At the APSCA Forum on “Outlook for NFC Business & Technology in 2014”, UL Transaction Security’s expert Rick Hsu gave a presentation on “Android HCE Security Implications”, which was very well received by the audience. Nearly 80 experts from the NFC ecosystem from Japan, Asia and Europe joined the forum in Tokyo on March 4th and the presentation received great feedback from participants, from both Japan and international markets. The audience mentioned that the presentations and discussions were very useful in providing an understanding of how the NFC Business is likely to develop in 2014.
Host-based Card Emulation (HCE) has garnered quite some attention in the NFC and mobile payment industry because it opens up the possibility to perform NFC card emulation without using the Secure Element (SE) in Mobile handsets. Industry attention is further increased by one of the first major implementations of HCE, by Google for an SE-less NFC payment system in its Google Wallet offering.
UL believes that HCE may accelerate the introduction of NFC services, because it provides a simplified, but less secure, option to provide an NFC card emulation service. It has great added value for Service Providers (SPs) that can accept a reduced level of security in exchange for an improvement of other factors such as time to market, development costs and the need to cooperate with other parties. These SPs must however be fully aware of the security risks caused by the lack of the hardware-based security as provided by the SE.