A Thing
The Green SheetGreen Sheet

Tuesday, March 25, 2014

Google Wallet ditches secure element for HCE

Beginning April 14, 2014, Google Wallet will only offer mobile contactless payment functionality on the newest KitKat version of its Android operating system. Integrated into the upgraded OS is support for Host Card Emulation (HCE) technology, which allows tap-and-pay transactions to bypass the secure element inside near field communication (NFC)-enabled chips embedded within smartphones.

Google's change in strategy means users of phones with previous Android operating systems are out of luck if they want to make mobile contactless transactions at the physical POS. But the development is significant because, by bypassing the secure element, which is "real estate" controlled by the mobile telecommunication firms, Google is not subject to the wireless carriers' rules for using the secure element.

Smart Card Alliance Director Randy Vanderhoof said Google's endorsement of HCE for Android 4.4 KitKat breaks the telecoms control over the mechanics of how contactless payments are made, and thus opens up Google Wallet transactions to be accomplished in a variety of other ways, such as via the cloud.

"The carriers perhaps aren't happy about this," Vanderhoof said. If HCE proves to be a viable option for enabling mobile in-store payments, the carriers will not be able to monetize the secure element by charging a fee for transactions to flow through it.

Additionally, HCE could open up the market so that the solutions of more mobile wallet providers can compete for space on consumers' smartphones, as the carriers would be unable to dictate terms by controlling the secure element. In this way, Google's adoption of HCE "has the potential to be a turning point" for the market, Vanderhoof said.

Visa, MasterCard on board

In February 2014, both Visa Inc. and MasterCard Worldwide stated their support for HCE. Visa noted that HCE allows any NFC application on an Android device to emulate a smart card. "The Android HCE feature provides us with a platform to evolve the Visa payWave standard, support the development of secure, cloud-based mobile applications, while at the same time offer greater choice to our clients," said Elizabeth Buse, Executive Vice President, Global Solutions, Visa.

MasterCard added that the open architecture of HCE enables loyalty programs, building access applications and transit passes to be delivered without service providers needing access to the secure element. "This greatly simplifies and speeds the deployment process of NFC-based mobile offerings to consumers by card-issuing financial institutions," MasterCard said.

The NFC Forum recently chimed in that HCE is an exciting development for the NFC market. "With HCE, transactions take place using credentials stored in the cloud or on the host processor of the NFC-enabled mobile device rather than a tamper resistant secure element, such as an embedded security chip, SIM, or microSD card," said NFC Forum Executive Director Paula Hunter.

No mercy

Google's foray into the mobile wallet space has been met with a number of setbacks since Google Wallet was launched in May 2011. In February 2012, a security flaw was discovered in the virtual wallet that could have allowed hackers access to Google Prepaid Card accounts resident on smartphones.

Another problem was the lack of user adoption of the wallet because of the relatively small number of phone models that supported Google Wallet, as well as a limited number of bankcard issuers that had integrated their cards directly into the wallet, which was seen as a costly and time consuming procedure. In September 2012, Google moved card account functionality to the cloud, allowing issuers to more easily offer their cards via the wallet.

By September 2013, it was clear Google was at the mercy of the carriers, as Verizon Wireless blocked Google Wallet from being used on its supported phones. By embracing HCE, Google seems to have circumvented that circumstance from happening again.

Despite Google's adoption of HCE and its endorsement by the two largest card brands, Vanderhoof said tap-and-pay mobile transactions still need the NFC chip, with its remote communication functionality. A downside to HCE adoption is that security is more problematic in the cloud than in the hardware of the secure element. But Vanderhoof stated that this new route for NFC transactions is an opportunity for the industry to innovate security solutions in the cloud. end of article

Editor's Note:

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007
A Thing