NFC Times Special Report, Part Two:
Interest continues to run high in host-card emulation since Google announced it would support the technology in its new version of Android, but with few if any public pilots of open-loop payment and no waivers or certifications yet granted by the major payment schemes, the technology has some maturing to do.
Spanish bank Bankinter said it expected results of a “risk assessment” of its host-card emulation product as early as this week, and believes it will lead to a waiver for the technology from Visa Europe, a step on the path to certification.
The mid-tier Spanish bank, one of the first companies to announce a product supporting host-card emulation, early this year, developed for it by vendors and working with Visa, hopes to launch a public pilot in the first part of 2014. The software-based payments system, which it calls Mobile Virtual Card, is designed to enable banks to roll out EMV payment cards on NFC phones without the need for NFC SIMs or other secure elements.
“We are making risk assessment with a tier-one laboratory; what the market needs is professional, neutral risk assessment,” Alberto Pérez Lafuente, director of innovation strategy and management for Bankinter told NFC Times. “We are ready; this is working. The only thing we need is a waiver.”
Most expect Visa and such other major payment schemes as MasterCard Worldwide and American Express to grant waivers, where necessary, and to participate in trials themselves. And according to Tim Danford, a partner with Lightspeed Venture Partners, which led a recently announced series A funding round for another HCE technology supplier, U.S.-based SimplyTapp, the major payments schemes are now working on specifications.
Such large issuers as Royal Bank of Canada has been planning a launch, and NFC Times has learned that Capital One in the U.S. and Barclays in the UK, are or were working with the technology. But Capital One is believed to have pulled back, having doubts about the maturity of HCE.
Closed-loop payments services are also a prime target, and the large Tim Hortons coffee and fast-food chain in Canada this week launched what is believed to be the first full commercial service using HCE–on BlackBerry phones, not Android. BlackBerry has supported its own version of host-card emulation in NFC phones since 2011.
Closed-loop payment applications don’t require as much security as EMV, however.
That is in addition to the current implementation of Google Wallet on Google's Nexus 5 smartphone in the U.S., which does not have a secure element and technically can be used for a PayPass transaction using the host-card emulation feature in Android 4.4, dubbed KitKat, say users.
There is much room for a reality check. To be sure, there is ample hype with HCE to go along with the promise.
Though the Royal Bank of Canada says it is conducting a “road test” of the technology, trialing of HCE-based services, especially for open-loop payment, has yet to begin in any meaningful way. And the bank had originally planned to roll out this year.
Capital One, which last September declined to continue with the Isis Mobile Wallet project, at least for now, is believed to be taking a wait-and-see approach to how HCE technology develops.
And while it’s not necessary for banks to get waivers from the payment networks for trials involving the brands, before the schemes grant waivers, let alone certifications, they will first need to answer both the security and phone network coverage issues that HCE raises.
In addition, at least in its present form, HCE can’t be used with Mifare applications, which by sheer numbers of cards and terminals is the most popular contactless-payments technology worldwide.
Smart card vendors and TSMs, which have much to lose if HCE takes off, are believed to be working on their own HCE products. And early HCE technology suppliers are playing the HCE buzz for all it’s worth.
For example, SimplyTapp, in its announcement late last month of its first formal funding round, claimed to have “created” HCE with its patch for the aftermarket CyanogenMod operating system, which was later adopted by Google with some changes. SimplyTapp has acknowledged in the past that BlackBerry was first. CEO Doug Yeager told NFC Times that the release was referring to his company being first with technology called host-card emulation, a term he said BlackBerry apparently doesn’t use.
But BlackBerry told NFC Times that while they referred to it as virtual-card emulation in documents, they called it host-card emulation before Android did.
Words: 3,900
Graphics: Tug-of-War Over Host-Card Emulation–illustration
Among Topics Covered:
•Risk Assessment for Bankinter Mobile Virtual Card HCE System
•Interest from banks in HCE
•Challenges facing HCE
•American Express’ view of HCE
•View by TSMs and smart card vendors
•American Express approach to Isis Mobile Wallet and reasons for participating in nationwide launch.
•Description of Bankinter/Seglan’s Mobile Virtual Card system
Sources Quoted:
•Alberto Pérez Lafuente, director of innovation strategy and management, Bankinter
•Charlie Craven, VP for global new product development, American Express
•Tim Danford, partner, Lightspeed Venture Partners
•Olivier Piou, CEO, Gemalto
•Philippe d’Andréa, EVP, Morpho
•Thian Yee Chua, SVP, convergence services, Morpho
•Arnaud de La Chapelle, former managing director, solutions business, Oberthur Technologies
•Miguel Braojos, VP for southern Europe for SafeNet
•Imanol Garcia, CEO of Seglan.
•Doug Yeager, CEO, SimplyTapp
Among companies and organizations mentioned:
Bankinter
American Express
Royal Bank of Canada
Capital One
Tim Hortons
Visa Europe
MasterCard Worldwide
Google
SimplyTapp
Bell ID
Seglan
SafeNet
Isis
BlackBerry
This is premium content from NFC Times.