Why is Host Card Emulation a Big Opportunity for Technology Providers?

Overall, HCE is a multi-dozen billion dollar opportunity, as per our estimates. Host Card Emulation (HCE) is the on-device technology that permits a phone to perform card emulation on a Near Field Communication (NFC)-enabled device without relying on access to a secure element. It's understood that HCE technology development would be done on a limited basis by banks themselves (without requiring mobile operator support). However, they likely don’t have the technology and expertise within their organizations. So can this be a huge opportunity for technology providers if they start focusing on developing HCE solutions?

HCE gained relevance when Google announced support for HCE in the KitKat version of Android. With Host Card Emulation and cloud issuance, millions of phones could be enabled for payment with a simple app update. I had earlier talked about 19 banks who have already adopted HCE into their mobile banking solutions. There are 2 more banks who have recently adopted HCE: New Zealand’s ANZ bank and Turkey’s Turk Ekonomi Bankasi. These banks have integrated HCE in order to enable their banking customers to perform in-store proximity mobile payments.

Banks look forward to their mobile banking apps as the new and ideal channel of interaction with customers. Banks want to add more functionality in their apps which could range from remote check deposits to money transfers. Moreover, banks want to further add features such as integrating merchant loyalty, promotions & offers and ultimately enabling proximity payments as well. With such features, security becomes a higher priority and this is where they are seeking low cost solutions as they are already investing in adding the features themselves - exactly the one-stop solutions that technology players can bring to banks based on HCE.

Taking a cue from these 21 banks, there are thousands of banks out there who will adopt HCE for its potential. Take the example of the U.S. itself, where there are more than 6000 banks. The best thing that banks find in HCE is the fact that it does not require any form of hardware upgrade and hence no extra costs are involved. But this doesn't mean that integrating HCE and NFC payments is going to be easy. The biggest issue right now is that of security and fraud. Banks who have their own apps, and a lot of them do, cannot simply integrate HCE with an app upgrade. That is why capable technology partners would be required.

LTP has recently completed an analysis of the various growth metrics for the opportunity in this space:

  • Account Holders Growth (snapshot above)
  • Handset Compatibility Growth
  • Banking Apps integrating HCE Growth

Banks in countries like Canada, Australia, New Zealand and Poland are highly active in adopting technologies like HCE. Polish banks have been the most aggressive in moving forward with their HCE programs. Out of the 21 banks mentioned above, 10 of them are from Poland. It is not that the banks just love HCE for an arbitrary reason; it’s rather the presence of an effective contactless infrastructure that is already in place in these countries. For example, in Canada, the market for contactless POS is growing at 16.4% annually.

Here are some insights on technology players who have already developed HCE solutions as per their own websites:

SimplyTapp - the company offers a cloud based secure element solution. The company offers Secure Element as a Service turnkey solution for credential management and distribution by its clients.

INSIDE Secure - the company offers the matrixHCE SDK so that app developers can seamlessly integrate HCE based security to their application codes.

Giesecke & Devrient - the company’s HCE based solution, called Convego CloudPay, consists of two main components – CloudPay Server and CloudPay Client. The server provides an online interface to banks. The G&D CloudPay service provides for the provisioning and life-cycle management of the bank’s payment cards on the end users’ smartphones.

Sequent - the company’s cloud or secure element-based digital issuance enables any app on any phone to perform payment transactions without using a secure element in the phone with NFC, HCE or barcode at the point of sale.

Bell ID - the company’s international patent pending Secure Element in the Cloud software enables mobile NFC transactions to be made by storing and accessing credentials in a remote environment rather than on the mobile device.

Proxama - the company has partnered with Cryptomathic to develop a new mobile contactless payment solution called EMV-TT or EMV tokenized transaction. As part of this solution, Proxama is leveraging HCE to avoid reliance on a hardware secure element.

If you look at the work that the above mentioned companies are doing for HCE, you will observe that there is major demand for a cloud based solution where the secure element can reside and which can integrate the payments aspect of HCE into applications. Now banks and other stakeholders do have the ability to upgrade their apps to support HCE, for which they still rely on their development teams. But what about the other components which would actually complete the end-to-end solution. This is where technology players, like those mentioned here, come into the picture.

For these technology players, the opportunity lies not only in developing core HCE solutions but in including other aspects as well. There have been revelations that HCE as part of the mobile OS can be disrupted via malware. Communication between the NFC controller and the HCE-enabled app can be tracked by malware applications. This is another area where technology players focus; why not make the existing HCE technology even more secure?

I have talked about the opportunity that lies ahead and the demand on the technology side that will rise day by day as contactless payments grow all over the world. So this is some food for thought to all those technology players out there.

LTP is releasing a new report on this opportunity soon. If you are interested in more details, do let us know.