The HCE tap is open, let NFC services flow

Banks: What is ‘enough security’?

I was prepared for Mobey Forum’s third annual Mobey Day event to be a lively affair. Bringing banks together with, amongst others, GSMA, chip manufacturers and mobile payment software providers to discuss the future of near field communication (NFC) was always going to ignite debate.

What I was less prepared for, however, says Sirpa Nordlund executive director of the Mobey Forum, was just how far and how fast that debate has evolved in the past few months, let alone the last year.

For years, NFC-for-payment services have been hamstrung by deployment complexity and commercial power plays. This year, things are refreshingly different. Wind back the clock to November 2013; Google kick-started a wave of change by including support for host card emulation (HCE) in Android KitKat. Banks and other NFC service providers began to ask a very big question: ‘Could HCE replace the SIM-based secure element?’ Or, put another way: ‘Could HCE solve our technical and commercial go-to-market problems with NFC services?’

In March, follow-on announcements of support for HCE from Visa and MasterCard, together with EMVCo’s release of its first tokenisation framework, confirmed for many service providers that HCE was indeed a serious contender in the market for secure NFC service models.

Contest gives way to consensus

Wind forward a few short months to October and the HCE debates at Mobey Day had evolved almost beyond recognition. Evangelists were present on both sides, but a broad consensus became apparent on a number of previously contested themes. Firstly, that HCE is a force for good but does not signal the death of the secure element (SE) in NFC services. Neither the SE nor HCE NFC will dominate the NFC services industry, not least because both models present service providers with different sets of advantages and challenges.

In 2015, we are likely to see multiple deployment models establish, where the SE (either on the SIM or embedded in the device) will both coexist and cooperate with HCE to form hybrid solutions that can provide enough security for the service in question. This puts the ball firmly back in the service provider’s court. Banks especially, for whom mobile data security has always been a zero-sum game, are now faced with a new question, one that must seem entirely alien: What constitutes ‘enough security’?

And with that the rug is pulled, once again. If banks are to abandon the pursuit of ‘maximum security’ (as delivered via the embattled SE/TSM model) in favour of ‘proportionate security’ (via a service-appropriate blend of HCE/tokenisation/SE/software-based security) in order to finally get their solutions to market, they must first decide what an ‘acceptable security risk’ looks like. I fear that this expression will stick in the throat of many a bank’s mobile payments manager in 2015, as they try to explain to a frustrated board why they are now proposing to write-off a fair portion of SE-NFC investment and, at the same time, drop down a security peg in order to enable widespread deployment via an all-HCE or hybrid based solution.

Look to ApplePay and its TouchID biometric authentication for the route through the maze, advised David Birch of Consult Hyperion, who reminded us all not to get too hung up on security: “We’re buying coffee here, not launching nuclear missiles,” he argued with characteristic alacrity. “Convenience trumps security every time. Every time.” For evidence, Birch drew on the elegant simplicity of Apple’s biometric TouchID. Sure, fingerprints can be stolen and recreated, but how often is this really going to happen? And even if it did, would the genius thief not have bigger ambitions for this new found power than pick-pocketing iPhones? TouchID’s simplicity and convenience will drive consumer adoption at such a rate that it will dwarf any issues that emerge relative to its security.  Indeed so beguiling is TouchID and its ability to authenticate payments via ApplePay, that Birch believes it may hold the power to entice Android defectors back to the iPhone in swathes. Let’s see.

ApplePay featured heavily across the two days of presentations and was met with universal admiration for its model. One notably insightful comment came from Mario Maawad at Caixabank who observed that ApplePay’s value to the whole NFC ecosystem was not only in bringing NFC to all those iPhone users, but by doing so with a user experience so frictionless that consumers will finally realise that conventional forms of payment are indeed inconvenient. This revelation alone will drive a shift in the consumer mindset, he says, and heighten awareness of the mobile channel’s potential to make life that bit easier. That must surely be good for all stakeholders in the mobile industry.

Beyond ApplePay, Mobey Day’s speakers offered a variety of other thought provoking insights for delegates to digest. Kristian Luoma, head of business development at Finland’s OP Pohjola Bank, made a notable distinction between how the next generation of mobile-specific social media platforms make the end-user feel. Facebook’s mobile user experience, according to Luoma, which focuses on connecting people, doesn’t feel anywhere near as good as the instant-response mobile world of WhatsApp, the handset-dedicated messaging platform, which is designed to serve groups of connected people. His point here is that mobile payments must be made to feel good, as well as operate conveniently and securely. In his words: “In mobile payments the winners will be those that can make the payment feel as good as sharing a selfie.” An interesting (and ambitious) challenge for payment providers everywhere.

Despite softening the blows with FIFA and street football analogies, the hard truths delivered by Amir Tabakovic, chair of Mobey Forum’s Mobile Wallet Workgroup, about the disintermediating threat that merchant-oriented prepaid mobile wallets pose to banks, really struck a nerve. Prepaid’s growing utilisation as an alternative banking platform, together with its unrestricted regulatory environment and easy integration with merchant loyalty programmes, combine to make it a defining force in the near-term future of mobile wallets, he says. Banks will ignore prepaid at their peril.

There is a string that ties all of these elements together. Mobile financial service providers everywhere now need to focus, above all, on the end-user experience. Today’s ecosystem is teeming with influential, agile and powerful stakeholders, many of which are on a mission to make the cumbersome business of paying for goods vanish completely from the consumer’s mobile shopping experience. If banks don’t move to broaden their horizons and establish a new and visible role in the end-user’s mobile experience, they may find that they too become unfortunate victims of the great ‘payments vanishing act’.

Sirpa Nordlund is the executive director of Mobey Forum
Sirpa Nordlund is executive director of Mobey Forum

Which of the Mobey Day presentations struck a chord with you? How do you see NFC mobile payments moving forward in the coming months and years? I’d be delighted to hear your thoughts via or tweet us @MobeyForum

The author of this blog is Sirpa Nordlund, executive director, Mobey Forum



Blackline Safety sets new standard in connected worker safety with launch of G6

Posted on: September 26, 2022

San Diego, United States – Blackline Safety Corp., a global provider in connected safety technology, continues to trailblaze in the industrial worker safety market with the launch of a new connected wearable to transform single-gas detection. The all-new G6 personal gas detector – unveiled at the National Safety Council (NSC) Safety Congress & Expo in San Diego

Read more

Senet expands public LoRaWAN network across New York

Posted on: September 26, 2022

Portsmouth, United States – Senet, Inc., a provider of cloud-based software and services platforms that enable global connectivity and on-demand network build-outs for the Internet of Things (IoT) announced it is has expanded the build out of its public LoRaWAN network across all five boroughs of New York City. Through the combined operation of Senet’s

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more

What is IoT?

Posted on: July 7, 2019

What is IoT Data as a new oil IoT connectivity What is IoT video So what’s IoT? The phrase ‘Internet of Things’ (IoT) is officially everywhere. It constantly shows up in my Google news feed, the weekend tech supplements are waxing lyrical about it and the volume of marketing emails I receive advertising ‘smart, connected

Read more
IoT Newsletter

Join the IoT Now online community for FREE, to receive: Exclusive offers for entry to all the IoT events that matter, round the world

Free access to a huge selection of the latest IoT analyst reports and industry whitepapers

The latest IoT news, as it breaks, to your inbox