The ABCs Of HCE

Mobile devices that act as payments cards, room keys, transit cards, events passes and building access badges – these are all things that HCE can make possible, safely and securely. Yet, a number of misperceptions about HCE exist in regard to whether it’s secure, whether the merchant needs to buy new POS equipment, and whether it will support gift and private label cards. SimplyTapp attacks these myths, head-on, in a new white paper.

Mobile devices that act as payments cards, room keys, transit cards, event passes and building access badges – these are all things that HCE can make possible, safely and securely. Yet, a number of misperceptions about HCE exist in regard to whether it’s secure, whether the merchant needs to buy new POS equipment, and whether it will support gift and private label cards.

SimplyTapp looks to address the myths surrounding host card emulation (HCE) technology in its latest white paper, “The ABCs of HCE.” According to SimplyTapp, HCE bridges the gap between a card issuer and its customers by enabling mobile payments both in-app and at the point-of-sale.

By eliminating the need for banks to prepare smartphones for mobile payments by downloading payment card information into the Secure Element of the phone, HCE allows for the development of mobile apps that actually act as smart cards for secure tap-and-go payments and other real-world transactions.

Allowing mobile devices to serve as proxies for payment cards, transit cards, event passes or even room keys makes HCE a practical solution, but there are those that still see it and other cloud-based payment solutions as less safe than passing sensitive data through a device’s Secure Element, or the tamper-resistant platform that can host applications and sensitive data.

But as SimplyTapp’s white paper states, HCE actually maintains a direct integration within a bank’s secure cloud environment and transaction flow, providing the ability to offer device biometrics, issuance of limited use keys, provisioning of transaction tokens, and support for real-time threat assessment.

Another common misunderstanding when it comes to the use of HCE technology is that enabling it will require merchants to purchase new equipment at the POS.

Today, many POS terminals already have the ability to accept contactless payments, and because HCE allows an Android phone’s NFC controller to work exactly as a contactless card would, there often is no need for new POS equipment when enabling HCE-based mobile payments.

While there are many implications for HCE-based mobile payments in retail, the use cases for its approach to contactless real-world transactions span across a variety of industries, including transit, ticketing and hospitality.

Not only can HCE support gift cards and private-label cards for retailers, but it can also provide travelers and commuters with an improved consumer experience through the ability to move transit cards to smartphones for mobile, contactless payments, and even the ability to upgrade seats or pay for checked luggage all from their mobile devices, SimplyTapp said.

In some ways, HCE may seem too good to be true or too complicated to implement, but, as SimplyTapp explained, HCE is designed to take the burden away from card networks by giving card issuers and merchants more flexibility.

From utilizing tokenization, to safeguarding customer data via secure tokens, to offering merchants the same lower interchange fees as they would have for card-present transactions, HCE aims to make mobile payments more accessible for card issuers while ensuring a customizable and contactless experience for users.

As the mobile payments market continues to grow, fueled by factors such as the proliferation of NFC-enabled devices and new opportunities presented through cloud-based payments, SimplyTapp considers HCE to be a “tunnel” through which banking apps can more easily leverage the NFC connection between mobile devices and the merchant’s POS.

HCE has the potential to play a significant role in the predicted growth spurt mobile payment usage could see over the coming years by eliminating the liability of data protection and the operational risks many mobile carriers and retailers currently face, leaving the responsibility of issuing and securing credentials to the domain of the financial institutions.

To learn more about HCE, download SimplyTapp’s whitepaper below. 

Download_Here