|[June 10, 2014]
Consult Hyperion and the GSMA Publish Report Contrasting HCE and SIM Secure Element Approaches to NFC Payments
SHANGHAI --(Business Wire)--
Digital payments experts Consult Hyperion, in conjunction with the GSMA (News - Alert),
today published a guide to help banks and mobile operators understand
the Host Card Emulation (HCE) and SIM Secure Element approaches for NFC
payments. The guide, "HCE and SIM Secure Element: It's not Black and
White", follows the recent introduction of HCE into Android (News - Alert) 4.4
(KitKat) and concludes that the SIM Secure Element and HCE approaches to
NFC payments each offer important benefits for financial institutions.
Further, they should not be viewed as mutually exclusive and a
combination of the approaches may be appropriate for differing
applications and markets.
"This paper provides a balanced analysis for financial institutions of
HCE as an alternative proposition for NFC payments, alongside the
existing SIM approach," said Alex Sinclair, Chief Technology Officer,
GSMA. "The recent inclusion of HCE into Android opens up the possibility
of performing NFC payments without using a SIM Secure Element and HCE
could also potentially remove complexity associated with SIM-based NFC
payments. At the same time, SIM-based NFC offers a proven secure
solution that is being commercially deployed today. The challenge for
the mobile operator community is to simplify the provisioning process,
further accelerating deployments of SIM-based NFC on a global basis."
"MasterCard (News - Alert) has been technology agnostic, enabling mobile payments in a
way that allows current card accounts to be used seamlessly and securely
from consumers' favorite electronic devices," said James Anderson,
senior vice president of emerging payments, MasterCard. "We have
deployed SIM and Secure Element-based solutions through partnerships
with mobile network operators, OS providers and handset manufacturers,
while recently adding support for cloud-based payments. This paper will
help both the mobile and payments industries understand the strengths of
each approach and allow them to choose the options that align with their
Report co-author Steve Pannifer, Head of Delivery at Consult Hyperion
said: "The inclusion of HCE into Android has generated a lot of
excitement that can only be good for NFC payments. This, combined with
the efforts to streamline SIM Secure Element based NFC evident in many
markets, will enable NFC payment products to be rolled out with renewed
vigour. We hope that this paper will encourage banks and mobile
operators to collaborate further in bringing NFC payments to the market.
We believe the mobile operators have an important role to play,
particularly in providing mobile security and authentication services
that are paramount in any payments service."
The guide shows that whilst HCE does indeed simplify some aspects of the
NFC ecosystem by allowing mobile NFC payments to be performed without
using a SIM Secure Element, this is only part of the landscape. HCE
requires a new approach to security in terms of ecosystem integration,
risk management and certification processes. In contrast, SIM Secure
Element processes are well defined and mobile operators are actively
working with the ecosystem to simplify them further.
The report examines the heritage of SIM-based NFC, the lessons learnt
from the first deployments and the actions that have been taken to allow
service providers to deploy secure, stable and proven mobile payment
services at scale. The guide finds that hilst there is significant
interest around HCE, the SIM Secure Element approach for mobile payments
still has many complimentary advantages and it will be down to the banks
to carefully review their needs in each of their operating markets.
"Both the People's Bank of China (PBOC) and China UnionPay have released
mobile payment specifications, which require a Secure Element to support
NFC mobile payments, in order to provide a secure and reliable payment
service. China UnionPay has worked very closely with Chinese operators
on large-scale commercial NFC services based on the SIM as Secure
Element. In conjunction, China UnionPay is working actively on a
feasibility study of new technologies including HCE," said Jiang
Haijian, Deputy General Manager, Mobile Payment Dept., China UnionPay.
Consult Hyperion suggests that there are a number of key points for
banks to consider as they plan mobile NFC payments:
Understand your local environment: The local conditions will
play a big role in determining the best approach
Understand your target transactions: It is possible that HCE
will be less suited to certain transaction types (e.g. offline, high
value) than SIM Secure Element.
SIM Secure Element and HCE are not mutually exclusive:
The most effective solutions over the medium term may be hybrid models
where, for example, the SIM is used to address the security and
authentication gaps in HCE.
Build flexibility into your strategy: There is likely to be
considerable overlap between SIM Secure Element and HCE in terms of
the systems and capabilities that are required
Collaborate with the industry: Until there is a level of
standardisation around HCE, there remains the risk that banks could
adopt solutions that are insufficiently flexible or lock the banks in.
David Baker, Head of the Card Innovation Payments Unit at the UK Card
Association notes: "While Host Card Emulation has been hailed as a
potential game changer for card-based NFC proximity payments, this
report gives valuable advice and guidance on the issues the industry
must address -- and highlights the real need for collaboration between
ecosystem partners to ensure greater adoption of mobile payment
The full report can be seen here
Note to Editors:
HCE is a recent feature of Android that allows an Android application to
emulate a contactless card via the NFC interface of the handset;
previously, this was reserved to applications stored in a secure chip or
Secure Element, typically the SIM card, with similar security features
as chip-and-PIN plastic cards. HCE opens the way to payment applications
without a secure element, but such applications need to reach a
satisfactory level of security. In order to achieve this, card schemes
are developing a "tokenisation" approach, whereby the payment card
identifier is replaced by a single use or limited use "token". This
reduces the impact of data breaches significantly: if a "token" is
compromised it will have limited and possibly no value.
The guide was commissioned by the GSMA, 5 New Street Square, London,
EC4A 3BF, United Kingdom. Any opinions, findings, and conclusions or
recommendations expressed in the material are those of the author(s) and
do not necessarily reflect those of the GSMA or its members.
About Consult Hyperion
Consult Hyperion is an independent information technology consultancy
that has spent over two decades advising leading organisations around
the world. Consult Hyperion helps these organisations to reap real
benefits from technological change in the field of secure electronic
transactions ranging from retail payments to mobile wallets to
contactless transit ticketing. Consult Hyperion is uniquely qualified to
advise on turning great business ideas into working systems that can
help customers, and to evaluate new business concepts, develop new
products and services from specification to customer roll-out, and to
test and certify complex systems.
The four main sectors the company operates in are; financial services,
with card schemes, banks, retailers and others; telecommunications and
media, advising world leading companies; technology, to support some of
the largest IT companies, and in the public sector and transit where
projects include transit operators, government and law enforcement.
For more information visit Consult
Hyperion, follow on Twitter (News - Alert) @chyppings
and keep up to date with the latest debate at Tomorrow's
About the GSMA
The GSMA represents the interests of mobile operators
worldwide. Spanning more than 220 countries, the GSMA unites nearly 800
of the world's mobile operators with more than 250 companies in the
broader mobile ecosystem, including handset makers, software companies,
equipment providers and Internet companies, as well as organisations in
industry sectors such as financial services, healthcare, media,
transport and utilities. The GSMA also produces industry-leading events
such as the Mobile World Congress (News - Alert) and Mobile Asia Expo.
For more information, please visit the GSMA corporate website at www.gsma.com.
Follow the GSMA on Twitter: @GSMA.
[ Back To TMCnet.com's Homepage ]