New technology to open up nfc market, but may be thorn in telcos' side
Many agree that NFC technology is yet to realize its full potential in the consumer marketplace, but a new piece of Android software could turn the tide and make way for a renewed NFC landscape. The forthcoming Android 4.4 operating system, more commonly referred to as KitKat, will push to Android devices everywhere complete with a technology known as host-card emulation.
Host-card emulation is an alternative to standard NFC card emulation – a technology that already exists within a number of NFC-enabled Android devices. NFC emulation leverages a separate chip in the device itself called the secure element. Commonly, these secure elements come in the form of SIM cards provided by wireless carriers, or telcos.
When NFC card emulation is conducted, the emulated card is provisioned into the secure element on the device via an Android application. When the user holds their device over an NFC terminal, the NFC controller in the device then routes all data from the reader directly to the secure element.
With host-card emulation, however, this premise is taken a step further using a new method that does not involve a secure element at all. Instead, it enables an Android app to emulate a card and talk directly to the NFC reader, circumventing the traditional secure element altogether.
“It is a technology built into a device’s operating system that enables a mobile device to emulate a payment or other card, allowing users to make NFC mobile payments and other proximity transactions,” explains Martin Cox, global head of Sales at Bell ID.
Host-card emulation essentially creates a virtual smart card, represented in software form and hosts it in the cloud. It’s a technology that could greatly affect the structure and delivery of NFC services.
Host-card emulation and contactless payments
The predominant initial use of host-card emulation will almost certainly be in the payments sector. The adoption of mobile wallets has been sluggish, but Google’s decision to include host-card emulation is expected to shake things up.
“Placing the payment credentials in a remote environment and communicating via the cloud, rather than in an secure element inside the mobile device, offers more control and direct access to application issuers, as well as eases the launch of NFC based mobile services,” explains Cox. “With ‘pure cloud’ solutions, the device does not require a physical secure element, as the payment applications are provisioned into a remote secure element and accessed by the device during the transaction.”
Host-card emulation mimics cards based on key ISO and NFC Forum specifications. This is important for the future of mobile payments security, as these specifications are already being used and are a verified standard for a potential EMVCo and NFC payment infrastructure. This is good news for Google because host-card emulation services would still comply, in theory, with existing security and technology standards.
This is why insiders suggest Google’s support for host-card emulation makes sense, particularly in the wake of Google Wallet and Isis coming to market. By circumventing a device’s secure element – which in many cases resides within the telco-issued SIM card – Google can enable customers of any mobile carrier to use Google Wallet even if the customer’s service provider is one of the three telcos driving Isis – Verizon, AT&T or T-Mobile. Sprint is the lone holdout of the Big four telcos that has openly supported Google Wallet.
In a nutshell, by leveraging a cloud-based secure element environment, telcos no longer play a central role in NFC payments; placing their desired, intermediary role in the mobile payments sector in jeopardy. There are still kinks that need to be worked out both in the technology and its security, but Android’s dominant smart phone market share has cast doubt on mobile network operator’s future in the NFC mobile payments process.