After years of hype surrounding NFC Mobile Payments, the contactless payments segment is finally witnessing some traction thanks mainly to cloud based technologies like HCE Payments that are enabling seamless mobile based payments.
Traditionally, NFC payment systems use the mobile device’s secure element (SE) for storing all the data needed for completing financial transactions. This makes the owners of the SE (such as mobile network operators,OEMs) the true gatekeepers of the system who define the access as well as the charges associated with the SE.
In this resulting payments ecosystem, which is characterized by multiple tenants and highly complex business rules and regulations, the service provider is often left with little or no control over costs and security parameters, and this, not only compromises the solution’s position in the value chain, but also lead to poor user experience. For example, in a typical solution, the service provider not only has to establish relationships with multiple SE owners, each with their own set of business rules and technical considerations, but also with TSM’s provisioning SEs, creating latency and undermining system’s performance as well as security.
Queering the pitch even further for service providers (like banks) is the growing popularity of OEMs like Samsung Pay, Android Pay, LG Pay, AliPay & Apple Pay denting top-line growth (revenues) and brand visibility of the service providers all long the payment spectrum. To drive home an analogy to understand the present conundrum of the service providers, one has only to look at the telecom operators providing the bandwidth but losing out on monetization as well as branding opportunity to app providers. In the rapidly unfurling mobile payments landscape, service providers, like banks, can no longer remain just mute spectators; they must be in-step with the latest technological developments in mobile payments segment, like HCE, tokenization and hybrid-HCE payments, and leverage every monetization and branding opportunity on offer. However, service providers cannot afford to add another layer of complexity to their business that is completely unrelated to their core activities and therefore need to provision such services from a cloud environment.
HCE abstraction Layer
HCE provides a layer of abstraction of the complex rules and regulations prevailing in mobile NFC SE payments, allowing service providers to concentrate more on their business rather than having to manage multiple tenants and highly complex systems. This layer of abstraction is the cloud. By moving the SE element into the cloud environment, service provider gains by reducing the cost as well as the complexity of managing such systems.
Tokenization – Adding the Secure Element in HCE
Since a large amount of user credentials are stored in the cloud environment, service providers have to provide an additional layer of security to their customers to prevent any misuse of their credentials. There are several ways of doing this: tokenization, single use keypad, risk analysis. Tokenization reduces the customer’s stored credentials into random numbers which are completely useless if they are stolen. Tokens can be mapped to customer’s data only by card networks and the consumer’s bank. This combined with single use keypad, risk analysis provide a strong layer of security preventing any unauthorised access to customer’s credentials.
Trends in HCE Mobile Payments
After years of disillusionment, HCE has finally emerged as a viable alternative for card emulation projects independent of the physical SE element. In February 2014, MasterCard and Visa announced their support of HCE technology. Support has come from all quarters with industry heavyweights like Google and Windows weighing in. For exampIe, in April 2014, Google announced that it is only possible to use Google Wallet to make NFC payment using HCE. Considering that Google’s Android commanded 82% of the market (of which, almost half, 48.8 % running Android v4.4 or higher) these are very big numbers indeed. Similarly, in 2015 Windows included HCE on its Windows 10 operating system. All these trends points toward to the singular fact that the confusion regarding payments is finally over.
Future of HCE Payments
HCE and tokenization is expected to emerge as the big game changer on the payments scene, enabling NFC devices to perform card emulations, without having to rely on their secure element. Advent of HCE and tokenization, and their variants, has simplified the deployment of NFC. Thus, based on their risk appetite, we will see mobile payment players going for different variant based on their business model. While banks will go for pure HCE, mobile operators will take hybrid HCE route with tokenization. Hybrid HCE payment integrates the easy deployment and the scalability of a cloud infrastructure with the assets of a Telco to enhance security, providing the best in both worlds.
