Mobile Payments Update: An Overview on Host Card Emulation (HCE)

Navigator Edition: March 2014
By: Jeff Crawford

In late October 2013, Google announced an update to its mobile phone operating system. Android 4.4 (KitKat) changes the way in which the mobile device can interact with an installed near field communication (NFC) antennae. This feature, known as Host Card Emulation (HCE), has the potential to shape the future of mobile payments. HCE is an open architecture that allows mobile applications to emulate a contactless smartcard. Unlike traditional NFC transactions that rely an embedded or SIM card Secure Element (SE), HCE is a purely software-based solution. This new approach is significant for the industry because: 1) it takes control away from mobile network operators (MNOs) who control access to a mobile device’s SE and, 2) it creates new possibilities for using a phone’s NFC feature. While many questions remain, HCE has the potential to simplify the way in which for issuers and cardholders load payment credentials and complete transactions.

HCE works by storing payment credentials on a remote cloud rather than the SE (see Figure 1). Conceptually, a mobile application could be programed to send requests to allow access to these credentials via a secure token. This token would then be passed via the phone’s NFC antennae to another contactless reader to complete a payment transaction. A key requirement is ensuring that the token is recognized by the reader as a valid payment credential. In late February, the two leading payment acceptance networks, Visa and MasterCard, addressed this issue by updating their contactless payment specifications, PayWave and MasterPass respectively, to read and accept these tokens.

Figure 1: Example HCE Transaction

4- Figure-1_-Example-HCE-Tranaction

Source: First Annapolis Consulting research and analysis. 

This development may prove troubling to some mobile wallets, like the Mobile Network Operator-led Isis, which relies on the SE approach. Isis currently requires card issuers to integrate with a Trusted Service Manager (TSM) to facilitate access to a device’s SE. HCE provides an alternative to TSM integration, which can be expensive and time consuming. To date, only a few European banks have explored HCE deployment, but there are service providers that are prepared to enable similar solutions in the U.S. market. Visa and MasterCard have also independently announced their intentions to provide software development kits (SDKs) that would allow issuers and other potential wallet providers to write HCE applications that conform to the existing contactless payment specifications.

Although it is too early to tell if HCE will be the long-awaited catalyst that leads to meaningful mobile payments adoption, HCE is a promising development with the potential to reduce some of the legacy barriers that have slowed progress to date. Furthermore, the HCE approach could be used to store and pass a variety of other credentials, such as offers, loyalty credentials, and transit and ticketing information, which support payment transactions. While HCE by no means addresses all hurdles related to meaningful mobile payments adoption, including the requirement for merchants to deploy the necessary contactless readers, it is a potential “game changer” that should be monitored closely in the months to come.

For more information, please contact Jeff Crawford, Manager in the Deposit Access practice, specializing in Mobile Payments,

To read the rest of this article, please subscribe to

The Navigator Newsletter