Apple has finally given their answer to EU demands (and now USA demands) for ‘open NFC’: Apple HCE (Host Card Emulation). Basically this means that any payment provider/developer in the EU market, with the proper credentials, can use the iPhone NFC chip. But they cannot use the iPhone embedded secure element (eSE) because it lives in Apple Silicon, i.e. top to bottom Apple intellectual property, not an off the shelf procured part. It boils down to this: if EU payment providers don’t want the superior security and features of the eSE or Apple telling them how to create a superior and safer NFC user experience, they have the less secure, feature limited Apple HCE ‘open’ secure element in the cloud option. Open = Less. Less functionality because secure element functionality is not on the device, less security because HCE apps won’t use Apple Pay transaction tokenization, less updates and bug fixes because that’s the developers responsibility. A trade off.
In other words, no Express Mode transit, no Power Reserve, all the other on-device, no-network-needed eSE transaction goodies, and don’t forget Apple Pay tokenization. And there’s that little problem of apps having to call the HCE server over the internet for payment transactions, the reliability of which depends on the payment provider’s infrastructure, programming chops, and their ability to deploy the decidedly user hostile EMV 3-D Secure v2 tokenization scheme. To understand the difference it’s helpful to look at the Android version of the Navigo transit card that uses HCE in comparison with Apple Pay Suica that uses the iPhone eSE.
How important is eSE compared to HCE difference? Just look at what Google is promoting on Android: the Android Ready SE Alliance to promote eSE. The answer is clear, in this age where all NFC capable smartphones come standard with eSE, what’s the point of HCE? HCE was born as an answer to pre-iPhone era smartphone SIM based secure elements to circumnavigate carrier lock-in. But it came with an unseen price for the end-user: complexity.
HCE fragmented Android NFC development and the user experience. It’s the reason for the convoluted evolution of Google Pay/Wallet. It’s exactly why Google is trying to fix it by herding all those HCE developer cats to the Android Ready SE platform. There is also the security angle where device manufactures, aka gatekeepers, who use the Android Ready SE Alliance supply chain, keep the eSE secure and future poof with the latest Android software updates. Like Apple has done all along with Apple Pay.
But even though HCE is less secure than eSE and comes with less functionality, some developers will continue to use it. Why? It’s exactly like what Jarad Harris said at the end of Chernobyl miniseries explaining the reasons why the Soviet Union used risky RBMK reactors instead of safer western style light-water reactors: it’s cheaper. And cheaper means payment providers, like PayPal (who kicked off the whole EU ‘Apple Pay is a monopoly’ complaint), can make more profit from banking fees and surcharges instead of giving customers a safer, superior payment experience.
That’s all you need to know in the HCE ‘open NFC’ debate.
Apple Pay Monopoly Debate Coverage
The Apple Pay monopoly debate part 1: context is everything
The Apple Pay monopoly debate part 2: the gatekeeper difference
My Cousin Apple Pay
The Apple Pay EU antitrust investigation
What does ‘open’ Apple Pay NFC really mean?
The Apple Pay monopoly debate: are we really comparing Apples with Apples?
Contactless Payment Turf Wars: the Smart Navigo HCE power play
How much does Smart Navigo HCE suck?
The Apple Pay Whipping Post
HCE Secure Element in the Cloud is pie in the sky
You must be logged in to post a comment.