Card, mobile credential, payment and security
New technology to open up NFC market, but may be thorn in telcos' side
Many agree that NFC technology is yet to realize its full potential in the consumer marketplace, but a new piece of Android software could turn the tide and make way for a renewed NFC landscape. The forthcoming Android 4.4 operating system, more commonly referred to as KitKat, will push to Android devices everywhere complete with a technology known as host-card emulation.
Host-card emulation is an alternative to standard NFC card emulation – a technology that already exists within a number of NFC-enabled Android devices. NFC emulation leverages a separate chip in the device itself called the secure element. Commonly, these secure elements come in the form of SIM cards provided by wireless carriers, or telcos.
When NFC card emulation is conducted, the emulated card is provisioned into the secure element on the device via an Android application. When the user holds their device over an NFC terminal, the NFC controller in the device then routes all data from the reader directly to the secure element.
With host-card emulation, however, this premise is taken a step further using a new method that does not involve a secure element at all. Instead, it enables an Android app to emulate a card and talk directly to the NFC reader, circumventing the traditional secure element altogether.
“It is a technology built into a device’s operating system that enables a mobile device to emulate a payment or other card, allowing users to make NFC mobile payments and other proximity transactions,” explains Martin Cox, global head of Sales at Bell ID.
Host-card emulation essentially creates a virtual smart card, represented in software form and hosts it in the cloud. It’s a technology that could greatly affect the structure and delivery of NFC services.
The predominant initial use of host-card emulation will almost certainly be in the payments sector. The adoption of mobile wallets has been sluggish, but Google’s decision to include host-card emulation is expected to shake things up.
“Placing the payment credentials in a remote environment and communicating via the cloud, rather than in an secure element inside the mobile device, offers more control and direct access to application issuers, as well as eases the launch of NFC based mobile services,” explains Cox. “With ‘pure cloud’ solutions, the device does not require a physical secure element, as the payment applications are provisioned into a remote secure element and accessed by the device during the transaction.”
Host-card emulation mimics cards based on key ISO and NFC Forum specifications. This is important for the future of mobile payments security, as these specifications are already being used and are a verified standard for a potential EMVCo and NFC payment infrastructure. This is good news for Google because host-card emulation services would still comply, in theory, with existing security and technology standards.
This is why insiders suggest Google’s support for host-card emulation makes sense, particularly in the wake of Google Wallet and Isis coming to market. By circumventing a device’s secure element – which in many cases resides within the telco-issued SIM card – Google can enable customers of any mobile carrier to use Google Wallet even if the customer’s service provider is one of the three telcos driving Isis – Verizon, AT&T or T-Mobile. Sprint is the lone holdout of the Big four telcos that has openly supported Google Wallet.
In a nutshell, by leveraging a cloud-based secure element environment, telcos no longer play a central role in NFC payments; placing their desired, intermediary role in the mobile payments sector in jeopardy. There are still kinks that need to be worked out both in the technology and its security, but Android’s dominant smart phone market share has cast doubt on mobile network operator’s future in the NFC mobile payments process.
Android’s forthcoming KitKat update could be used as more than just a means to skirt Isis and wrestle control of mobile wallets from the telcos. It could in fact be used in any NFC service. By leveraging host-card emulation, NFC handsets remove the physical secure element from the transaction, leaving services such as ticketing, identity and access control to be developed and implemented in a shorter amount of time.
Moreover, the inclusion of host-card emulation means that full NFC capability – including operation of the reader functionality of NFC handsets – would be made available to app developers, Cox says. This would give developers the ability to create applications that can turn handsets into contactless card readers, a function that has potential in the mobile point of sale sector and a host of other markets.
This handset as a reader aspect of NFC has long held promise for an array of applications and services, but it has seldom been utilized.
Also at the heart of host-card emulation potential influence is Android’s market presence. The operating system powers the vast majority of the deployed devices on the market today, and Google seems poised to leverage this with host-card emulation.
During the third quarter 2013, Android dominated global smart phone shipments with an 81% share. “This is a positive step for the industry as support for host-card emulation on Android 4.4 brings service delivery opportunities to a huge segment of the smart phone market,” says Cox.
Host-card emulation will also prove to be particularly fitting for issuers who feel that the use of a physical secure element on the device adds insufficient value to justify the hardware’s additional cost.
In theory, host-card emulation will give service providers more available business models, partners and developers with which to work. Companies like Bell ID are prepping to meet new host-card emulation demands head on.
As a Trusted Service Manager, Bell ID aids service providers in securely managing and distributing contactless services for their customers via the networks of mobile operators. Cox believes that host-card emulation can blow the doors open for loyalty, couponing, access control and transit ticketing.
Bell ID’s Secure Element in the Cloud solution offers two options – a purely cloud offering and a hybrid cloud/physical secure element option. As Cox explains, the hybrid option offers many of same benefits of an exclusively-cloud solution – increased flexibility, greater storage and processing power and no need for SIM certification. The only difference is that it includes the accepted security of a physical secure element.
For the immediate future, Cox sees this hybrid method being the preferred choice, as it offers a different level of flexibility. “Some service providers will opt for a pure cloud solution, while others may believe that for higher value services it is wise to utilize a physical secure element in either the classic NFC model or cloud/secure element hybrid,” he explains. “The beauty of host-card emulation is in the additional options it brings to the market.”
[line margin_top='' margin_bottom='' margin_left='' margin_right='']
