NFC has languished in part due to the inability of banks and phone carriers to agree on how much should be paid for access to a computer chip on a phone that has transactional functionality. Beyond pilots, banks have balked at the fees proposed by the carriers to access a portion of the chip — known as the "secure element." They also have been hesitant to cede any control of transactions to the carriers.
Yet recent developments with open-source software have given NFC new life, essentially allowing financial institutions to bypass the secure element on smartphones. The software allows for "host card emulation," or "HCE," giving the mobile device the ability to act as a credit or debit card at existing NFC terminals, presenting a virtual duplicate of the card. And its open-source format allows vendors and financial institutions to develop their own proprietary solutions.
Big players, big push
This new idea might have staying power, as big players are giving HCE legitimacy. One major move came when Google folded NFC into a version of Android released in November of 2013. Then MasterCard and Visa said in February they would issue specifications for payments using HCE by financial institutions.
Carriers' pricing, as high as $4-5 per customer per year in one NFC project, has backfired, says Steve Mott, principal of BetterBuyDesign, a payments consultancy based in Stamford, Conn. "The lesson of HCE is anytime somebody tries to use technology to set up a toll gate, there is going to be a way to work around it," he says.
Yet recent developments with open-source software have given NFC new life, essentially allowing financial institutions to bypass the secure element on smartphones.
That "toll gate" spurred innovation that led to HCE, adds Linda Mantia, executive vice-president of cards and payment solutions at Royal Bank of Canada. "It removes one of the biggest challenges, which was the stranglehold in the U.S."
RBC, based in Toronto, is one of the large banks out in front with HCE, having already deployed it on certain Android phones. The bank launched a mobile app in January for its Canadian market, allowing customers with certain Samsung Galaxy phones to pay by NFC. Also, Capital One Corp. has worked with MasterCard in a pilot to help the network develop HCE specifications.
While MasterCard wouldn't cite specific banks beyond Capital One, interest is high in getting NFC-enabled mobile wallets to market, says James Anderson, group head in emerging payments. "There is a lot of pent-up enthusiasm in the payments community to be able to implement mobile transactions," he says. "Banks are active in the space, with people launching new initiatives internally to figure out how to get things to market quickly."
RBC debuted its Android-based wallet to a limited set of users ─ those with Galaxy S III or S4 phones on Canada's Bell phone network. Consumers with RBC Interac debit or Visa credit cards can use these phones to make small purchases at merchant locations that accept contactless payments. RBC expanded to the MasterCard network in the spring.
The path of least resistance
HCE was developed by two entrepreneurs, Doug Yeager and Ted Fifelski, who looked for a way around routing NFC transactions through the secure element on the phone. They had noticed the secure element was a big sticking point in NFC adoption, started writing code, and then marketed it under the company name SimplyTapp, based in Austin, Tex.
"We discerned if you can have a software solution not dependent on a relationship with hardware, there would be a lot more flexibility in the market to give NFC at least a fighting chance," says Yeager, chief executive officer.
Essentially SimplyTapp's work has created a secure element in the cloud, which has caught the attention of Google. Keeping HCE open-source in nature allows the market to grow rapidly. As for SimplyTapp itself, it is looking toward growth by selling a proprietary HCE Android solution mainly to processing companies and other payment aggregators.
Barriers to entry
Still, despite the promise of HCE, obstacles remain. One is securing the software on the device and its communication with a point-of-sale terminal. Stakeholders will have to feel comfortable enough with safeguarding software from hackers.
"The secure element in the cloud is wholly dependent on the security of the software of the device," says Simon Blake-Wilson, executive vice president of the mobile security business division at Inside Secure, a software security firm based in Aix-en-Provence, France.
While HCE might not match the security of using a SIM card on the phone, it could be secure enough, and offer a more practical solution for it to gain market share, Yeager adds. "It all comes down to user experience versus security," he says. "If nobody is using it, it could be the most secure platform in the world and who would care?"
Apple could be another obstacle to widespread adoption of HCE in the U.S. The company differentiates itself with closed software for its operating system. But Apple has filed NFC-related patents, so all eyes and ears are waiting for what happens with the next iPhone.
Terminals are another problem. Today there are about 2 million merchant locations worldwide that accept contactless payments, according to MasterCard. But most of those are at sites outside the U.S. The most likely first adopters of NFC terminals are the largest merchants. Yet only about 20 percent of terminals at these merchants can handle NFC transactions, according to The Nilson Report.
NFC beyond payments
But the promise for NFC is there.
"It is going to open up new types of applications outside of payments that people hadn't actually thought about before," says Michael Ting, vice president of payments at SecureKey, a Toronto-based vendor that provides cloud-based authentication solutions.
For payments, HCE development will augment security such as authorization and tokenization for card-not-present transactions, experts say. Beyond payments, the open-source format will prompt developers to write apps for other uses for NFC in a mobile device, such as loyalty programs, building access, transit passes and beyond.