LIVE FROM MOBILE ASIA EXPO 2014: The SIM-based secure element and Host Card Emulation (HCE) approaches to NFC-based mobile payments each offer benefits to financial institutions and are not mutually exclusive, according to a new guide from the GSMA and UK consultancy Consult Hyperion.
Actually, a combination of the two approaches may be the best option, depending on application and markets.
Google introduced HCE to Android 4.4 (KitKat) last year.
“The recent inclusion of HCE into Android opens up the possibility of performing NFC payments without using a SIM Secure Element and HCE could also potentially remove complexity associated with SIM-based NFC payments,” said Alex Sinclair, the GSMA’s CTO.
On the other hand, SIM-based NFC offers a proven secure solution that is already being commercially deployed, said Sinclair. He added that the challenge for operators is to simplify the provisioning process, which would boost the SIM-based approach.
The announcement includes a comment from James Anderson, SVP of emerging payments with MasterCard. The credit card giant has worked with mobile operators and handset manufacturers on secure element-based partnerships. Earlier this year, it also came out in support for HCE, along with rival Visa.
“MasterCard has been technology agnostic, enabling mobile payments in a way that allows current card accounts to be used seamlessly and securely from consumers’ favourite electronic devices,” said Anderson.
The guide, which is aimed at financial institutions, shows HCE does simplify certain aspects of NFC-based payments but that is only part of the story. “HCE requires a new approach to security in terms of ecosystem integration, risk management and certification processes,” it says.
In contrast the SIM-based approach is well defined and operators are looking at further simplifying it, according to the guide.
The guide offers some advice to banks to consider as they plan a move into NFC-based mobile payments, and weigh up the two approaches. The advice includes understanding the local environment as well as understanding the type of transaction they targeting (HCE is probably more suited to lower value transactions where security is less at a premium).
In addition, the guide argues the most effective solution over the medium term may turn out to be a hybrid which combines secure element and HCE. This would enable the SIM to fill in the authentication and security gaps in HCE, it says. It also advises flexibility in the strategy adopted by financial institutions and pushes collaboration. “Until there is a level of standardisation around HCE, there remains the risk that banks could adopt solutions that are insufficiently flexible or lock the banks in,” it said.