Both companies have announced (independently but at the same time) that they will adopt HCE for cloud based payments utilising Host card Emulation for NFC mobile payments. An open architecture, HCE enables payments and other NFC services – including loyalty programs, building access and transit passes – to be delivered without the use of a secure element (SE). HCE is supported in theAndroid OS KitKat 4.4, which began shipping in November 2013 and continues to roll out on popular smart devices.
MasterCard will publish a specification that leverages Host Card Emulation (HCE) for secure near field communication (NFC) payment transactions. The approach will enable consumers to easily use their MasterCard-branded cards on their NFC-enabled phones to make contactless payments. Today, there are two million contactless-enabled merchant locations in 63 countries around the world. The specification, developed over the past year with Capital One and Banco Sabadell, marks a significant industry milestone that, in addition to MasterCard’s longstanding support for embedded and SIM-based SE implementations, will drive greatly expanded availability of mobile contactless payments for consumers. “Consumers are now shopping and paying in whatever way best fits their needs and lifestyles – and from every device they own. To meet their expectations for convenience, we need to accelerate the availability of services in the market. The use of HCE provides a very attractive way forward to launch an increased number of NFC-based offerings,” said James Anderson, Group Head, Emerging Payments at MasterCard. “We continue to set standards and deliver solutions to our partners and customers that deliver great experiences for safe and secure digital payments.”
As a critical part of the specification development process, MasterCard worked with Capital One on the initial pilot and with Banco Sabadell on a European pilot. The pilots have helped inform MasterCard’s direction, and the learnings will pave the way for additional deployments planned in 2014 with other financial institutions around the world. “For Capital One, the pilot was about exploring new ways to commercially deploy an NFC-based offering and securely store credentials. We’ve enjoyed a longstanding partnership with MasterCard, and we continue to work together to deliver innovative solutions for our bank customers,” said Jack Forestell, Executive Vice President, Digital, Capital One.
MasterCard’s approach combines custom software on the mobile device with highly secure cloud-based processing. This greatly simplifies and speeds the deployment process of NFC-based mobile offerings to consumers by card-issuing financial institutions. MasterCard plans to publish its secure remote payment specifications during the first half of 2014.
Not to be overshadowed by MasterCard, Visa also announced it is offering clients new options to securely deploy mobile payment programs, including Visa payWave-enabled accounts in a secure, virtual cloud. “Our clients and partners around the globe are continuously looking for flexible, cost efficient and secure ways to enable mobile payments,” said Elizabeth Buse, Executive Vice President, Global Solutions, Visa Inc. “The Android HCE feature provides us with a platform to evolve the Visa payWave standard, support the development of secure, cloud-based mobile applications, while at the same time offer greater choice to our clients.”
According to data released by International Data Corporation in February 2014, 78 percent of smartphones sold in Q4 2013 run on the Android operating system, and Android is enjoying strong gains in markets outside the U.S., including in China and Latin America. Android also recently became the fastest platform to reach one billion users worldwide. “The Android community continues to build innovative ways to improve the lives of mobile users. We introduced HCE to make it easier for developers to create NFC applications like mobile payments, loyalty programs, transit passes, and other custom services,” said Benjamin Poiesz, Google Android Product Manager. “Visa’s move to enable NFC payments with Android devices is welcome news and will guide the way for the payments industry.”
In addition to supporting clients who are hosting the Visa account data on secure elements in smartphones, Visa is extending the Visa Ready Program to also support financial institutions and partners who wish to securely deploy Visa accounts in the cloud. The program provides new standards, tools, services and implementation guidelines, and ensures that cloud-based applications with Visa payment functionality are compatible with Visa’s requirements and payment industry security standards.
Ensuring payment security, say Visa, is one of their highest priorities and security in cloud-based payments is no exception. Visa intend to deploy several layers of security to protect payment accounts in the cloud, including at the Visa network, application and hardware levels. One-time use data, real-time transaction analysis, payment tokens and device fingerprinting technology make up a multi-layered defense against unauthorized account access.