Host Card Emulation (HCE)

With Host Card Emulation (HCE), critical payment credentials are stored in a secure shared repository rather than on the phone.

Host Card Emulation

Securing a mobile phone such that it can be used to make credit or debit transactions at a physical point-of-sale (POS) terminal is a challenge. Payment systems based on magnetic stripe cards have evolved to use EMV chip cards and the natural next stage was to utilize dedicated security hardware inside most phones called a Secure Element to host the payment application, user payment credentials and the associated cryptographic keys.

However, this approach has proven difficult to take from pilot to mass deployment for a variety of reasons – lack of standardization for mobile phones, complex certification requirements and, most importantly, the reluctance of many banks to cede control to a third party, the Trusted Service Manager (TSM). In the TSM model the bank pays to ‘rent space’ on the Secure Element, which is typically controlled by a mobile network operator (MNO) or handset manufacturer. To overcome these challenges an alternative approach is rapidly gaining support - host card emulation (HCE). With HCE, critical payment credentials are stored in a secure shared repository (the issuer data center or private cloud) rather than on the phone. Limited use credentials are delivered to the phone in advance to enable contactless transactions to take place. Although this eliminates the need for TSMs and shifts control back to the banks, it brings with it a different set of security and risk challenges.

HCE Overview
Host Card Emulation for Mobile Payments: Today’s Challenge
  • The establishment of a centralized service to store many millions of payment credentials or create one-time use credentials on demand creates an obvious point of attack. Although banks have issued cards for years, those systems have largely been offline, not requiring round-the-cloud interaction with the payment token (in this case a plastic card). Host Card Emulation requires these services to be online and accessible in real-time as part of individual payment transactions. Failure to protect these service platforms places the issuer at considerable risk of fraud.
  • Although the phone no longer acts as the store for payment credentials, it still plays three critical security roles. All three create opportunities for theft or substitution of credentials or transaction information.
    1. It provides the means for applications to request card data stored in the HCE service
    2. It is the method by which a user is authenticated and authorizes the service to provide the payments credentials
    3. It provides the communications channel over which payment credentials are passed to the POS terminal
  • All mobile payments schemes are more complex than traditional card payments and yet smart phone user expectations are extremely high. Poor mobile network coverage makes HCE services inaccessible, complex authentication schemes lead to errors and software or hardware incompatibility can bring everything to a halt. A flexible approach will be required where credentials are cached and risk-based approvals will become the norm all at a time when standards will be maturing and the need for certifications will be imposed.
Host Card Emulation Mobile Payments: Thales e-Security Solutions

Thales e-Security hardware security modules (HSMs), both nShield and payShield, are in use today helping to secure HCE-based solutions. Payment credentials are securely generated and stored centrally using HSMs by the issuer, who also has the flexibility to decide how many keys are stored in the phone at any given time, and therefore cover situations where offline authorization is supported as part of the issuer risk decision. In an online authorization situation (which is the usual deployment mode for HCE solutions) the issuer uses HSMs to validate the cryptogram which is generated by the phone app in real time as part of the contactless mobile payment transaction. In this case the security design of the phone app is critical to ensure that the processing inside the phone limits the risk of key or sensitive data exposure to fraudulent attack. That is why the card schemes are conducting extensive validation of mobile payment app security (which includes the interface to the issuer involving HSMs) before the bank can go live with the HCE service.

Thales e-Security hardware security modules help to secure HCE-based solutions
  • Use the same types of Thales HSMs for HCE that are used globally today for authorizing card payments and issuing EMV cards
  • Take advantage of the Thales integration partner ecosystem to source proven HCE-based solutions and be automatically compatible with the latest card scheme specifications
  • Choose from a range of cryptographic algorithms and key management schemes already supported by Thales HSMs to create a hardware-based secure session between the issuer system and the phone, eliminating man-in-the-middle attacks during the credential loading process
  • Leverage the existing HSM certifications, FIPS 140-2 level 3 and/or PCI HSM, to simplify audit compliance and ensure the best possible key generation and protection methods are deployed

White Paper : Creating a Trust Infrastructure to Support Mobile Payments

The primary goal of this white paper is to provide practical assistance to banks so that they can best leverage and extend their existing trust infrastructure in order to launch a new range of secure mobile-based payment solutions for their customers. Based on experience with solutions that are live today, the paper describes options to use a mobile phone to support contactless payments at POS (both with and without a Secure Element) and the growing trend for person-to-person payments initiated by a mobile app.

Download

Webcast : An Easy Step to Host Card Emulation (HCE) Solutions

Thales e-Security the market leader globally for payment HSMs continues to evolve its solutions to meet the latest security requirements. Host card emulation (HCE) is a particular focus for 2015 with comprehensive support for the various proprietary HCE specifications released by the major card schemes. Today, HCE enables contactless mobile payments on Android phones to take place at an NFC-capable POS terminal without the need for a Secure Element (SE) inside the phone. It is evident that HCE support is an important consideration for any issuer wanting to launch payment support on Android phones since the current rollouts of Apple Pay are restricted to Apple iOS devices.

Listen Now
Посмотрите интерактивное демо Подробнее
Записаться на демо Записаться
Свяжитесь со специалистом Свяжитесь с нами