Mobile NFC technology is in the running for widespread U.S. adoption for both non-payment and payment applications, with technologies and architectures like HCE, BLE and EMV complementing and propelling the technology forward, attendees learned at the 2014 NFC Solutions Summit. The 2014 NFC Solutions Summit, presented by the Smart Card Alliance in partnership with the NFC Forum and the NFC World Congress, was held last week at the Renaissance Arboretum Hotel in Austin.
Near Field Communications (NFC), Host Card Emulation (HCE) and Bluetooth Low Energy (BLE)
Recently, attention has turned to Host Card Emulation (HCE), which unlocks the potential for NFC applications without the need for integration with the mobile device’s secure element (SE) or for the support of a trusted service manager. HCE enables quick and cost-effective NFC deployments, but it also raises the question–are its security capabilities enough for NFC payments and other secure applications?
“HCE is an architecture, not a solution,” said Ted Fifelski, the co-founder of SimplyTapp, the company that created HCE. “When it comes to levels of fraud and risk, HCE offer options. Enterprises need to ask themselves, ‘what are you protecting?’” and add levels of security they deem appropriate.
HCE is “another tool in the toolbox,” that will drive NFC adoption, said Erich Tompkins, the senior product manager, advanced mobility solutions at AT&T, but “the SE is the known good security model.” He said that the SE is the main building block for AT&T’s strategy, but that HCE can be complementary for non-payment uses cases like ticketing. Tony Sabetti, ?director of merchant integration and commerce development at Isis agreed, saying that while HCE can get applications up and running quickly, he doesn’t see the hardware SE going away “anytime soon.” He said that cloud-based NFC solutions using HCE can bring about other burdens for data security: “cloud databases are good places to go hack.”
In his presentation, Michael Gargiulo, the principal consultant at TNG Technologies, talked about the HCE architecture and security considerations at the network, server and device level. According to Gargiulo, if HCE leaves data at rest in the phone at the operating system (OS) level, that data is “in the wild.” He said that potential security issues could arise from uninstalled OS security updates, ‘rooted’ phones, low-strength software security algorithms and capture of user-entered data.
NFC and Bluetooth Low Energy (BLE) will likely complement each other and coexist in the mobile ecosystem because their best use cases differ, John Ekers, the CIO at ABnote said in his keynote presentation. BLE’s quick coupling abilities are best for use cases that don’t require high levels of security, like in-store mobile marketing and gamification, and will drive consumers into stores and create interest. Payment, though, “is the ideal transaction for NFC,” Ekers said.
NFC Technology Potential is Beyond Just Payments
Though NFC garners attention for its payment applications, many presentations focused on NFC’s non-payment applications as the “killer apps” that could stimulate broad adoption.
Payment is only one application in the world of NFC, where many non-financial applications are taking off and enabling the Internet of Things, according to NFC Forum’s executive director Paula Hunter. “It’s not just about the phone,” Hunter said. “It’s about the wearables, the appliances, the speakers and the laptops–NFC is being enabled across the whole spectrum of the consumer marketplace.” Hunter cited several non-payment NFC use cases that are enhancing the consumer experience, including wearable baby monitors, cars that can send alerts for services and smart thermostats that that allow temperatures to be adjusted on the go.
AT&T’s NFC strategy is focused on NFC opportunities beyond payments and building services for the installed base of contactless/NFC readers, especially for transit and physical access applications, Howard Krieger of AT&T’s Industry Solutions Practice told the audience. AT&T is currently working along with Blackboard on NFC pilots at Quinnipiac and Tulane Universities, giving students access to education, resources, facilities and funds. Jeff Staples, the vice president of marketing and business development at Blackboard, said that students have embraced the technology and, because they use their phone for everything, see transacting on campus as a natural extension. Blackboard plans to expand the NFC pilot this fall.
NFC Payments are Building Momentum
Today, the Isis Mobile Wallet has 20,000 wallet activations per day and is enabled on 68 devices, according to Scott Mulloy, Isis’ CTO. With security being the biggest concern for consumers to adopt mobile wallets, Isis has implemented established and tested security techniques into the Isis Mobile Wallet with the key tenet: “don’t store the data people want.” According to Mulloy, Isis stores no consumer data on its platform, making its data “a fairly uninteresting target.” He explained Isis’ other security techniques, including: PIN protecting every wallet, with 30 minutes the maximum amount of time consumers can set the wallet to be open; robust change/loss scenarios in which wallets can be quickly shut down if a phone is lost or stolen; utilization of the proven secure element; and generation of unique, dynamic data for every transaction.
Fellow panelist David Talach, director business development at PayPal, stressed the importance of the consumer experience, telling the audience that PayPal strives to “bring new experiences that are truly inspiring,” and that PayPal is an advocate for letting consumers choose mobile wallets and technologies freely.
Paul Moreton, vice president of digital commerce at Capital One said that “disruption is coming” to payments and that many mobile wallet solutions will soon hit the marketplace. For its part, Capital One has deployed several NFC-based mobile wallet solutions and sees issuer competition for the mobile wallet market a good thing, as it will spur more innovation.
NFC and United States Migration to Europay, Mastercard and Visa (EMV) Chips
At the same time that NFC is taking off in the U.S., another payments evolution is taking place with the migration to EMV chip payments. NFC payments are complementary to EMV chip payments, using the contactless capability of POS terminals.
MasterCard’s vice president of advanced payments Oliver Manahan sees NFC, contactless and EMV chip payments as technologies that should be implemented together in the U.S. “Do it once, do it right, and future proof yourself as much as possible,” he told the audience. He noted that, in the U.S., MasterCard contactless cards are more likely to be top of wallet and that total spend after a consumer starts using MasterCard contactless is 54 percent higher than those who do not use contactless.
Other presenters noted the importance of NFC and EMV together:
“Isis solutions are well positioned for EMV,” Isis’ Mulloy said, and noted that Isis mobile payment applets from the major payment networks are already EMV compliant. He added that merchants today can “cover all of their bases with integrated POS terminals and be ready for EMV contact, contactless and NFC.” The U.S. migration to EMV chip will be a catalyst for terminal upgrades that include NFC, PayPal’s Talach said, and he “can see a world where we have a reasonable NFC density from a merchant perspective by around 2015.”
Readers interested in learning more about NFC technology should visit here.