drive up revenue per visit or to steer towards low cost payment options, the merchant will have an incentive to keep payment within the app where they can shape behavior.

Said differently, great point of view Marcelo.  As much as one might want the payment to be linked to the bank app in all cases, it's not likely to work that way and the points raised in the article about the secure distribution and management of the payment credential are spot on.


A Finextra member
A Finextra member 19 August, 2014, 21:01Be the first to give this comment the thumbs up 0 likes

Exactly Hartung! Thank you for your comment. It's not intuitive to think about that looking from a bank's perspective of today's challenges. But when you look at the booming app ecosystems and how every brand wants control over their customer relationships, there is no way a bank can hold that. But they can enable if they so choose...

A Finextra member
A Finextra member 19 August, 2014, 23:02Be the first to give this comment the thumbs up 0 likes

Gentlemen, sorry, but I will have to disagree with your comments strongly – and this is why.

  1. Merchant wishing to enable NFC payments within its own app will have to establish HCE link with EVERY issuing bank in the country before it can tell its customers that all can use it. This is not going to happen because a) it’s a huge effort which is going to be extremely expensive even for tier 1 retailers even in compact markets and b) not all issuing banks will support HCE even in the next 7-10 years. Otherwise, say, Walmart app will end supporting cardholders of, say, three issuing banks and the marketing message will be: “Walmart app with in-store mobile payments – now available for cardholders of Bank A, Bank B and Bank C!” J That’s not going to go down too well… I know, I know, Marcelo – this where Sequent is supposed to come in J
  2. Banks have absolutely no incentive to provide retailers with access to cardholders via HCE. By doing so, they lose out on loyalty, on customer data and – most importantly – on higher card-not-present interchange fees. All that an additional cost of supporting relationships and, potentially, reduced security. I just don’t see an attractive value proposition here, sorry.
  3. Finally, think about me as a consumer. Am I going to waste time thinking whether I can pay with the retailer’s app at its store for each retailer and load my card into each app? Definitely not for all – perhaps for one or two most regular ones. But I will be happy to use my bank app knowing it is accepted universally at every outlet where my card is accepted.  

 So the way I see it for the next 7-10 years: retailers have no access via HCE and develop own app using card-not-present via own hardware infrastructure – like Starbucks or Powatag.

A Finextra member
A Finextra member 20 August, 2014, 19:23Be the first to give this comment the thumbs up 0 likes


Thank you for your comments and candor. I guess we will agree to disagree.

Banks do not operate in a separate bubble from other players. They have strong partnerships throughout the ecosystem and enabling these partners as the first step towards an open platform is an obvious first step. The technology to federate cards easily to apps is out there. And as I mentioned the app ecosystem is too dynamic and if they don't enable the ecosystem at large, someone else will...

Now hiring