Ever since Google announced the availability of Host Card Emulation (HCE) in the last version of Android, the discussion in the
world of mobile payments has taken a very interesting turn.
Banks that were previously forced to work with an overly complex technology and large and lengthy integration projects are suddenly in position to compete on a level playing field.
More and more, banks look to their mobile banking apps as the preferred low cost, high touch channel of interaction with customers. They are constantly adding functionality, such as remote check deposit and mobile transfers, making these apps even more convenient
So, why not enable these apps for secure proximity transactions anywhere using digital versions of the payment cards consumers already have in their wallets? And why not combine payment with merchant loyalty, promotions and offers to create a compelling
and rewarding customer experience for merchants too? Merchants clearly see the mobile wave and are building apps that will create entirely new in-store experiences with payment being a necessary component.
HCE technology lets payment and other digital card accounts be hosted in the cloud, rather than a “secure element” hardware device inside the mobile phone. Supported by Visa and MasterCard, HCE allows consumer mobile payment capabilities at physical merchants
using NFC and other technologies, such as QR Code and Bar Code, while still retaining the highly desirable “card present” transaction status.
HCE combined with proximity tokenization gives banks the option to deploy mobile payment solutions however they see fit. No more struggling with the owners of secure elements, SIM cards and mobile device coverage—or lack thereof. With HCE technology banks
can deploy mobile payment services across multiple mobile operator networks, providing the scale needed for a successful mass deployment adoption in a country, or even across borders.
HCE allows banks to add payment functionality to an existing banking app and roll it out seamlessly to millions of users in a simple app update. That way banks make their apps even more indispensible while maintaining control over their customer relationships,
data and how their credentials are used.
The implementation and roll out of mobile payments also becomes simpler by removing the secure element hardware value chain and overhead services needed to operate it. This provides banks the potential to reduce cost and speed up deployment of mobile payment
With HCE banks also get scale, enabling them to partner, beyond their own mobile banking app, for payment. And partner they should. With 102 billion app downloads last year and hundreds of millions of apps available for users, smart banks should be enabling
multiple apps instead of competing with all of them.
Merchants and other players can be enabled for payment with a bank’s credential in their own mobile app leveraging HCE and APIs. Banks gain the opportunity to be “top of wallet” in multiple apps, spreading their brand across multiple partners and powerful
apps. And merchants should be the first target.
HCE may represent as great an opportunity for merchants as for banks. Mobile apps are as important to merchants as they are to banks as a means of communication to the consumer and a way to combat showrooming. If merchants can enable these apps for payment,
they could control the shopping experience of their customers from beginning to end using their smart phones.
HCE-powered apps can also integrate merchant loyalty, promotions and offers more easily with payment for seamless transactions at the point of sale. And leveraging bank-issued credentials or their own prepaid or stored value cards, HCE means mobile commerce
with card-present interchange rates at physical stores.
HCE is a huge opportunity for all stakeholders, but it is not without challenges—security and customer experience being two primary considerations. The lack of a hardware-based secure element on-device has to be compensated with strong software-based security
to protect card data, even if in tokenized form. That includes security of issuing server, provisioning of card data over the air and on-device security software. On-device security that combines with an always-on and convenient and easy customer experience
will receive more and more attention as HCE solutions are developed. HCE solutions will likely add device “fingerprint” and transaction location data to their risk assessment tools.
Although HCE enables apps to communicate directly with the NFC controller bypassing the secure element, apps still need to handle sensitive tokenized card data to perform payments. Banks and merchants will need help incorporating payments industry standards
and compliance, Javacard security or obscure terms like “APDU commands” into the infrastructure of their mobile applications.
Ultimately, all these new token-based systems need to be integrated with existing bank systems, risk management models need to be revised and a compelling and convenient customer experience refined. But challenges are here to be overcome and the playing
field is wide open and ready for game time.