Digital payments experts Consult Hyperion, in conjunction with the GSMA, have published a guide to help banks and mobile operators understand the Host Card Emulation (HCE) and SIM Secure Element approaches for NFC payments.
The guide, “HCE and SIM Secure Element: It’s not Black and White”, follows the recent introduction of HCE into Android 4.4 (KitKat) and concludes that the SIM Secure Element and HCE approaches to NFC payments each offer important benefits for financial institutions. Further, they should not be viewed as mutually exclusive and a combination of the approaches may be appropriate for differing applications and markets.
“This paper provides a balanced analysis for financial institutions of HCE as an alternative proposition for NFC payments, alongside the existing SIM approach,” says Alex Sinclair, Chief Technology Officer, GSMA.
“The recent inclusion of HCE into Android opens up the possibility of performing NFC payments without using a SIM Secure Element and HCE could also potentially remove complexity associated with SIM-based NFC payments. At the same time, SIM-based NFC offers a proven secure solution that is being commercially deployed today. The challenge for the mobile operator community is to simplify the provisioning process, further accelerating deployments of SIM-based NFC on a global basis.”
Report co-author Steve Pannifer, Head of Delivery at Consult Hyperion continues: “The inclusion of HCE into Android has generated a lot of excitement that can only be good for NFC payments. This, combined with the efforts to streamline SIM Secure Element based NFC evident in many markets, will enable NFC payment products to be rolled out with renewed vigour.
We hope that this paper will encourage banks and mobile operators to collaborate further in bringing NFC payments to the market. We believe the mobile operators have an important role to play, particularly in providing mobile security and authentication services that are paramount in any payments service.”
The guide shows that whilst HCE does indeed simplify some aspects of the NFC ecosystem by allowing mobile NFC payments to be performed without using a SIM Secure Element, this is only part of the landscape. HCE requires a new approach to security in terms of ecosystem integration, risk management and certification processes. In contrast, SIM Secure Element processes are well defined and mobile operators are actively working with the ecosystem to simplify them further.
The report examines the heritage of SIM-based NFC, the lessons learnt from the first deployments and the actions that have been taken to allow service providers to deploy secure, stable and proven mobile payment services at scale. The guide finds that whilst there is significant interest around HCE, the SIM Secure Element approach for mobile payments still has many complimentary advantages and it will be down to the banks to carefully review their needs in each of their operating markets.
“Both the People’s Bank of China (PBOC) and China UnionPay have released mobile payment specifications, which require a Secure Element to support NFC mobile payments, in order to provide a secure and reliable payment service,” comments Jiang Haijian, Deputy General Manager, Mobile Payment Dept., China UnionPay.
“China UnionPay has worked very closely with Chinese operators on large-scale commercial NFC services based on the SIM as Secure Element. In conjunction, China UnionPay is working actively on a feasibility study of new technologies including HCE.”
Consult Hyperion suggests that there are a number of key points for banks to consider as they plan mobile NFC payments:
- Understand your local environment: The local conditions will play a big role in determining the best approach
- Understand your target transactions: It is possible that HCE will be less suited to certain transaction types (e.g. offline, high value) than SIM Secure Element.
- SIM Secure Element and HCE are not mutually exclusive: The most effective solutions over the medium term may be hybrid models where, for example, the SIM is used to address the security and authentication gaps in HCE.
- Build flexibility into your strategy: There is likely to be considerable overlap between SIM Secure Element and HCE in terms of the systems and capabilities that are required
- Collaborate with the industry: Until there is a level of standardisation around HCE, there remains the risk that banks could adopt solutions that are insufficiently flexible or lock the banks in.
David Baker, Head of the Card Innovation Payments Unit at the UK Card Association notes: “While Host Card Emulation has been hailed as a potential game changer for card-based NFC proximity payments, this report gives valuable advice and guidance on the issues the industry must address -and highlights the real need for collaboration between ecosystem partners to ensure greater adoption of mobile payment services.”
The full report can be seen here