Skip to content Skip to sidebar Skip to footer
Home / Android / Android 4.4 Kitkat / Hce / Nfc

Making Host Card Emulation Work For Payment

Post a Comment
I've been using StackOverflow for years now, always finding answers to my questions before even asking them, but today I'm stuck. As I happen to have a working POS terminal (the EM

Solution 1:

The first applet that will be selected by a EMV terminal is the PPSE applet, so you can try to add it also to your AID filters:

<aid-filter android:name="325041592E5359532E4444463031"/>

I don't know why you are trying to emulate payment with HCE but this will never be approved by Visa and MasterCard since for EMV transaction you need a cryptographic keys that need to be stored in secure environment. In the best case the HCE can be used for card not present transactions.

Solution 2:

host-apdu-service structure example:

For HCE application is really necessary to include PPSE AID entry:

apduservice.xml file:

<host-apdu-servicexmlns:android="http://schemas.android.com/apk/res/android"android:description="@string/servicedesc"android:requireDeviceUnlock="false" ><aid-groupandroid:category="payment"android:description="@string/aiddescription" ><!-- Visa Proximity Payment System Environment - PPSE (2PAY.SYS.DDF01) --><aid-filterandroid:name="325041592E5359532E4444463031" /><!-- VISA Debit/Credit (Classic)  --><aid-filterandroid:name="A0000000031010" /><!-- VISA Credit --><aid-filterandroid:name="A000000003101001" /><!-- VISA Debit --><aid-filterandroid:name="A000000003101002" /><!-- VISA Electron (Debit) --><aid-filterandroid:name="A0000000032010" /><!-- V PAY --><aid-filterandroid:name="A0000000032020" /><!-- VISA Interlink --><aid-filterandroid:name="A0000000033010" /><!-- MasterCard PayPass --><aid-filterandroid:name="A00000000401" /><!-- MasterCard Credit --><aid-filterandroid:name="A0000000041010" /><!-- American Express --><aid-filterandroid:name="A000000025" /><!-- BRADESCO --><aid-filterandroid:name="F0000000030001" /></aid-group></host-apdu-service>

Solution 3:

I have noticed during my experiments that the POS device will try to select AID of its supported card scheme. You can check for supported schemes on the device by looking at symbols such as "Visa", "Mastercard" etc. There is a list of AIDs for these schemes at http://en.wikipedia.org/wiki/EMV down the page. So for example, if POS supports Mastercard credit/debit cards, you can try registering AID of mastercard:A0000000041010 as aid-filter in apduservice.xml without registering the AID for PPSE. Give it a go and let me know if it works please.

Edit: Please note that I have been using Vivo tech POS readers.

Solution 4:

A list with the PPSE, Mastercard and Visa: 

<aid-groupandroid:description="paymentGroup"android:category="payment"><aid-filterandroid:name="325041592E5359532E4444463031"android:description="ppse"/><aid-filterandroid:name="A0000000041010"android:description="MasterCard"/><aid-filterandroid:name="A0000000031010"android:description="Visa"/></aid-group>

Solution 5:

In 2013, best answer said "I don't know why you are trying to emulate payment with HCE but this will never be approved by Visa and MasterCard". Oh then MasterCard would not have an official SDK to develop HCE payment applications right? How can you be so sure? For those reading this now, yes of course you can develop an Android HCE app, MasterCard has tons of documents about the best practices. However, it is not publicly open to everyone. I don't know if there is a way to get the SDK and the documents without working with an issuer. You may use EMVCo Books which are open to public, but it may be hard to implement the whole system using only those guides.

About secure environments, for instance, an RSA public key is multiplication of two big prime numbers. If you can find those prime numbers in time, you can be the master of the whole world. But you cannot find those numbers without trying for years (depending on key sizes) with today's computing power, which is proved by mathematicians with better vision than someone in this thread, I'm not going to say who. Whole internet works with public key encryption, you don't always need secure hardwares to keep your data private. There will always be a way, because you cannot reach infinite. When you do, it becomes finite, which doesn't make any sense, lol.

Lastly, "Someone can know everything, in a place where no one knows anything" (F.Y.)

You may like these posts

Post a Comment for "Making Host Card Emulation Work For Payment"