Gemalto CEO: HCE Not Secure for EMV Payments Unless Tokens Stored on Secure Elements or TEE
France-based vendor Gemalto Thursday confirmed its growth projections for 2014 and its longer-term forecast for 2017, despite the recent announcements of support for host-card emulation by Visa and MasterCard Worldwide.
Gemalto, the world’s largest smart card supplier and also the largest trusted service manager, has much to lose if pure host-card emulation, or HCE, takes off. It would enable banks and other service providers to avoid putting their applications on NFC SIMs, like the ones Gemalto supplies by the millions to mobile operators; or to require the hiring of a TSM to manage those applets over the air on the SIMs or other secure elements.
Gemalto CEO Olivier Piou, while he questioned the inherent security of HCE for EMV payments, sought to put a positive face on the growing interest in the technology, in comments to financial analysts Thursday, following release of the company’s fourth quarter and year-end results.
Among other things, HCE represents an endorsement of NFC by “all the main players of this ecosystem” for NFC, including Visa, MasterCard and Google, said Piou, who added that HCE would add momentum to the deployment of contactless point-of-sale terminals by merchants. In addition, he acknowledged that HCE enables easier development of applications for use with NFC phones, compared with secure elements.
Some major telcos, including the Isis joint venture, have been using similar talking points, especially since Visa and MasterCard made their HCE announcements Feb. 19.
But Piou, like the mobile operators, is taking a position on security that doesn’t quite match that of Visa and MasterCard or to jibe with the strict definition of HCE. Gemalto and the telcos are arguing that HCE is suited for such low-security applications as loyalty and couponing, not for open-loop payment.
In this article:
Words:
3,500
Among Topics Covered:
- Gemalto CEO’s Olivier Piou’s contention that EMV tokens for HCE can't be secure in phone memory
- Position of Visa and MasterCard on security of tokens and HCE
- Piou: Decision on HCE security belongs to banks
- Gemalto’s year-end revenue and profit report and multiyear goals
- Review of hybrid approach to putting tokens on secure elements for cloud-based NFC payments
- Oberthur’s take on HCE security
- Isis’ view of HCE
- Piou’s comments on Gemalto’s MCX contract and response to question about role vis-à-vis Paydiant
Sources Quoted:
Olivier Piou, CEO, Gemalto
Cédric Collomb, managing director, telecom, Oberthur Technologies
Scott Mulloy, CTO, Isis
Jorn Lambert, group executive, digital convergence, MasterCard
Among companies and organizations mentioned:
Gemalto
Visa
MasterCard
Isis
Oberthur
MCX
Paydiant
This is premium content from NFC Times.