Don’t you love how big organizations play fast and loose with big concepts like Host Card Emulation? HCE was SimplyTapp created technology that Google incorporated into Android Pay in 2013 sowing endless nonsense and confused debate about ‘open’ vs ‘closed’ NFC, aka the secure element wars. Back then industry pundits said:
The significance of HCE is that it frees NFC from dependence on the secure element, which has largely been controlled by mobile carriers. Banks, merchants, and wallet developers must pay fees for access to that chip. Yeager is counting on HCE to scare up interest among issuers and kickstart NFC, which has been stuck in neutral for years.SimplyTapp, the Power Behind Google’s NFC Workaround, Aims at Mobile Banking
HCE was created when the cloud was seen as an answer for every problem. All it did for ‘freeing’ NFC from dependence on the secure element on a device was make it dependent on a network connection to connect with a ‘secure element in the cloud’. But this was overlooked in the rush to ‘free NFC’ from the evil grasp of mobile carriers.
How little things change, swap ‘evil mobile carriers’ for ‘evil Apple’ and you have exactly the same self serving ‘open’ vs ‘closed’ NFC chip nonsense that people are debating in Europe and Australia today. FeliCa Dude, the ultimate industry insider who has experienced it all, said it best: ‘It’s all eSE or nothing now.’
Let’s make this simple as possible and list the industry forces in the NFC secure element wars:
- SIM Secure Element (SE) used by the mobile carriers for carrier locked NFC payments
- Embedded Secure Element (eSE) used by smartphone manufacturer digital wallet platforms (Apple Pay, Samsung Pay, Huawei Pay that use customized eSE and truly control it, off the shelf all-in-one NFC chipset users like Pixel and Xiaomi not so much)
- Host Card Emulation (HCE) is a secure element in the cloud strategy used by banks and card issuers on network connected Android devices using their own apps that bypass #1 and #2.
Carriers, smartphone manufacturers, banks•card issuers. Carriers lost out long ago. A classic case would be NTT docomo who built the worlds first major digital wallet platform, Osaifu Keitai, using Sony Mobile FeliCa technology back in 2004. Osaifu Keitai eventually made it to the other major Japanese carriers (KDDI au and SoftBank) but the carriers made the mistake of locking and limiting Osaifu Keitai service to SIM contracts and their own branded handsets.
More than anything else, carriers milking Osaifu Keitai as an expensive exclusive SIM contract option instead of making it a SIM free standard for everybody, was the reason why Osaifu Keitai growth stalled. The 2016 launch of Apple Pay in Japan circumvented the entire SIM SE mess with its own eSE, and gave Mobile FeliCa the second chance it’s enjoying now.
Smart Navigo power play
Smart Navigo is the Île-de-France Mobilités (IDFM) Paris region transit card for mobile on Galaxy devices, and Android smartphones with Orange SIM cards. France was an early innovator of NFC on mobile phones but it did not lead to early mobile transit adoption: Smart Navigo launched in September 2019.
Fast forward to 2021, today in LeParisien: Île-de-France: why some smartphones no longer allow access to the metro. A step forward, a step back. The modernization of the ticketing system in force on public transport networks in Île-de-France is not a long quiet river.
What LeParisien was reporting was that IDFM suddenly ended their partnership with Orange: “As long as you do not change your SIM card, the service is operational: you can continue to buy tickets and validate them with your phone,” If customers change their Orange SIM card, Smart Navigo no longer works. IDEM is freeing Smart Navigo from the evil grasp of a mobile carriers.
The French Apple news site iGeneration reports:
A new solution is scheduled for deployment in mid-2022. It will be open to all Android smartphones, without operator constraints, thanks to HCE (Host Card Emulation) technology that emulates cards in a mobile application, allowing it to free itself from NFC constraints. HCE was also partly used for the SIM card developed by the start-up Wizway on behalf of Orange.
It’s 2021, the secure element wars ended years ago. Perhaps IDFM didn’t get the message. Or maybe they want to turn back the clock and fight the battle again. IDFM has spent a lot of time and expense working with Calypso Networks Association, the transaction tech used for Navigo, to develop the less secure network dependent Calypso HCE ‘cloud’ secure element approach. It flies in the face of where payment transaction technology has been going with eSE as standard hardware on all modern NFC devices.
It’s important to remember that one problem with the term HCE is that people and companies use it very loosely. All secure element methods have to load payment credentials from the cloud at some point. The big difference is that eSE and SIM SE have secure physical areas to store those payment credentials on the device, HCE does not. Far too many people assume that any kind of loading from the cloud = HCE, it does not. HCE = storing on the cloud.
This cloud approach has downsides outlined by Thales:
With HCE, critical payment credentials are stored in a secure shared repository (the issuer data center or private cloud) rather than on the phone. Limited use credentials are delivered to the phone in advance to enable contactless transactions to take place.
This approach eliminates the need for Trusted Service Managers (TSMs) and shifts control back to the banks. However, it brings with it a different set of security and risk challenges…
A centralized service to store many millions of payment credentials or create one-time use credentials on demand creates an obvious point of attack. Although banks have issued cards for years, those systems have largely been offline and have not requiring round-the-cloud interaction with the payment token (in this case a plastic card). HCE requires these services to be online and accessible in real-time as part of individual payment transactions. Failure to protect these service platforms places the issuer at considerable risk of fraud…
All mobile payments schemes are more complex than traditional card payments, yet smart phone user expectations are extremely high:
•Poor mobile network coverage can make HCE services inaccessible.What is Host Card Emulation (HCE)?
•Complex authentication schemes lead to errors.
•Software or hardware incompatibility can stop transactions.
The two key takeaways are: 1) HCE shifts control back to banks and card issuers away from carriers and Android smartphone manufacturers, 2) No network connection = no HCE. Think of HCE as the NCF equivalent of QR Code payment services like AliPay and PayPay that also send payment credentials to the app, just in a different format.
Apple Pay has succeeded because it delivers on those high smartphone user expectations better than any other digital wallet out there. That’s why JR East needed to get Suica on Apple Pay to take Mobile Suica to the next level combining ease of use with growth, which is exactly what happened.
IDFM unceremoniously dumping Orange and going all in with HCE is all about IDFM wanting full control and nothing to do with carriers (SIM SE), Android smartphone manufactures (eSE). Realistically it has to be HCE for Android because Android manufactures would never update older device eSE to support Calypso. We won’t know the full story until the HCE Android service starts sometime in 2022, presumably after pay-as-you-go functionality is fully operational and ready on all exit gates.
Meanwhile, IDFM has been in talks with Apple ever since Smart Navigo was first announced in 2017. At that time they said:
“Unfortunately, it won’t be possible for iPhone owners to use the service since Apple does not yet allow third parties to access the NFC secure element in their phones. However, we are happy to explore the possibilities with Apple to offer the same service to all Paris public transport users.
Apple Pay Smart Navigo has yet to appear though IDFM released an updated iOS app earlier this year that added iPhone recharge functionality for plastic Navigo cards.
One last thing: smart wearables won’t work with a HCE only Smart Navigo strategy. This is the lesson that Fitbit and Garmin have learned well from Apple Watch for deploying Mobile Suica on their devices: keep things simple and on the device for local processing without a network connection. This is what makes the Suica support coming to WearOS so interesting, it might succeed in beating Android as the first non-Apple global NFC device.
As for Smart Navigo, indeed a step forward, a step back. The IDFM journey to mobile ticketing for everybody is not a long quiet river.
This concludes the final installment Contactless Payment Turf Wars. It has been an unexpectedly longer series than planned. I hope people enjoyed reading them as much as I enjoyed writing them. Thanks always and happy transits!