The payments world is filled with enough acronyms to form a kind of alphabet soup – ACH, NFC, HCE. Each one of these payments levers can be the subject of books on their own, so today we’ll focus on one, arguably one of the most exciting innovations in payments – HCE.
Card systems: An overview
Credit cards can act as an intermediary between banks and consumers, allowing them to make real-time purchases in bricks-and-mortar stores, websites, and even withdraw cash from ATMs. The point-of-sale (POS) machines that initiate the actual credit card transaction have seen relatively little innovation – until recently.
Up until the last decade, the most common type of credit card POS device was an imprint machine that would copy card information onto carbon paper. Since then, handheld POS machines have become the industry standard in developing and developed markets alike, dominating the market. But recently the number of options for merchants has increased as chip technology enables users to tap to pay, and mobile dongles like those from Square can turn any smartphone into a mobile POS.
What all of the above have in common is that they are card-present transactions – where the card is physically present at the time of transaction and that, in some way, interacts with the POS machine. Another type of transaction – which has spiked as ecommerce has grown – is the card-not-present transaction, where the card does not have to be physically present or visually examined by the merchant. Orders placed by phone or websites are the most common examples.
Recent innovations in cards
In parallel with these innovations in POS machines were advances in the credit cards themselves. The industry standard for years was magnetic stripe, or swipe, cards, where a single mag stripe contained static data. More recently, smart cards – otherwise known as integrated circuit cards – have seen rapid consumer adoption. These cards are, in fact, much like tiny computers – complete with ROM, storage, processor, operating system, and installed applications. Indeed they are capable of processing data, and have been engineered to be tamper resistant. These chips have made a new form of POS possible – contactless or proximity payment systems. They can include credit cards, key fobs, or other devices that use radio-frequency identification (RFID) to make secure payments.
The near-field communication (NFC) technology that this uses enables smartphones and other devices to establish radio communication – either by touching them or bringing them into close (<10 cm) proximity.
Host-based Card Emulation
HCE takes these innovations that increased the sophistication of payments to a new level; it is the presentation of an exact, but virtual, representation of a smart card – using only software. This means that a mobile app can act as a smart card, with no secure element needed. Blackberry was the first OS to support HCE, later supported by Android versions 4.4 and above.
With the absence of a secure element, HCE wallets will be more flexible and cost-effective than secure element-based ones. All the customers will need to do is to install HCE wallets that are offered by their banks and start using them. There is no need to deal with SIM card issues, buy a microSD card or have a mobile phone with an embedded secure element. It could be as easy as installing any other app. It will also be cost-effective, because banks won’t have pay MNOs for using their SIM cards and customers won’t have to pay for embedded secure elements.
There are limitations to HCE, however. Since it does not use a tamper-resistant secure element to store card credentials, it is less secure than traditional NFC solutions. However, this problem can be mitigated with tokenisation and key rotation, minimising financial risk. Moreover, banks can come up with various custom solutions to increase security for their HCE wallets.
Other limitations are that HCE still requires NFC controller and certification, just like the traditional NFC solutions. If the mobile phone does not have an NFC controller, it is not possible to perform a card-present transaction with HCE. HCE wallets will also need to be certified by the payment companies before they can store card information and perform payments at contactless POS machines.
It’s also worth noting that iOS does not support HCE; this is because Apple is promoting its own rival solution, Apple Pay, which is intended for banks and merchants to integrate into their payment solutions. Additionally, the NFC controller that is installed on the iPhone 6 and iPhone 6 Plus is limited for use only by Apple Pay. Maybe in the future, Apple will let third-party applications use the NFC controller, just like it did with the Touch ID, and add HCE support for iOS so that HCE wallets can appear on iOS devices.
What does the future hold for HCE?
Most agree that HCE – and thus NFC – has substantial potential to win in the payments market. A key success factor is getting leading merchants to incorporate mobile payments – e.g. Apple Pay on iPhones and HCE on Android – and promoting its usage.
One hurdle for merchants is the difficulty in getting a clear proof of concept. Switching hardware, software, and even labour processes represent significant effort and risk for any merchant. Thus the long lead time of even securing a pilot is an incredibly difficult and complex decision. From there, a transition from pilot to full-scale roll-out would also be a potentially lengthy process.
But as one industry analyst noted, “Host Card Emulation is here to stay.” The ability to incorporate this system into mobile wallets for a digital, cloud-based solution is in line with merchant, consumer, as well as processor, demands.