Host card emulation

Last updated

Host card emulation (HCE) is the software architecture that provides exact virtual representation of various electronic identity (access, transit and banking) cards using only software. Prior to the HCE architecture, near field communication (NFC) transactions were mainly carried out using hardware-based secure elements. [1]

Contents

HCE enables mobile applications running on supported operating systems to offer payment card and access card solutions independently of third parties while leveraging cryptographic processes traditionally used by hardware-based secure elements without the need for a physical secure element. This technology enables the merchants to offer payment cards solutions more easily through mobile closed-loop contactless payment solutions, offers real-time distribution of payment cards and allows for an easy deployment scenario that does not require changes to the software inside payment terminals.

History

The term "host card emulation" (HCE) was coined in 2012 by Doug Yeager and Ted Fifelski, the founders of SimplyTapp, Inc., describing the ability to open a communication channel between a contactless payments terminal and a remotely hosted secure element containing financial payment card data, allowing financial transactions to be conducted at a point-of-sale terminal. [2] They have implemented this new technology on the Android operating system. At that time, RIM had a similar functionality, calling it "virtual target emulation," which was supposed to be available on the BlackBerry Bold 9900 device through the BB7 operating system. Prior to HCE, card emulation only existed in physical space, meaning that a card could be replicated with multiple-purpose secure element hardware that is typically housed inside the casing of a smart phone. [1]

After the adoption of HCE by Android, Google had hoped that by including HCE in the world's largest mobile operating system (which by that time covered 80% of the market [3] ), it would offer the Android payments ecosystem a chance to grow more rapidly while also allowing Google themselves to deploy their Google Wallet more easily across the mobile network operator ecosystem. However, even with the inclusion of HCE in Android 4.4, the banks still needed the major card networks to support HCE. Four months later, at Mobile World Congress 2014, both Visa and MasterCard made public announcements about supporting the HCE technology. [4] [5]

On December 18, 2014, less than ten months after Visa and MasterCard announced their support for HCE, Royal Bank of Canada (RBC) became the first North American financial institution to launch a commercial implementation of mobile payments using the HCE technology. [6]

As a result of widespread adoption of HCE, some companies offer modified implementations that usually focus on providing additional security for the HCE's communication channel. One such implementation is termed HCE+.

Impact

Some areas the new HCE architecture can support include payments, loyalty programs, card access and transit passes.

Before HCE, NFC has faced adoption issues due to lack of infrastructure (terminals) and the secure element approach preventing organizations with the desire to participate in mobile payments from doing so due to the high up-front capital costs and complex partner relationships.

By supporting HCE in Android 4.4, Google enabled any organization that can benefit from the NFC technology to do so at a relatively low cost. [ citation needed ]

Implementation

Host card emulation enables near field communication (NFC) information transfer between a terminal configured to exchange NFC radio information with an NFC card and a mobile device application configured to act or pretend to emulate the functional responses of an NFC card. HCE requires that the NFC protocol be routed to the main operating system of the mobile device instead of being routed to a local hardware-based secure element (SE) chip configured to respond only as a card, with no other functionality. [7]

Since the release of Android 4.4, Google has implemented HCE within the Android operating system. [1] Google introduced platform support for secure NFC-based transactions through Host Card Emulation (HCE), for payments, loyalty programs, card access, transit passes, and other custom services. [7] With HCE, any app on an Android 4.4 device can emulate an NFC smart card, letting users tap to initiate transactions with an app of their choice. Apps can also use a new Reader Mode so as to act as readers for HCE cards and other NFC-based transactions.

The first known mobile handset to support anything like HCE outside of the Android family was the BlackBerry bold 9900 that was first available in Thailand. released together with BlackBerry 7 OS. [8]

CyanogenMod operating system was the next known mobile device operating system to support HCE [8] through the effort of modifying the NXP NFC stack known as libnfc-nxp, the NFC service manager, and operating system APIs by Doug Yeager. The OS APIs were adapted to include two new tag types that were called ISO_PCDA and ISO_PCDB which are also known terminal or PCD standards. This would imply that you could "read" a tag in the same manner that you could read a terminal.

Microsoft has announced new support for HCE NFC payments in Windows 10. This will allow improved payment integration flows and enable coexistence of HCE with UICC-based secure elements in Windows 10 and Windows 10 Mobile. [9]

Uses

HCE is used to allow transactions between mobile devices and other credential acquiring devices. Those devices may include other mobile devices, contactless point-of-sale terminals, transit turnstiles, or a variety of access control touch pads. For example, Android developers can leverage HCE to create specific payment experiences, such as using HCE to enable a mobile application as a transit card. [10]

Related Research Articles

<span class="mw-page-title-main">Mobile payment</span> Payment services via a mobile device

A mobile payment, also referred to as mobile money, mobile money transfer and mobile wallet, is any of various payment processing services operated under financial regulations and performed from or via a mobile device, as the cardinal class of digital wallet. Instead of paying with cash, cheque, or credit cards, a consumer can use a payment app on a mobile device to pay for a wide range of services and digital or hard goods. Although the concept of using non-coin-based currency systems has a long history, it is only in the 21st century that the technology to support such systems has become widely available.

<span class="mw-page-title-main">Near-field communication</span> Radio communication established between devices by bringing them into proximity

Near-field communication (NFC) is a set of communication protocols that enables communication between two electronic devices over a distance of 4 cm (1.57 in) or less. NFC offers a low-speed connection through a simple setup that can be used to bootstrap more capable wireless connections. Like other "proximity card" technologies, NFC is based on inductive coupling between two so-called antennas present on NFC-enabled devices—for example a smartphone and a printer—communicating in one or both directions, using a frequency of 13.56 MHz in the globally available unlicensed radio frequency ISM band using the ISO/IEC 18000-3 air interface standard at data rates ranging from 106 to 848 kbit/s.

<span class="mw-page-title-main">EZ-Link</span> Contactless smart card used in Singapore

The EZ-Link card is a rechargeable contactless smart card and electronic money system that is primarily used as a payment method for public transport such as bus and rail lines in Singapore. A standard EZ-Link card is a credit-card-sized stored-value contact-less smart-card that comes in a variety of colours, as well as limited edition designs. It is sold by TransitLink Pte Ltd, a subsidiary of the Land Transport Authority (LTA), and can be used on travel modes across Singapore, including the Mass Rapid Transit (MRT), the Light Rail Transit (LRT), public buses which are operated by SBS Transit, SMRT Buses, Tower Transit Singapore and Go-Ahead Singapore, as well as the Sentosa Express.

<span class="mw-page-title-main">MIFARE</span> Brand of smart and proximity cards

MIFARE is a series of integrated circuit (IC) chips used in contactless smart cards and proximity cards.

<span class="mw-page-title-main">Contactless smart card</span> Allowing for contactless payments in credit and debit cards

A contactless smart card is a contactless credential whose dimensions are credit-card size. Its embedded integrated circuits can store data and communicate with a terminal via NFC. Commonplace uses include transit tickets, bank cards and passports.

<span class="mw-page-title-main">NETS (company)</span>

Network for Electronic Transfers, colloquially known as NETS, is a Singaporean electronic payment service provider. Founded in 1985, by a consortium of local banks, it aims to establish the debit network and drive the adoption of electronic payments in Singapore. It is owned by DBS Bank, OCBC Bank and United Overseas Bank (UOB).

<span class="mw-page-title-main">Contactless payment</span> Technology enabling payment without physical contact

Contactless payment systems are credit cards and debit cards, key fobs, smart cards, or other devices, including smartphones and other mobile devices, that use radio-frequency identification (RFID) or near-field communication for making secure payments. The embedded integrated circuit chip and antenna enable consumers to wave their card, fob, or handheld device over a reader at the Point-of-sale terminal. Contactless payments are made in close physical proximity, unlike other types of mobile payments which use broad-area cellular or WiFi networks and do not involve close physical proximity.

<span class="mw-page-title-main">Payment terminal</span> Device for eletronic fund transfers

A payment terminal, also known as a point of sale (POS) terminal, credit card machine, PIN pad, EFTPOS terminal, is a device which interfaces with payment cards to make electronic funds transfers. The terminal typically consists of a secure keypad for entering PIN, a screen, a means of capturing information from payments cards and a network connection to access the payment network for authorization.

JVL Ventures, LLC d/b/a Softcard, was a joint venture between AT&T, T-Mobile and Verizon which produced a mobile payments platform known as Softcard, which used near-field communication (NFC) technology to allow users to pay for items at stores and restaurants with credit and debit card credentials stored on their smartphones. The partnership was first announced on November 16, 2010; following a trial period in 2012, the service officially launched nationwide on November 14, 2013. The official Softcard app was available for NFC-compatible smartphones using the Android operating system and later on Windows Phone 8.1.

CIPURSE is an open security standard for transit fare collection systems. It makes use of smart card technologies and additional security measures.

<span class="mw-page-title-main">Apple Wallet</span> Digital wallet platform by Apple

Apple Wallet, is a digital wallet developed by Apple Inc. and included with iOS and watchOS that allows users to store Wallet passes such as coupons, boarding passes, student ID cards, government ID cards, business credentials, resort passes, car keys, home keys, event tickets, public transportation passes, store cards, and – starting with iOS 8.1 – credit cards, debit cards, and prepaid cards for use via Apple Pay.

Bell Identification B.V., or Bell ID, was a Dutch software company that developed smart token management software, including key management, smart card management, EMV data preparation, and host card emulation-based mobile payments software. Bell ID was acquired by Rambus in 2016 and in 2019, Visa Inc. acquired Bell ID from Rambus.

Payanywhere is a payments platform and app that allows merchants in the United States to accept credit and debit card payments while building customer relationships in-store, online, or on the go. Merchants may accept payments on their smartphone via a Bluetooth card reader or on an in-store “Storefront” solution featuring a tablet and stand, which was introduced on April 8, 2014. PayAnywhere offers credit card readers and apps that are compatible with both Apple and Android devices.

Microsoft Pay was a mobile payment and digital wallet service by Microsoft that allowed users to make payments and store loyalty cards on certain mobile devices, as well on PCs using the Microsoft Edge browser. Microsoft Pay does not require Microsoft Pay-specific contactless payment terminals, and supported existing contactless terminals if used on mobile devices. Similar to Android Pay, Microsoft Pay utilized host card emulation (HCE) for making in-store payments.

Apple Pay is a mobile payment service by Apple Inc. that allows users to make payments in person, in iOS apps, and on the web. It is supported on iPhone, Apple Watch, iPad, and Mac. It digitizes and can replace a credit or debit card chip and PIN transaction at a contactless-capable point-of-sale terminal. It does not require Apple Pay-specific contactless payment terminals; it can work with any merchant that accepts contactless payments. It adds two-factor authentication via Touch ID, Face ID, PIN, or passcode. Devices wirelessly communicate with point of sale systems using near field communication (NFC), with an embedded secure element (eSE) to securely store payment data and perform cryptographic functions, and Apple's Touch ID and Face ID for biometric authentication.

<span class="mw-page-title-main">Samsung Pay</span> Mobile payment and digital wallet service

Samsung Pay is a mobile payment and digital wallet service by Samsung Electronics that lets users make payments using compatible phones and other Samsung-produced devices. The service supports contactless payments using near-field communications (NFC), but also supports magnetic strip-only payment terminals by incorporating magnetic secure transmission (MST) in devices released before 2021. In India, it also supports bill payments.

<span class="mw-page-title-main">LG Pay</span> Mobile payment service

LG Pay was a mobile payment and digital wallet service by LG Electronics that let users make payments using compatible phones. The service supported contactless payments using near-field communications (NFC), but also incorporated wireless magnetic communication that allowed contactless payments to be used on payment terminals that only supported magnetic stripe transactions.

<span class="mw-page-title-main">Google Pay (payment method)</span> Mobile payments platform developed by Google

Google Pay is a mobile payment service developed by Google to power in-app, online, and in-person contactless purchases on mobile devices, enabling users to make payments with Android phones, tablets, or watches. Users can authenticate via a PIN, passcode, or biometrics such as 3D face scanning or fingerprint recognition.

Square is a financial services platform developed by Block, Inc. It is aimed at small-and medium-size businesses, allowing them to accept credit card payments and use phones or tablets as payment registers for a point-of-sale system.

Google Wallet is a digital wallet platform developed by Google. It is available for the Android, Wear OS, and Fitbit OS operating systems, and was announced on May 11, 2022, at the 2022 Google I/O keynote. It began rolling out on Android smartphones on July 18 while co-existing with the 2020 Google Pay app.

References

  1. 1 2 3 "Host-based Card Emulation". developer.android.com. Retrieved March 1, 2015.
  2. "SimplyTapp Proposes Secure Elements in the Cloud".
  3. "IDC: Smartphone OS Market Share". www.idc.com. Retrieved 2015-06-02.
  4. "Visa Inc" . Retrieved 2 October 2014.
  5. "MasterCard to Use Host Card Emulation (HCE) for NFC-Based Mobile Payments". MasterCard Social Newsroom. Archived from the original on 6 October 2014. Retrieved 2 October 2014.
  6. "RBC First bank in North America with Host Card Emulation" . Retrieved 18 December 2014.
  7. 1 2 "Android KitKat". Android Developers. Google. Retrieved 2 February 2014.
  8. 1 2 Clark, Sarah. "SimplyTapp proposes secure elements in the cloud". NFC World. Retrieved 2 February 2014.
  9. "Windows 10 for mobile gets HCE". nfcworld.com. Retrieved 25 March 2015.
  10. "[HOW-TO][CHICAGO] Ventra using SimplyTapp". XDA Developers.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.