On April 17th, David Marcus, President at PayPal said, “I’ve been looking at three technologies that might truly change the retail experience as we know it.”
One of the technologies David is looking at is NFC HCE (Host Card Emulation). It is an alternative way of using SE (Secure Element) to implement security mechanisms for NFC technology. In my previous blog, I explained why Google has chosen HCE. David Marcus said, “I’m moving from being a massive skeptic of NFC, to being cautiously optimistic on NFC HCE take-up in very specific shopping use cases.”
He envisions two scenarios that would popularize NFC. One is the credit card EMV movement, which would lead to more NFC-enabled terminals at points of sale, and the other is Visa embracing the HCE approach.
I understand David’s point coming from the payment industry leader he is. At the same time, I believe that NFC will take off regardless of payment trends. From my personal experience advocating NFC to business owners, the technology is received with excitement. Entrepreneurs are inspired by the possibilities presented through the integration of NFC tags and chips for enhancing and marketing their products and services. They also wonder why they haven’t heard about the technology sooner.
AT&T, T-Mobile and Verizon spent a huge amount of money on ISIS mobile payment implementation based on NFC, yet they are not promoting the technology proactively or effectively. Not many subscribers know about NFC or ISIS. What is the missing link?
Today, Apple announced the upcoming release of iPhone 5S and iPhone 5C. There are descriptions and discussions about the two iPhones to be released. Unfortunately the revelation that neither phone will have NFC capabilities is a disappointment for the NFC ecosystem.
Despite this fact, iPhone Touch ID, a new fingerprint sensor feature for authentication, may have significant implications for the NFC ecosystem. One of the values that NFC provides is security. Common practice is to save sensitive information in the Secure Element (SE). For example, ISIS, a joint venture between AT&T, Verizon, and T-Mobile, uses this practice for secure mobile payment. With this approach, permission is needed to access SE. Permission is granted after a successful authentication from carriers.
Touch ID has the potential to be utilized as an authentication option for accessing SE. Moreover, Touch ID could limit the need for using UICC/SIM based SE. UICC/SIM based SE is an operator-centric option, since carriers control the access of the UICC/SIM. It provides ultimate security because no one can access it without a carrier’s permission.
Many stakeholders in the NFC ecosystem want to bypass carriers’ control over SE. Touch ID has the potential to shift our perspectives on security and authentication. What are your thoughts on this possibility?