March 10, 2017

The host card emulation (HCE) way

Valdis Janovs

Head of Retail Payments and Cards, Tieto

No personal consumer device seems to have had the same impact as the smartphone. Unbelievably it’s only ten years ago that Steve Jobs announced the iPhone at a Macworld convention. Now over a billion iPhones have been sold. With the speed and scope of change in the mobile space, it can be hard to separate the hype from the happening.

Take mobile contactless payment, for example. This seems to have been ‘coming soon’ for the longest time. But there has been no real break-through to mass adoption. I look into some of the reasons why and what is changing. Moreover, I’ll explain how issuers can take advantage of the changes to increase revenue, cut costs and improve their businesses and brand. 

A shotgun marriage

In truth, mobile contactless payments were technically possible long ago. There were (and still are) various ways of replicating contactless NFC payment functionality on a mobile device.

This can be done by writing to the SIM card, the SD card (a data storage device) or secure element. Yet all these methods have one major flaw in their DNA: they involve third parties.

Issuers have to navigate partnerships, complicated business and technology infrastructure models to get mobile payments into the hands of consumers. That’s why take-up has been slow.

It wasn’t so much the technology, rather the commercials that held it back. I’d liken it to a shotgun marriage between two different industries: telcos and retail banking. Telcos were used to managing SIM distribution. Banks used to managing card products. Simply put: each party needed the other but they could not agree on the commercials, and who owned the SIM and the customer. 

Along came host card emulation (HCE)

HCE changed everything — both technically and commercially. HCE allowed card issuers to put mobile contactless/NFC functionality on devices themselves and bypass commercial roadblocks.

HCE digitizes the card on the phone, generates card numbers and talks to contactless POS terminals. With HCE, there’s no need to rent space on the secure element, reissue the memory card or certify hardware. It cuts hassle, cost and time to market.

Mobile contactless payment is now easier to introduce as it runs off the consumer’s phone[1] and existing contactless card acceptance infrastructure.

It’s easier to provision as issuers can load and update the app and keys directly to the consumer’s device over the air. 

It’s also secure as keys can be single-use or limited. And they can be replaced on the device in real-time without blocking or recalling the phone.

For more information

Tieto has a market-ready HCE solution, which can be easily integrated with any mobile payment app on the phone via standardized APIs. Certified by MasterCard, our solution handles the entire back-office process (transaction processing, token issuance, lifecycle management and de-tokenization), freeing you up to focus on your front-end customer proposition.

As ever for a game-changing technology with strategic implications, the devil is in the detail and there is more than one route to market. To find out more about how Tieto could help you achieve your mobile business objectives, please contact me Valdis Janovs (valdis.janovs(at)

- - -

For more please see:

[1] NFC-enabled handsets only. Android 4.4 (KitKat) or later, Blackberry OS7 or later, Windows 10 and Windows 10 Mobile or later.

Stay up-to-date

Get all the latest blogs sent you now!