EMV, HCE, BLE will drive adoption of NFC in the USA
Are tap-and-go transactions ever going to be a reality in the U.S.? Yes they are, said speakers at last week’s 2014 NFC Solutions Summit in Austin — and sooner than you might expect.
Tech execs from across the payments world told conference-goers that complementing technologies and architectures such as EMV, host card emulation and Bluetooth low energy ultimately will propel NFC into commercial use. But not without added risk and security factors, presenters said.
The conference was jointly sponsored by the Smart Card Alliance, the NFC Forum and the NFC World Congress. Following are a number of observations from presenters about the future of NFC in the USA.
HCE and NFC
Host card emulation unlocks the potential for NFC applications without the need for integration with the mobile device's secure element or for the support of a trusted service manager. This makes HCE a vehicle for quick and cost-effective NFC deployments, but it also raises questions about security.
Michael Gargiulo, the principal consultant at TNG Technologies, said that if HCE leaves data at rest in the phone at the operating system level, that data is "in the wild." He said potential security issues could arise from uninstalled OS security updates, rooted phones, low-strength software security algorithms and capture of user-entered data.
Ted Fifelski, co-founder of SimplyTapp, the company that created HCE, said, “Enterprises need to ask themselves, 'what are you protecting?' and add levels of security they deem appropriate."
BLE and NFC
NFC and BLE will likely coexist in the mobile ecosystem because their best use cases differ, said John Ekers, CIO at ABnote.
BLE's quick coupling abilities are best for use cases that don't require high levels of security, such as in-store mobile marketing and gamification. Payment, though, "is the ideal transaction for NFC," Ekers said.
Creators of the Isis mobile wallet certainly believe so. The app is accumulating 20,000 wallet activations per day and is enabled for 68 mobile devices, according to the company’s CTO, Scott Mulloy.
To ensure security, Isis has incorporated security techniques into the Isis Mobile Wallet with the key tenet: "don't store the data people want," he said.
According to Mulloy, Isis stores no consumer data on its platform, making its data "a fairly uninteresting target." Other security techniques include PIN protection, a 30 minute time limit for keeping the wallet open; change/loss scenarios in which wallets can be quickly shut down if a phone is lost or stolen; use of the proven secure element; and the generation of unique, dynamic data for every transaction.
Paul Moreton, vice president of digital commerce at Capital One said that "disruption is coming" to payments and that many mobile wallet solutions will soon hit the marketplace. For its part, Capital One has deployed several NFC-based mobile wallet solutions and sees issuer competition for the mobile wallet market a good thing, as it will spur more innovation.
NFC and EMV
MasterCard VP of advanced payments Oliver Manahan sees NFC, contactless and EMV chip payments as technologies that should be implemented together in the U.S. "Do it once, do it right, and future proof yourself as much as possible," he said.
The U.S. migration to EMV chip will be a catalyst for terminal upgrades that include NFC, said David Talach, director business development at PayPal. He can see “a world where we have a reasonable NFC density from a merchant perspective by around 2015."
Additional information about NFC technology is available at the Smart Card Alliance website.