After the adoption of Host Card Emulation (HCE) by Android, Google had hoped that by including HCE in the world’s largest mobile operating system (which by that time covered 80% of the market, it would offer the Android payments ecosystem a chance to grow more rapidly while also allowing Google themselves to deploy their Google Wallet more easily across the mobile network operator ecosystem.

Host Card Emulation- HCE

With the inclusion of Host Card Emulation (HCE) in Android 4.4, the banks still needed the major card networks to support HCE. At the Mobile World Congress 2014, both Visa and MasterCard made public announcements placing their support behind HCE.

On December 18, 2014, less than ten months after Visa and Mastercard announced their support for Host Card Emulation (HCE), Royal Bank of Canada (RBC) became the first North American financial institution to launch a commercial implementation of mobile payments using the Host Card Emulation- HCE technology.

Google Android™ Host-Based Card Emulation (HCE)

A new feature of the recently released Android 4.4 (Kit Kat), HCE allows any Android mobile phone to act like a contactless debit, credit or other card without needing a built-in secure element to store and protect the card data.

Canada Mobile Payments service can provide cloud-assisted device-based user authentication for mobile Near Field Communication (NFC) payments or other proximity transactions made using Google Android™ host-based card emulation (HCE).

Global Smartphone Users

  1. 2015: Russia will surpass Japan as the fourth-largest smartphone user population.
  2. 2016: India will exceed 200 million smartphone users, topping the US as the world’s second-largest smartphone market.
  3. 2017: The US will surpass 200 million smartphone users, or nearly 65% of the country’s total population.
  4. 2018: Indonesia will pass 100 million smartphone users, firmly established as the fourth-largest smartphone user population.

Secure Element

What is a secure element and what are the form factors?

A secure element (SE) is a tamper-resistant platform (typically a one chip secure microcontroller) capable of securely hosting applications and their confidential and cryptographic data (e.g. key management) in accordance with the rules and security requirements set forth by a set of well-identified trusted authorities.

There are three different form factors of SE:

  1. Universal Integrated Circuit Card (UICC)
  2. embedded SE
  3. microSD

Both the UICC and microSD are removable. Each form factor links to a different business implementation and satisfies a different market need.

Who created SEs and why are they necessary?

SEs are an evolution of existing secure technology. The chip that resides in credit and debit cards has been adapted to suit the needs of the mobile world. With multiple applications now being stored and their processes executed in the same device, it is essential to be able to house trusted applications and their associated credentials in a secure environment.

The presence of an SE is essential to the deployment of value added services (VAS). Authentication, identification, signatures and PIN management are all central to the deployment of VAS and all require a protected environment to operate securely. Taking a payment application as an example, it is important that the user’s credentials do not become visible. The tamper resistant security of the SE is ideal for this task. The SE controls interactions between trusted sources (a bank), the trusted application (a mobile payment application) stored on the SE and third parties (a company the user is making a payment to). The secure domain protects the user’s credentials and processes the payment transaction in a trusted environment, ensuring the safety of the user’s data.