Carriers and smart card players are arguing that HCE is mostly meant for low-security applications such as coupons, loyalty and offers and not really for security requiring applications like Payments. But its not coming out very unequivocally. They also realize its hard to stop HCE with the kind of much-needed momentum it has brought back to NFC.
However they face a grave danger. Host card emulation would enable banks and other players to avoid putting their apps on NFC SIMs. It could also mean that we would not require TSM managers. ISIS the NFC wallet of US carriers has send some signals to the media that they are considering host card emulation (HCE) to store a user's loyalty card and coupon information, and is also looking into supporting HCE for credit card payments. They are closely watching banks and how banks decide they want to use Host Card Emulation.
Lets go back to the last year…NFC was facing adoption issues at the terminals, at merchants and in devices for years. It was really a matter of time before the Secure Element would be bypassed. The Cellular companies as a payments gatekeeper (and barrier) does not encourage innovation. Google wallet had faced a lot of issue with non-compatibility thanks to ISIS and carriers backing it. Although EMV and Wireless EMV (NFC) is mandated by Visa and MasterCard by the end of 2014 for all US merchants to receive the most favorable terms, there has been slow adoption on wireless devices. Of course there is ISIS and this method, but Google has started the de-emphasis of NFC from the last year.
Around November last year, with the release of Android 4.4, Google introduced a new platform support for secure NFC-based transactions through Host Card Emulation (HCE), for payments, loyalty programs, card access, transit passes, and other custom services.
With HCE, any app on an Android 4.4 device can emulate an NFC smart card, letting users tap to initiate transactions with an app of their choice. Apps can also use a new Reader Mode so as to act as readers for HCE cards and other NFC-based transactions. Android HCE emulates ISO/IEC 7816 based smart cards that use the contactless ISO/IEC 14443-4 (ISO-DEP) protocol for transmission the existing EMVCO Wireless NFC payment infrastructure.
This changed the game forever. Good for Google and tons of technology companies, banks and payment companies. Not so good for carrier. telcos and Gemalto’s of the world. Now with Visa and Mastercard announcing great support for HCE the NFC equation is shifting towards HCE side.
Gemalto, the world’s largest smart card supplier and also the largest trusted service manager, has much to lose if pure host-card emulation becomes the mainstay of NFC. The CEO of Gemalto recently questioned the inherent security of HCE for EMV payments!