Tuesday, March 25, 2014
Google's change in strategy means users of phones with previous Android operating systems are out of luck if they want to make mobile contactless transactions at the physical POS. But the development is significant because, by bypassing the secure element, which is "real estate" controlled by the mobile telecommunication firms, Google is not subject to the wireless carriers' rules for using the secure element.
Smart Card Alliance Director Randy Vanderhoof said Google's endorsement of HCE for Android 4.4 KitKat breaks the telecoms control over the mechanics of how contactless payments are made, and thus opens up Google Wallet transactions to be accomplished in a variety of other ways, such as via the cloud.
"The carriers perhaps aren't happy about this," Vanderhoof said. If HCE proves to be a viable option for enabling mobile in-store payments, the carriers will not be able to monetize the secure element by charging a fee for transactions to flow through it.
Additionally, HCE could open up the market so that the solutions of more mobile wallet providers can compete for space on consumers' smartphones, as the carriers would be unable to dictate terms by controlling the secure element. In this way, Google's adoption of HCE "has the potential to be a turning point" for the market, Vanderhoof said.
In February 2014, both Visa Inc. and MasterCard Worldwide stated their support for HCE. Visa noted that HCE allows any NFC application on an Android device to emulate a smart card. "The Android HCE feature provides us with a platform to evolve the Visa payWave standard, support the development of secure, cloud-based mobile applications, while at the same time offer greater choice to our clients," said Elizabeth Buse, Executive Vice President, Global Solutions, Visa.
MasterCard added that the open architecture of HCE enables loyalty programs, building access applications and transit passes to be delivered without service providers needing access to the secure element. "This greatly simplifies and speeds the deployment process of NFC-based mobile offerings to consumers by card-issuing financial institutions," MasterCard said.
The NFC Forum recently chimed in that HCE is an exciting development for the NFC market. "With HCE, transactions take place using credentials stored in the cloud or on the host processor of the NFC-enabled mobile device rather than a tamper resistant secure element, such as an embedded security chip, SIM, or microSD card," said NFC Forum Executive Director Paula Hunter.
Google's foray into the mobile wallet space has been met with a number of setbacks since Google Wallet was launched in May 2011. In February 2012, a security flaw was discovered in the virtual wallet that could have allowed hackers access to Google Prepaid Card accounts resident on smartphones.
Another problem was the lack of user adoption of the wallet because of the relatively small number of phone models that supported Google Wallet, as well as a limited number of bankcard issuers that had integrated their cards directly into the wallet, which was seen as a costly and time consuming procedure. In September 2012, Google moved card account functionality to the cloud, allowing issuers to more easily offer their cards via the wallet.
By September 2013, it was clear Google was at the mercy of the carriers, as Verizon Wireless blocked Google Wallet from being used on its supported phones. By embracing HCE, Google seems to have circumvented that circumstance from happening again.
Despite Google's adoption of HCE and its endorsement by the two largest card brands, Vanderhoof said tap-and-pay mobile transactions still need the NFC chip, with its remote communication functionality. A downside to HCE adoption is that security is more problematic in the cloud than in the hardware of the secure element. But Vanderhoof stated that this new route for NFC transactions is an opportunity for the industry to innovate security solutions in the cloud.
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.