The Mobile Payment Wars: Will HCE be a game-changer for NFC

Over the last two years or so, the mobile payments landscape has been abuzz with the supposedly disruptive potential of near field communications (NFC) technology. Predictions have been made about the imminent obsolescence of plastic cards and controversies have erupted over Apple’s refusal to acknowledge NFC and rumors about Verizon blocking Google Wallet on its Galaxy Nexus phones. However, in spite of all the excitement, the technology is still not dominating the payments space as predicted, and adoption has been slow. One of the primary reasons for this has been the customer ownership conundrum, an issue I had raised in a previous post on mobile payments.

Dependence of NFC on the Secure Element and the MNOs

Traditionally, the NFC-based mobile payment app had to be deployed on the phone’s secure element, which, in most cases, was the SIM card. The NFC controller would communicate with the app through a Single Wire Protocol (SWP). By eliminating the mobile phone CPU/OS from the transaction workflow, this mode of payments ensured that no malware could infect the payment message, thereby reducing vulnerability to hacking and fraud. However, another implication of this flow of information was the introduction of an additional entity in the transaction, the mobile network operator (MNO), consequently raising questions about the ownership of the customer. The cost of transactions was also higher since the MNOs could charge a fee for hosting the app or demand a commission on every transaction. Further, MNOs have also started offering payment and wallet solutions, encroaching upon the domain of banks and financial institutions.

HCE: Eliminating MNOs from the Payment Workflow

Host Card Emulation (HCE), a technology that has been adopted by Google in its Android Kit Kat OS, allows payment solution providers to bypass the secure element in mobile payment transactions, thereby negating the role of MNOs. It enables HCE APIs to communicate directly with the NFC controller, which is no longer hard-wired to a secure element. The downside of this technology, however, is that sensitive information is exposed to the mobile devices OS and the resident applications. To resolve this, payment solution providers enable storage of payment credentials on a cloud-based secure element. A secure channel allows the HCE enabled payment application to retrieve tokenized and encrypted packets of information. These tokens can be temporary, valid for either a single transaction or an instance.

Will HCE Redefine m-Commerce

With the elimination of the secure element controlled by MNOs, retail banks will now be able to focus their efforts towards the development and enhancement of online and mobile apps. Also, with better clarity of customer ownership and the elimination of an additional player in the payments value chain, merchants are likely to get more enthused about NFC. As adoption becomes more and more prevalent, merchants and consumers will also gain confidence about investing in a new technology, without the risk of it becoming redundant or being replaced by a competing technology.

As the major hurdle in adoption of NFC has traditionally been the ambiguity in the ownership of the secure element, the introduction of HCE-enabled NFC payments could well be the pivotal factor that could ensure that NFC delivers on its promise and finally justifies the hype surrounding it.

Watch this space! HCE could be the next big thing for mobile payments.