Why HCE Is Causing A Revolution In Mobile Payment Security

By Simon Keates, Mobile Payment Security Expert, Thales e-Security

Consumers remain concerned and confused about mobile payments, creating a barrier to large-scale adoption of the technology. They can hardly be blamed, as security breaches compromising financial, as well as other highly sensitive information, make headlines on a weekly basis. Without confidence in the technology’s ability to protect sensitive data, mobile payments will not experience widespread adoption.

When considering the security of customer payment credentials, host card emulation (HCE) has caused waves in the industry. Before the advent of HCE, storage models came in two versions; either storing credentials in a specialist security chip [secure element (SE)] in the phone, or using card-on-file credentials in the cloud. The first model effectively turns the phone into a mobile wallet, with the SE performing the same function as the chip on an EMV card. The “cloud” option, however, was simply a case of storing basic payment information, such as card number and expiry date or sort code and account number on the Internet.

An exact software representation of the card no longer needs to reside on a physical chip since HCE has come along. This eliminates the need for the previously all-important SE and puts an end to the battle for ownership of it, lowering barriers to market entry for new players.

Please log in or register below to read the full article.