Update Your Way to Android Pay Success with Miura Systems – Pt II
Android Pay and Apple Pay are both up and running in the UK now and helping to drive real change in the payments industry. Merchants and other stakeholders should be excited about the potential in the two platforms for boosting profits and transforming the shopping experience for customers.
Although both Android Pay and Apple Pay are fast, simple and secure and largely work the same for the end user, there are some differences in the underlying technology and implementation.
Host Card Emulation (HCE) vs Secure Element (SE)
Apple Pay features a device-based ‘Secure Element’ embedded in the NFC chip. This Secure Element performs de facto card emulation and securely stores tokenised card data, which is securely provisioned during the loading of the card to the Apple Pay wallet. It then sends the payment data to the contactless terminal when a user taps-and-pays. Android Pay, on the other hand utilises software rather than hardware to provide the Secure Element services.
As expected, performing all the functions of the secure element in software still poses certain security risks. These risks are mitigated by implementing cloud-based secure elements. HCE and Android Pay combine custom software on the mobile device with highly secure cloud-based processing which allows for the use of payment tokens in an offline environment.
These tokens are stored locally on the smartphone but they only authorise the payment app to make a limited number of payments for a limited amount of time; say one day. Once the token expires or reaches its authorised limits then new tokens need to be fetched. The management of these tokens will happen in the background and can happen whenever the user is online, as part of the normal app sync process
HCE over SE?
Both implementations utilise payment tokens and the inherent cardholder security this brings with it which is great news for consumers. However, embedded SE solutions introduce both commercial and ecosystem complexities that had previously constrained the evolution of secure NFC payment solutions and limited it to only major players such as Apple.
The development of HCE aligns to Android’s physical and logical, hardware and software openness. It also allows payment providers and value added service providers to create NFC-enabled applications without the commercial constraints of working with handset manufactures or MNOs directly. And it removes the technical complexity of managing secure elements.
All of this should help towards building a successful and dynamic ecosystem which will support the launch of even more convenient NFC payment solutions in the very near future. Maybe the next time I check into a hotel I’ll be using an HCE-powered app to open my room door and pay my bill via NFC.
Miura customers benefit from its innovative, secure hardware as well as its mature and flexible APIs which already fully support both Android Pay and Apple Pay. This means that in the event updates are required to these systems they can be provided seamlessly over-the-air, with neither commercial or usage impacts to day to day processing. This means business owners can maximise their time doing what they do best – growing the business.
For example, a business may want to enable higher value payments on Android Pay, up to £100. Or they might want to start offering virtual loyalty cards and other promotions. It’s all child’s play with Miura Systems.
With Android Pay joining the fray, we’re heading for an era when even paying by plastic could begin to look as old-fashioned as writing a cheque. So get in touch today to see how Miura Systems can help you drive profits and meet growing consumer demand for fast, simple and secure mobile payments.