finextra tv

Watch the latest FinextraTV stories covering fintech, banking and payments technology.

Question marks around HCE

Marco Polissi, head of product development financial institutions, SIA, explains why there is so much industry interest in HCE and why a SIM-based technology is preferable. Originally published on Finextra,com on: 25 June 2014

Sponsored | what does this mean?
This content has been created by the Finextra editorial team with inputs from subject matter experts at the funding sponsor.



Comments: (3)

A Finextra member
A Finextra member 25 June, 2014, 08:512 likes 2 likes

Sr. Polissi is correct in saying that a Secure Element solution is more secure than HCE (but not exclusively SIM-based, as he also says), but he ignores the technical and commerical complexity of making such a solution into a viable proposition, capable of mass rollout and interoperable across brands, networks, mobile networks and TSMs.

With HCE the compexity for issuers and consumers is vastly reduced and risk mitigation techniques, such as short-lived keys, will counter the increased exposure of having credentials in phone memory.

SE may have a place in areas such as secure ID, but the market is voting with its feet – those with vested interests in SE/TSM technology will naturally attempt to protect their intellectual and financial investments.  

A Finextra member
A Finextra member 25 June, 2014, 15:56Be the first to give this comment the thumbs up 0 likes

Sr. Polissi should also see first hand what a cumbersome and technical nightmare (and costly) it is to work with TSM providers, provisioning and personalisation of the app and SE, support, device NFC challenges etc. MNO's wanting to charge/rent SIM space etc all adds to the management complexity and hence low entry interest.

Google have made HCE a proven concept and have made it available to all. It's now up to others to capitalise on this and identify their own opportunities from this. There are ways to limit risks form one-time/low TTL tokens to porting high value transactions through the SE for further validation/authentication (so long as the MNO's get on board).

HCE is here to stay and further Android flavours of this are sure to arrive. Other platform adoption of the same approach is also just round the corner (eyes on the usual Apple October/fall announcements..)

A Finextra member
A Finextra member 25 June, 2014, 22:14Be the first to give this comment the thumbs up 0 likes

Marginal Cost and Marginal Benefit...

I don't believe the relevant question is whether SE based NFC is more secure than HCE based NFC solutions.  I'll concede that point.

The more relevant question is whether the incremental security benefit of a SE based solution is worth the incremental cost.  Issuers and retailers have yet to embrace SE based solutions in the market at scale, so this feel like a very esoteric discussion.  Said differently, SE based NFC solutions are the ultimate in security...  there aren't any transactions so there isn't any fraud ;-)