Click here to close now.




















Welcome!

News Feed Item

Consult Hyperion and the GSMA Publish Report Contrasting HCE and SIM Secure Element Approaches to NFC Payments

Digital payments experts Consult Hyperion, in conjunction with the GSMA, today published a guide to help banks and mobile operators understand the Host Card Emulation (HCE) and SIM Secure Element approaches for NFC payments. The guide, “HCE and SIM Secure Element: It’s not Black and White”, follows the recent introduction of HCE into Android 4.4 (KitKat) and concludes that the SIM Secure Element and HCE approaches to NFC payments each offer important benefits for financial institutions. Further, they should not be viewed as mutually exclusive and a combination of the approaches may be appropriate for differing applications and markets.

“This paper provides a balanced analysis for financial institutions of HCE as an alternative proposition for NFC payments, alongside the existing SIM approach,” said Alex Sinclair, Chief Technology Officer, GSMA. “The recent inclusion of HCE into Android opens up the possibility of performing NFC payments without using a SIM Secure Element and HCE could also potentially remove complexity associated with SIM-based NFC payments. At the same time, SIM-based NFC offers a proven secure solution that is being commercially deployed today. The challenge for the mobile operator community is to simplify the provisioning process, further accelerating deployments of SIM-based NFC on a global basis.”

“MasterCard has been technology agnostic, enabling mobile payments in a way that allows current card accounts to be used seamlessly and securely from consumers’ favorite electronic devices,” said James Anderson, senior vice president of emerging payments, MasterCard. “We have deployed SIM and Secure Element-based solutions through partnerships with mobile network operators, OS providers and handset manufacturers, while recently adding support for cloud-based payments. This paper will help both the mobile and payments industries understand the strengths of each approach and allow them to choose the options that align with their business strategies.”

Report co-author Steve Pannifer, Head of Delivery at Consult Hyperion said: “The inclusion of HCE into Android has generated a lot of excitement that can only be good for NFC payments. This, combined with the efforts to streamline SIM Secure Element based NFC evident in many markets, will enable NFC payment products to be rolled out with renewed vigour. We hope that this paper will encourage banks and mobile operators to collaborate further in bringing NFC payments to the market. We believe the mobile operators have an important role to play, particularly in providing mobile security and authentication services that are paramount in any payments service.”

The guide shows that whilst HCE does indeed simplify some aspects of the NFC ecosystem by allowing mobile NFC payments to be performed without using a SIM Secure Element, this is only part of the landscape. HCE requires a new approach to security in terms of ecosystem integration, risk management and certification processes. In contrast, SIM Secure Element processes are well defined and mobile operators are actively working with the ecosystem to simplify them further.

The report examines the heritage of SIM-based NFC, the lessons learnt from the first deployments and the actions that have been taken to allow service providers to deploy secure, stable and proven mobile payment services at scale. The guide finds that whilst there is significant interest around HCE, the SIM Secure Element approach for mobile payments still has many complimentary advantages and it will be down to the banks to carefully review their needs in each of their operating markets.

“Both the People’s Bank of China (PBOC) and China UnionPay have released mobile payment specifications, which require a Secure Element to support NFC mobile payments, in order to provide a secure and reliable payment service. China UnionPay has worked very closely with Chinese operators on large-scale commercial NFC services based on the SIM as Secure Element. In conjunction, China UnionPay is working actively on a feasibility study of new technologies including HCE,” said Jiang Haijian, Deputy General Manager, Mobile Payment Dept., China UnionPay.

Consult Hyperion suggests that there are a number of key points for banks to consider as they plan mobile NFC payments:

  • Understand your local environment: The local conditions will play a big role in determining the best approach
  • Understand your target transactions: It is possible that HCE will be less suited to certain transaction types (e.g. offline, high value) than SIM Secure Element.
  • SIM Secure Element and HCE are not mutually exclusive: The most effective solutions over the medium term may be hybrid models where, for example, the SIM is used to address the security and authentication gaps in HCE.
  • Build flexibility into your strategy: There is likely to be considerable overlap between SIM Secure Element and HCE in terms of the systems and capabilities that are required
  • Collaborate with the industry: Until there is a level of standardisation around HCE, there remains the risk that banks could adopt solutions that are insufficiently flexible or lock the banks in.

David Baker, Head of the Card Innovation Payments Unit at the UK Card Association notes: “While Host Card Emulation has been hailed as a potential game changer for card-based NFC proximity payments, this report gives valuable advice and guidance on the issues the industry must address -- and highlights the real need for collaboration between ecosystem partners to ensure greater adoption of mobile payment services.”

The full report can be seen here

Note to Editors:

HCE is a recent feature of Android that allows an Android application to emulate a contactless card via the NFC interface of the handset; previously, this was reserved to applications stored in a secure chip or Secure Element, typically the SIM card, with similar security features as chip-and-PIN plastic cards. HCE opens the way to payment applications without a secure element, but such applications need to reach a satisfactory level of security. In order to achieve this, card schemes are developing a “tokenisation” approach, whereby the payment card identifier is replaced by a single use or limited use “token”. This reduces the impact of data breaches significantly: if a “token” is compromised it will have limited and possibly no value.

The guide was commissioned by the GSMA, 5 New Street Square, London, EC4A 3BF, United Kingdom. Any opinions, findings, and conclusions or recommendations expressed in the material are those of the author(s) and do not necessarily reflect those of the GSMA or its members.

About Consult Hyperion

Consult Hyperion is an independent information technology consultancy that has spent over two decades advising leading organisations around the world. Consult Hyperion helps these organisations to reap real benefits from technological change in the field of secure electronic transactions ranging from retail payments to mobile wallets to contactless transit ticketing. Consult Hyperion is uniquely qualified to advise on turning great business ideas into working systems that can help customers, and to evaluate new business concepts, develop new products and services from specification to customer roll-out, and to test and certify complex systems.

The four main sectors the company operates in are; financial services, with card schemes, banks, retailers and others; telecommunications and media, advising world leading companies; technology, to support some of the largest IT companies, and in the public sector and transit where projects include transit operators, government and law enforcement.

For more information visit Consult Hyperion, follow on Twitter @chyppings and keep up to date with the latest debate at Tomorrow’s Transactions Blog.

About the GSMA

The GSMA represents the interests of mobile operators worldwide. Spanning more than 220 countries, the GSMA unites nearly 800 of the world’s mobile operators with more than 250 companies in the broader mobile ecosystem, including handset makers, software companies, equipment providers and Internet companies, as well as organisations in industry sectors such as financial services, healthcare, media, transport and utilities. The GSMA also produces industry-leading events such as the Mobile World Congress and Mobile Asia Expo.

For more information, please visit the GSMA corporate website at www.gsma.com. Follow the GSMA on Twitter: @GSMA.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
Container technology is sending shock waves through the world of cloud computing. Heralded as the 'next big thing,' containers provide software owners a consistent way to package their software and dependencies while infrastructure operators benefit from a standard way to deploy and run them. Containers present new challenges for tracking usage due to their dynamic nature. They can also be deployed to bare metal, virtual machines and various cloud platforms. How do software owners track the usag...
Explosive growth in connected devices. Enormous amounts of data for collection and analysis. Critical use of data for split-second decision making and actionable information. All three are factors in making the Internet of Things a reality. Yet, any one factor would have an IT organization pondering its infrastructure strategy. How should your organization enhance its IT framework to enable an Internet of Things implementation? In his session at @ThingsExpo, James Kirkland, Red Hat's Chief Arch...
For IoT to grow as quickly as analyst firms’ project, a lot is going to fall on developers to quickly bring applications to market. But the lack of a standard development platform threatens to slow growth and make application development more time consuming and costly, much like we’ve seen in the mobile space. In his session at @ThingsExpo, Mike Weiner, Product Manager of the Omega DevCloud with KORE Telematics Inc., discussed the evolving requirements for developers as IoT matures and conducte...
Providing the needed data for application development and testing is a huge headache for most organizations. The problems are often the same across companies - speed, quality, cost, and control. Provisioning data can take days or weeks, every time a refresh is required. Using dummy data leads to quality problems. Creating physical copies of large data sets and sending them to distributed teams of developers eats up expensive storage and bandwidth resources. And, all of these copies proliferating...
Malicious agents are moving faster than the speed of business. Even more worrisome, most companies are relying on legacy approaches to security that are no longer capable of meeting current threats. In the modern cloud, threat diversity is rapidly expanding, necessitating more sophisticated security protocols than those used in the past or in desktop environments. Yet companies are falling for cloud security myths that were truths at one time but have evolved out of existence.
Digital Transformation is the ultimate goal of cloud computing and related initiatives. The phrase is certainly not a precise one, and as subject to hand-waving and distortion as any high-falutin' terminology in the world of information technology. Yet it is an excellent choice of words to describe what enterprise IT—and by extension, organizations in general—should be working to achieve. Digital Transformation means: handling all the data types being found and created in the organizat...
Public Cloud IaaS started its life in the developer and startup communities and has grown rapidly to a $20B+ industry, but it still pales in comparison to how much is spent worldwide on IT: $3.6 trillion. In fact, there are 8.6 million data centers worldwide, the reality is many small and medium sized business have server closets and colocation footprints filled with servers and storage gear. While on-premise environment virtualization may have peaked at 75%, the Public Cloud has lagged in adop...
SYS-CON Events announced today that HPM Networks will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. For 20 years, HPM Networks has been integrating technology solutions that solve complex business challenges. HPM Networks has designed solutions for both SMB and enterprise customers throughout the San Francisco Bay Area.
The time is ripe for high speed resilient software defined storage solutions with unlimited scalability. ISS has been working with the leading open source projects and developed a commercial high performance solution that is able to grow forever without performance limitations. In his session at Cloud Expo, Alex Gorbachev, President of Intelligent Systems Services Inc., shared foundation principles of Ceph architecture, as well as the design to deliver this storage to traditional SAN storage co...
The Software Defined Data Center (SDDC), which enables organizations to seamlessly run in a hybrid cloud model (public + private cloud), is here to stay. IDC estimates that the software-defined networking market will be valued at $3.7 billion by 2016. Security is a key component and benefit of the SDDC, and offers an opportunity to build security 'from the ground up' and weave it into the environment from day one. In his session at 16th Cloud Expo, Reuven Harrison, CTO and Co-Founder of Tufin,...
MuleSoft has announced the findings of its 2015 Connectivity Benchmark Report on the adoption and business impact of APIs. The findings suggest traditional businesses are quickly evolving into "composable enterprises" built out of hundreds of connected software services, applications and devices. Most are embracing the Internet of Things (IoT) and microservices technologies like Docker. A majority are integrating wearables, like smart watches, and more than half plan to generate revenue with ...
The Cloud industry has moved from being more than just being able to provide infrastructure and management services on the Cloud. Enter a new era of Cloud computing where monetization’s services through the Cloud are an essential piece of strategy to feed your organizations bottom-line, your revenue and Profitability. In their session at 16th Cloud Expo, Ermanno Bonifazi, CEO & Founder of Solgenia, and Ian Khan, Global Strategic Positioning & Brand Manager at Solgenia, discussed how to easily o...
The Internet of Everything (IoE) brings together people, process, data and things to make networked connections more relevant and valuable than ever before – transforming information into knowledge and knowledge into wisdom. IoE creates new capabilities, richer experiences, and unprecedented opportunities to improve business and government operations, decision making and mission support capabilities.
In their session at 17th Cloud Expo, Hal Schwartz, CEO of Secure Infrastructure & Services (SIAS), and Chuck Paolillo, CTO of Secure Infrastructure & Services (SIAS), provide a study of cloud adoption trends and the power and flexibility of IBM Power and Pureflex cloud solutions. In his role as CEO of Secure Infrastructure & Services (SIAS), Hal Schwartz provides leadership and direction for the company.
Rapid innovation, changing business landscapes, and new IT demands force businesses to make changes quickly. The DevOps approach is a way to increase business agility through collaboration, communication, and integration across different teams in the IT organization. In his session at DevOps Summit, Chris Van Tuin, Chief Technologist for the Western US at Red Hat, will discuss: The acceleration of application delivery for the business with DevOps