Google bypasses the Secure Element to circumvent carrier restrictions on mobile wallet

Google has found a way to circumvent carrier restrictions on its mobile wallet by introducing support for Host Card Emulation in the latest version of its Android operating system, effectively removing the need for access to the telco-controlled Secure Element.

8 comments

Google bypasses the Secure Element to circumvent carrier restrictions on mobile wallet

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

Google's ambitions for its mobile wallet have been hampered in the US by the refusal of key mobile carriers to introduce support for the search giant's payments applications on the Secure Element in the NFC chip. Verizon in particular has flatly refused to introduce support for Google Wallet in its firmware, citing 'security' precautions. A more obvious ulterior motive lies in boosting the chances of the telco's own Isis consortium NFC play.

Now, with Android 4.4, Google introduces new platform support for secure NFC-based transactions through Host Card Emulation (HCE), for payments, loyalty programmes, card access, transit passes, and other custom services.

With HCE, any app on an Android device can emulate an NFC smart card, letting users tap to initiate transactions with an app of their choice - no provisioned secure element (SE) in the device is needed. Apps can also use a new Reader Mode to act as readers for HCE cards and other NFC-based transactions.

Android HCE emulates ISO/IEC 7816 based smart cards that use the contactless ISO/IEC 14443-4 (ISO-DEP) protocol for transmission. These cards are used by many systems today, including the existing EMVCO NFC payment infrastructure.

Android HCE requires an NFC controller to be present in the device. "Support for HCE is already widely available on most NFC controllers, which offer dynamic support for both HCE and SE transactions," says the search giant. "Android 4.4 devices that support NFC will include Tap & Pay for easy payments using HCE."

Sponsored [New Impact Study] Mastering the Transition to ISO 20022: Strategies for Compliance and Automated Testing in Financial Services

Comments: (8)

A Finextra member 

With contactless and NFC based security fears, Google isn't helping here. I also wonder if this will have an impact on the way carriers sell devices? Will they want to push Android 4.4 devices in light of this? Or, as I suspect, they will start to focus sales efforts on iPhones and Windows Phone devices more...Will we see less Android devices on the shelves?? Maybe, so this could be a massive risk to Google, and an odd one since their wallet as of late seems to be backing away from NFC...

A Finextra member 

I seriously doubt it they will get EMV certification for emulated SE...

Jonathan Rosenne

Jonathan Rosenne Chairman at QSM Programming Ltd.

PCI?

A Finextra member 

Apparently, Visa and MasterCard are part of that HCE move: http://tomnoyes.wordpress.com/2013/11/01/hce-kills-isis/#comment-3613 Why do they allow a single company to interpret "secure" in its own way and operate outside the scope of global EMV specs?!. What does EMV stand for now if we don't need its cornerstone, i.e. "chip"?..

A Finextra member 

This seems not to be yet another service, but a serious attempt bypassing SME’s to get access to consumers smartphones for payments. Especially when it can proof EMVCO payments emulated by HCE. Security is a main topic, but not the blocking one. Adoption through 1. ease of use, 2. daily relevance, 3. added value services and 4. Low transactional costs are key elements for success. Let’s see when the first launching customer and set of consumers start using it for ‘Tap & Pay’ payments. And, once HCE is adopted for payments, consumers will star using this for related services like loyalty and check-in/out.

 

A Finextra member 

Sounds like another naïve Google's initiative ...

This is how current Google Cloud looks like:

http://www.washingtonpost.com/rf/image_404h/2010-2019/WashingtonPost/2013/10/30/Local/Images/GOOGLE-CLOUD-EXPLOITATION1383148810.jpg

A Finextra member 

Unfortunately there are vested interests on both sides of this story but simple "it's not secure!" or "Visa MC will never allow it!" comments are somewhat misinformed and don't assist in a healthy debate.

I'd also encourage readers to review Tom's blog at:

http://tomnoyes.wordpress.com/2013/11/01/hce-kills-isis/#comment-3613

I think he reads the situation perfectly and there's also a healthy and reasoned debate in the comments that follow.

A Finextra member 

It's a good article. But at no point does any of these NFC enhancements address the core issues businesses/people have with the technology

1. No added value to a merchant at all

2. No incentive for a merchant to adopt NFC / mobile

3. Security IS an issue and will become increasingly so if NFC gains any real traction

4. Risk increases to merchants

5. Up-front investment required for a merchant

6. Consumer experience is no more improved compared to standard contactless experience today

7. Does not address multiple sales channels

8. Integration with other business service providers. Just isnt possible

 

This is simply a way for Google and card schemes to try and cut carriers out of the mobile space, and they are doing it by redefining their own rules. I hope Apple doesnt follow suite and look to do this, rather they continue to move forward and look further into the future than NFC. For me, NFC is fast becoming the Mini-disc of the payments world...

 

[Webinar] Payment Orchestration: Remaining Relevant in Today’s MarketFinextra Promoted[Webinar] Payment Orchestration: Remaining Relevant in Today’s Market