For both merchants and consumers alike, cash payments are becoming obsolete as tech companies develop and refine digital payment solutions. New cashless solutions ensure contactless, expedient and convenient in-store checkout. These contactless payments are made possible by a technology called Host Card Emulation (HCE)—in which no physical payment card is necessary at checkout.
How Host Card Emulation (HCE) Technology Works
Host Card Emulation (HCE) permits devices to essentially mimic a physical card for consumer purchases, identification, ticket scanning, etc. During the digital payment workflow, the HCE communicates via near field communication (NFC). Essentially, this is how a consumer’s digital wallet in their mobile device sends account information to a contactless smart-card terminal at check-out.
As an example, the data that is received from a point of sale (POS) terminal is transmitted between a smartphone or Android NFC controller and a physical secure element (SE) embedded in a device. SE is known as secure and tamper-resistant hardware for hosting apps and encrypted data. You’ve likely heard of removable universal integrated circuit cards (UICCs) or microSD cards. These cards may be embedded into devices or accessed via cloud. The more recent cloud environment has shown to improve on the complexities of a physical SE solution. The benefits cross both the merchant platform and consumer experiences in terms of HCE mobile payments.
HCE Challenges for Issuers to Overcome
Even with the extensive benefits of contactless HCE technology, there are challenges for issuers to offer nationwide consistency and security.
As is expected with advancing technology, user experience and security are always main challenges. Merchants, banks, and other issuers must offer proactive solutions to meet customer needs, stay in line with privacy regulations, and ensure consistency across experiences.
At the same time, security concerns must be identified and addressed even though vulnerabilities are inherently minimized with HCE technology. (Since it is not necessary for the payment card or account number to be present by nature reduces the risk surface.)
It is still necessary to protect digital wallets, payment hardware and software to ensure that all sensitive data is secure. Security methods to safeguard HCE and payment technology include code obfuscation, anti-tamper/code integrity, rooting detection, white-box cryptography, payment tokenization, and others.
Security is ultimately the most important challenge with HCE as consumers build confidence in systems that directly impact their assets. A serious data breach can lead to irreparable brand damage that companies can’t afford to withstand.
HCE Expectations for the Future
Mobile device tap-to-pay alternatives are expected to increase to $14 trillion by the year 2022. As issuers prepare to compete by implementing HCE, they recognize some side benefits in that the technology also allows the business to identify specific needs by cardholders. Not only that, businesses also acquire valuable customer data that is used for product and service forecasting. With the reliance on Host Card Emulation (HCE) to enable mimicking of a smartcard on a smartphone or Android NFC device via software—in which transaction data and card credentials are stored in a cloud -based environment for HCE mobile payments—issuers gain productivity for the future and consumers engage in ultimate user experiences.
