Mobile Commerce Insider Featured Article

December 01, 2014

It's a Win-Win For Contactless Mobile

By TMCnet Special Guest
Ian Hermon, Product Marketing Manager, Thales e-Security

Everybody likes to see a contest of strength, or a battle of wits. Who will triumph? Who will walk away humiliated? It’s a great way to draw a crowd. Along these lines, Host Card Emulation (HCE) is being held up against the Secure Element method to securing mobile payments. Which will win widespread adoption, and which will become yesterday’s news?

Yes, pitting these two options against each other is an easy way to make compelling headlines, but the truth is that both methods will need to be embraced and developed in order to meet the varied needs of merchants, banks and consumers. In a desire to stimulate conversation around the two models, the similarities are often overlooked. Both still require a wave or tap from the consumer, and no change is required to the merc

hant’s contactless acceptance capability. The real difference between the two lies in the backend security and risk management infrastructure, controlled by the banks.

In line with the “old guard” establishment, the Secure Element (SE) model uses a chip card inside the phone to secure keys and sensitive data throughout their lifetime. In much the same way as a hardware security module (HSM), the chip is tamper-resistant, ensuring no attacker can steal critical credentials.

Host Cared Emulation (HCE) focuses instead on the inherent vulnerabilities of the mobile phone. This approach represents a different way of thinking, shunning a “create and keep” methodology and opting to deliver secure temporary credentials to the phone, for use within a limited time span. This alternative type of security is supported by backend analysis of behavioral and contextual data to help detect any potential fraud.

In the quest for “zero effort payment,” the above approach has significant implications when it comes to streamlining the consumer experience and minimizing friction. Increased use of contextual data allows for more flexible risk-based authentication of transactions.

HCE and SE are alike not only in terms of user experience; both sanction NFC (near field communication) and EMV (Eur

opay, MasterCard and Visa) proven technologies and are increasingly making use of tokenization – the latest technology for which the industry is striving for standardization.

This past summer, Visa and Mastercard released their specs for HCE, and Amex did so very recently as well as part of its expansion to more third-party institutions.

The general sentiment within the industry only a year ago was that mobile payments were not doing well. However, with the

 endorsement of major card issuers, the ease and increased security of contactless mobile may be just what consumers need to adopt this option.

Edited by Stefania Viscusi

Comments powered by Disqus

Related Mobile Commerce Insider Articles