Friday 19 December 2014 | RSS

 
Feedback
 
 

SIMalliance issues HCE security warning

“Host card emulation is good for the NFC ecosystem as a whole, but remains immature, unstandardised and, relative to secure element based deployments, vulnerable to malicious attack,” says SIM card manufacturer association SIMalliance, which has published an HCE discussion paper called Secure Element Deployment & Host Card Emulation.

SIMalliance chairman Frederic Vasnier

VASNIER: “HCE is a force for good in NFC, but it’s no silver bullet”

The cloud-based NFC technology, introduced by Google with the release of Android 4.4 Kitkat in October 2013 and backed by Visa and by MasterCard, “is most appropriately utilised in services where the emulated NFC application is not based on direct implementation of a current, pre-existing card application,” the alliance advises.

“HCE is a force for good in NFC, but it’s no silver bullet,” says Frédéric Vasnier, chairman of SIMalliance. “It will make NFC more accessible and versatile to developers and help to speed more services to market which, as a result, will drive consumer familiarity and encourage adoption.

“However, service providers evaluating HCE for payment and other high-value NFC services should proceed with caution; HCE presents a new raft of challenges and has the potential to diminish both the transaction security and the end user’s NFC service experience.

“SIMalliance considers HCE to be best suited to lower value applications where stringent security requirements, optimal transaction speeds and always-available functionality are not mandatory,” Vasnier adds. “SE-based deployments delivered via mobile network operators remain the sensible choice for high value, secure NFC services.”

  • throwaway123

    LOL

    • Nick

      I like that the paper is hosted on a page called ‘SE marketing documents’

  • Thomas Normann

    I agree with some part of what SIMAlliance are saying, except – of course – this: “SE-based deployments delivered via mobile network operators remain the sensible choice for high value, secure NFC services”

    Why does it have to be delivered via MNOs? Why not via neutral TSMs supporting BOTH eSE and SIM SE (as well as cloud SE..)?

More headlines...