By John Stewart
n
A less costly, software-based way to handle mobile transactions using near-field communication (NFC) technology is expected to begin fueling NFC payments later this year following the release of specifications from both MasterCard Inc. and Visa Inc.
n
MasterCard plans to issue its specifications for the method, known as host card emulation (HCE), by the end of June. Visa announced in February it is supporting its contactless technology, payWave, for mobile payments using HCE.
n
Support from the two major international card networks comes as demand for HCE-based mobile payments programs is apparently heating up. “We know there’s a lot of demand out there,” James Anderson, senior vice president for mobile at MasterCard, tells Digital Transactions News. “We see a lot of programs people are getting ready to ramp up.”
n
HCE is a long-recognized part of the NFC specifications, but it remained relatively obscure until last fall, when Google Inc. incorporated support for it into its new Android operating system for mobile phones, Android 4.4, also known as KitKat. HCE allows companies offering mobile payment and loyalty services to provision user credentials from a remote server rather than store them on the so-called secure element in the user’s phone. The secure element, so-called because it is a chip that locks down information stored in it, is often the SIM card installed by the mobile operator, allowing the carriers to levy rental fees on card issuers and otherwise control access to users’ mobile devices.
n
Indeed, Google itself had seen adoption for its original Google Wallet service, which relies on NFC, suffer at least in part because of a refusal by major mobile carriers to grant it access.
n
With HCE, however, banks and other providers can bypass the phone-based secure element and run NFC programs from a cloud configuration. With more and more phones using KitKat, and with Visa and MasterCard embracing HCE, “What we’re seeing is quite a lot of enthusiasm for enabling transactions from mobile devices,” says Anderson. “Now [providers] see a way forward.”
n
HCE not only frees providers from dependence on the phone’s secure element, it also lowers costs by removing the need to pay fees for access to the phone. Now experts say services and specifications from Visa and MasterCard, especially with respect to technology for masking primary account numbers, will be especially critical for HCE versions of NFC to proliferate. “We will offer tools and services that will be enablers, that will make it easier to deploy cloud-based services,” says Brad Greene, vice president of digital for developed markets at Visa, though he says Visa hasn’t yet set a date for releasing these tools.
n
With the new specs from the card networks, “now you have a choice, the economics are different,” says Cherian Abraham, mobile commerce and payments lead at Experian Global Consulting. “These allow any issuer to leverage [HCE], whether you are a retailer or a bank. Now they can pretty much do this on their own.” Indeed, phone-based NFC was proving to be a roadblock for many issuers, Anderson says. “Banks were telling us they couldn’t get behind deals” that required fees for access to the secure element, he says.
n
To bolster security, both networks’ HCE specs require tokenization, a method of generating one-time replacement values for card account numbers before the credential is delivered to the terminal. If stolen, these tokens would be useless to thieves because they are randomly generated.
n
Tokenization is gaining momentum as a security tool in the wake of recent data breaches at a slew of retailers, including Target Corp. EMVCo, a standards body controlled by the card networks, last month issued specifications for tokens. Similarly, The Clearing House, a processor controlled by major banks, is developing technology for tokenization for card payments and may add standards for similarly masking automated clearing house data.