Alliance Activities : Publications : Host Card Emulation 101

Host Card Emulation 101

Publication Date: August 2014

Host card emulation (HCE) is one of the most talked about mobile innovations today, providing solutions providers with a new architecture to implement convenient mobile NFC-based solutions. But how does the new architecture impact application security? The Smart Card Alliance “HCE 101” white paper takes a deep dive into HCE and NFC opportunities and security considerations.

Of the three modes NFC offers for mobile devices, card emulation has been the most popular, and also the most controversial, mode, due to the need to access the secure element that is owned and controlled by another party.  HCE significantly changes card emulation implementation requirements and introduces entirely new business plan considerations for service providers and issuers wishing to use their credentials for NFC use cases.

Along with the greater flexibility HCE offers for service providers and issuers, comes advantages and trade-offs to the traditional secure element-based model and accompanying (required) ecosystem.  Some advantages include more direct control and fewer dependencies on other ecosystem players.  Some disadvantages include a less secure implementation and, possibly, a degraded end user experience in some cases.  The list of advantages and trade-offs will change as more HCE-based solutions are deployed, tested and used in commercial practice.

NFC continues to gain strong industry support from an increasing number of suppliers, manufacturers and handset models; however, HCE currently is only commercially supported on Android and Blackberry, and specifications still need to mature and be harmonized across OS vendors.  While HCE is not the ‘silver bullet’ many would like to have, it has far-reaching implications for the industry in general.

Developed by the Smart Card Alliance Mobile and NFC Council, the HCE 101 white paper:

  • Describes HCE and NFC  technology in today’s mobile ecosystem
  • Explores considerations for HCE in mobile payments and commerce implementations
  • Explores considerations of HCE for non-payments implementations
  • Discusses the security considerations that accompany HCE implementations and the various methods that can add layers of security to transactions
  • Outlines example use cases for both payment and non-payment applications
  • Provides a comparison of key considerations for HCE and secure element-enabled NFC implementations

About the White Paper

This white paper was developed by the Smart Card Alliance Mobile Council to provide an educational resource on Bluetooth low energy, describing what it is, how it’s used, how it fits with other mobile technologies, and what security aspects should be considered for BLE-enabled applications.

Members involved in the development of this white paper included: Advanced Card Systems Ltd.; Booz Allen Hamilton; Capgemini USA Inc.; CH2M Hill; Cubic Transportation Systems, Inc.; Discover Financial Services; First Data Corporation; Fiserv; Giesecke & Devrient; Heartland Payment Systems; Identification Technology Partners; Ingenico; Intercede; IQ Devices; Morpho; NXP Semiconductors; Oberthur Technologies; Underwriters Laboratories (UL).

About the Mobile Council

The Smart Card Alliance Mobile Council was formed to raise awareness and accelerate the adoption of secure payments, loyalty, marketing, promotion/coupons/offers, peer-to-peer, identity, and access control applications using mobile and tethered wearable devices The Council focuses on activities that will help to educate the industry on implementation and security considerations and will act as a bridge between technology development/specification and the applications that can deliver business benefits to industry stakeholders.

The Council takes a broad industry view and brings together industry stakeholders in the different vertical markets that can benefit from secure mobile applications. The Council collaborates on:

  • Educating the market on the technology and the value of secure mobile applications
  • Developing best practices for implementation
  • Working on identifying and overcoming issues inhibiting the industry