Definition: Host Card Emulation (HCE) secures and allows mobile devices to simulate a physical card, such as a credit or debit card, for consumer purchases at point-of-sale (POS) terminals, identification, ticket scanning, etc.
Host Card Emulation (HCE) explained
HCE is a software solution that enables transactions between mobile devices and other credential acquiring devices with an incorporated Near Field Communication chip (NFC). Other mobile devices, contactless point-of-sale terminals, transit turnstiles, and a variety of access control touch pads are examples of such devices. This allows contactless communication between a mobile application and a terminal, to support contactless payments.
With HCE, instead of being stored on the phone, critical payment credentials are stored in a secure shared repository (the issuer data center or private cloud). To enable contactless transactions, limited use credentials are delivered to the phone in advance.
Previously, banking credentials were stored in the Secure Element (SE) on a phone's SIM card or a payment card. These credentials are required in order to process payments. With Host Card Emulation, the credentials are securely stored in a payment App. It is also known as the Software Secure Element. However, this has made it very complex for banks - more complexity means a larger attack surface. As a pure software security solution, an HCE-based system needs a good combination of countermeasures between the software and the back end of the system - the cloud.
With the rise of mobile payments and cloud-enablement technology such as host-card emulation (HCE), it's more important than ever to implement a strong data security strategy that includes end-to-end encryption. The underlying security provided by Hardware Security Modules adds trust to transactions by securing the enrollment, provisioning, and tokenization process of payment card credentials and operations.