HCE (host card emulation)
Host Card Emulation (HCE) is a technology that enables mobile devices to emulate traditional smart cards or contactless cards. This technology allows mobile devices to interact with point-of-sale (POS) terminals and access control systems, making mobile payments and other smart card-based transactions more convenient, secure, and versatile.
HCE works by creating a virtual representation of a smart card on a mobile device. This virtual card can then be accessed and utilized by an external reader or terminal in the same way as a physical card. The communication between the virtual card and the external terminal is done over a secure wireless connection, such as NFC (near-field communication).
HCE is an alternative to the traditional approach to mobile payments, which involves storing payment card data on a secure element (SE) chip embedded in the mobile device's hardware. This approach requires cooperation between the mobile device manufacturer, the mobile network operator, and the financial institution that issued the payment card. In contrast, HCE is software-based and requires only the mobile device manufacturer to implement the necessary software and security measures.
HCE is gaining popularity as a preferred mobile payments solution due to its several advantages, including:
- Convenience: HCE-enabled mobile devices allow users to store multiple payment cards and access them quickly and easily with a tap or a wave at a POS terminal or an access control system.
- Security: HCE uses industry-standard encryption and authentication protocols to protect the user's payment card data and prevent unauthorized access or data theft. HCE also allows users to remotely disable or delete payment cards stored on a lost or stolen mobile device.
- Cost-effectiveness: HCE eliminates the need for a physical secure element chip and the associated manufacturing and distribution costs, reducing the overall cost of implementing mobile payments.
- Versatility: HCE can be used for various smart card-based applications, including payment cards, loyalty cards, transit cards, and access control cards.
Implementing HCE involves several key components, including:
- Mobile device software: The mobile device's operating system must have the necessary software components to support HCE, including the virtual smart card emulation software, the NFC communication protocol, and the secure storage for payment card data.
- Payment card issuer software: The payment card issuer must provide the necessary software components to securely provision and manage payment card data on the virtual smart card. This may include an application programming interface (API) for communication with the mobile device, a secure database for storing payment card data, and a system for managing and updating payment card data.
- Secure communication: The communication between the virtual smart card and the external terminal must be secure to prevent unauthorized access or data theft. This requires the use of industry-standard encryption and authentication protocols, such as TLS (Transport Layer Security) and PKI (Public Key Infrastructure).
- User authentication: HCE requires a mechanism for authenticating the user and verifying their identity before allowing access to payment card data. This may include PIN or biometric authentication, such as fingerprint or facial recognition.
In summary, HCE is a software-based technology that enables mobile devices to emulate traditional smart cards and interact with POS terminals and access control systems. HCE offers several advantages over traditional mobile payment solutions, including convenience, security, cost-effectiveness, and versatility. Implementing HCE requires a combination of mobile device software, payment card issuer software, secure communication, and user authentication mechanisms. As mobile payments continue to grow in popularity, HCE is expected to play a significant role in shaping the future of mobile payments and smart card-based transactions.