March 26, 2014
Contactless payment technologies and smart cards have gained decent traction over the last couple of years, and have managed to get good support from the financial payment card issuers and associations. These smart cards provide an easy to use substitute for cash, which leads to reduced transaction time and cost, less fraud, and minimal manual intervention.
One of the most widely used contactless payment standards for chips is Mifare, the technology behind a series of chips widely used in smart cards and NFC readers. So what is the ‘beef’ between Mifare and HCE? Before we go into that lets define HCE for some readers who might not have heard about it. HCE serves the purpose of smart card using only the Software. Prior to the development of HCE technology, NFC transactions took place using secure elements only. HCE allows merchants to offer simple mobile payment card solutions using closed-loop implementation and real-time distribution of cards. This facilitates a plain and effective deployment scenario: One that does not ask them to remove or change the software inside the terminal.
HCE allows NFC transactions with handsets without the need of hardware component or physical SIM, while Mifare chips are used in NFC readers and smart cards. Important to note is that, Host Card Emulation (HCE) cannot emulate most of the Mifare protocols. To be specific, HCE can only emulate the ISO/IEC 14443-4 protocols, and most of the Mifare ICs don’t work on any of these protocols. Therefore, most of the HCE enabled handsets are unable to transact with the Mifare terminals.
In its current state, it is improbable to use HCE with Mifare based solutions, which is the most widely used contactless payment technology right now!
Lets explore these technologies to understand the situation better.
The trademark is owned by NXP Semiconductors whose headquarters are in the Netherlands. The company claims to have sold Billions of smart card chips and millions of readers so far! NXP is one of the world’s largest Semiconductor manufacturers (and a leading one in contactless) and is also credited to be one of the co-inventors of NFC!
Mifare is used by many major public transit systems globally. The Mifare card boasts the following characteristics:
It works at an operating frequency of 13.56 MHz, in a read range of 0 cm to 10 cm. The size of the card is 85.7mm*54.0mm*0.8mm. The standard card comes with 16 sectors each with 4 blocks of data of 16 Bytes each. However, there are other variants available too.
Mifare solution has many advantages, such as being used for multiple applications (apart from payments). Bolstering a very secure encryption, unauthorized access to information on the card is highly improbably and copying the card would prove to be a very difficult task. Since it leads to contactless communication, the maintenance required for the card readers is less, and the card has to go through no wear and tear (as is the case with swiping POS). The chip can also be embedded to other devices like a watch!
To add to these, the card can also be used at a wet place, as the card reader can be sealed and there is no contact between card and the reader.
Mifare’s solutions comply with the standards followed by industry for contactless smart cards: ISO 14443A. An internal antenna powers the cards, as a power source is needed since the card works in magnetic fields.
Mifare has seen a surge in uptake globally in the last year or so, and has especially been embraced as the card for ticketing and low value transactions.
Host Card Emulation (HCE) is built in the operating system of the handset, and allows the handset to act as a payment card. Thus, users can use the handset to make NFC payments or even non-payment NFC transactions. Recently Google announced that Android’s latest version- KitKat (4.4) will support HCE. We believe this will lead to deeper penetration of HCE in the global market as Android 4.4 brings service delivery options to a huge proportion of unexplored smartphone markets. According to latest IDC figures, Android is the dominant smartphone OS player, with over 81% market share. With the new adoption, service providers can bring ‘remote cloud secure elements’ to a large population of smart phone users.
The term was coined by a company called SimplyTapp in year 2011, in an attempt to describe its unique ability to transact with cards that may be operated at some other place. Prior to the concept, one could find card emulation only in the physical space, i.e. it could be replaced only with secure element hardware, to be placed inside a smartphone. SimplyTapp also did its first public implementation in 2012.
HCE is good for merchants too, but numerous merchants around the globe using Mifare based readers are unable to accept payments from the customers who have HCE software in their handsets.
Besides, serious doubts have been raised by some entities about the security of HCE based payments. Carriers and Banks in Europe do have their own limitations about HCE implementation and lack of security compared to NFC SIMs.
Although HCE acts as the enabler to do away with the dependency of NFC on hardware component or a SIM card by working with remote processors, unless a solution can be found for the lack of capability of HCE to work with many Mifare terminals, this will hurt the prospects of its growth in the years to come.