HCE-based contactless transactions for payment apps in the EEA - Support (2024)

iOS17.4 introduces new APIs for developers to support contactless payment transactions from within their banking or wallet apps using host card emulation (HCE). Users based in the European Economic Area (EEA) with an iPhone running iOS17.4 or later can initiate in-person payment transactions from a banking or wallet app at compatible NFC terminals or mobile devices that accept contactless payments. HCE apps, which are software-based solutions, can be more susceptible to attack vectors whereby payment transaction tokens and other sensitive financial data may be compromised, including through exposure to untrusted and potentially malicious entities.

To help protect user privacy and security on iPhone, developers who want to build HCE payment capabilities into their banking or wallet app using these APIs will need to apply for the HCE Payments Entitlement. This ensures that only authorized app developers who meet certain industry and regulatory requirements, and commit to ongoing security and privacy standards can access these APIs.

How it works

  • NFC payments. Users of participating third-party banking or wallet apps can initiate NFC transactions from within the app with compatible NFC terminals.
  • Default app settings. Users can choose any eligible app as their default contactless payments app which will enable the app to support Field detect and Double-click features.
  • Field detect. The default contactless payments app automatically launches when the user places the device in the presence of a compatible NFC terminal and after user authentication (if the iPhone is locked).
  • Double-click. The default contactless payments app automatically launches when the user double-clicks the side button (for FaceID devices) or the Home button (for Touch ID) and after user authentication (if the iPhone is locked).
  • Payment support for non-default apps. Eligible apps running in the foreground can prevent the system default contactless app from launching and interfering with the payment.

Requesting the HCE Payments Entitlement

If you’d like your banking or wallet app to support in-store NFC payments within the EEA, you’ll need the HCE Payments Entitlement. This entitlement ensures that the developer requesting access to the APIs will adhere to certain industry and regulatory requirements — such as being licensed to offer payment services in the EEA, conforming to industry security standards (for example, Payment Card Industry Data Security Standards and EMVCo), have valid agreements with an authorized payment service provider, have network certifications in apps they integrate these capabilities with, and commit to ongoing security and privacy standards to access and use these capabilities.

To get started, submit the entitlement request form. You’ll need to be an Account Holder in the Apple Developer Program, provide the additional details listed below, and agree to the entitlement’s terms and conditions.

To qualify for the entitlement, you must meet the eligibility criteria including:

  • Be licensed to provide payment services in the EEA or plan to work with licensed entities to offer payment services in the EEA
  • Support in-store NFC payments use cases
  • Provide capabilities only to users based in the EEA
  • Follow the HCE requirements and experience guidelines below

You’ll need to provide the following details with your submission request. Please make sure your request is as complete as possible to avoid delays.

App name. Enter your app’s name, then describe its primary purpose and how it works.

Bundle ID. Enter the bundle ID (the app’s unique identifier) that you plan to use. Entitlement requests are per bundle ID and assigned entitlements can only be used with the single binary associated with the bundle ID.

Specify intended use: Describe how your app will use the entitlement.

List RID prefixes: Enter a list of Registered Application Provider Identifiers (RIDs) associated with your app.

Providing an HCE payment experience within your app

Requirements

  • Your app must be for iOS users in eligible EEA markets.
  • Your app must have the ability to support ISO 14443-4 and ISO 7816-4 commands in order to communicate with the NFC terminal.
  • You must have a license to offer payment services in the EEA or have a valid and binding agreement with a payment service provider (PSP) that’s licensed or authorized to offer payment services in the EEA.
  • You must meet all the security standards and privacy requirements that apply to the processing of personal data in the EEA and to the HCE Payment Application and their business, including security standards published by the PCI DSS and EMVCo, GDPR, or other applicable national law.
  • You must maintain (or have in place before the HCE Payments Entitlement is granted) appropriate written policies and procedures for:
    1. The processing of personal data, including disclosure to third parties, and
    2. The disclosure, processing, and remediation of potential vulnerabilities in their HCE Payment Application and back-end HCE infrastructure, and will have in place a process to promptly and without undue delay notify Apple of any actively exploited vulnerability in the HCE Payment Application or HCE back-end infrastructure or of any Security incident.

Design guidelines

Display the in-app NFC presentment sheet

Eligible iOS apps running on supported iPhone models can use the proposed solution to present an eligible credential to a compatible near-field communication (NFC) terminal. In the iOS app, you can invoke an NFC presentment sheet with customizable text whenever users are about to make a contactless transaction.

Use familiar terminology and provide brief instructional text

NFC may be unfamiliar to some people. To make it approachable, avoid referring to technical, developer-oriented terms like NFC, Core NFC, near-field communication, etc. Instead, use friendly, conversational terms that most people will understand. For example:

UseDon’t use
Hold your iPhone near the [object name] to make a payment.To use NFC payments, tap your phone to the [object name].

HCE-based contactless transactions for payment apps in the EEA - Support (1)

Presentment Intent Assertion

In order to enable a seamless payment experience, eligible app developers can prevent the system default contactless app from launching and interfering with the payment.

You can acquire a presentment intent assertion to suppress the default contactless app when the user expresses an active intent to perform an NFC transaction, like choosing a payment credential or activating the presentment UI. You can only invoke the intent assertion capability when your app is in the foreground.

The intent assertion expires if any of the following occur:

  • The intent assertion object deinitializes
  • Your app goes into the background
  • 15 seconds elapse

After the intent assertion expires, your app will need to wait 15 seconds before acquiring a new intent assertion.

Important: Use of the intent assertion API outside of payment intent, or other abuse of this API, is against Apple policy and could result in removal from the AppStore.

Only show the in-app NFC presentment sheet for eligible devices and users

Before presenting the NFC presentment sheet for contactless payments, we recommend using the isEligible iOSAPI to validate eligibility for contactless payment experiences. If isEligible returns False, don’t invoke the presentment sheet.

Distinguish this solution from Apple Pay and Apple Wallet

The HCE-based solution is independent of Apple Pay and Apple Wallet, so to avoid any customer confusion between Apple Pay and this solution, it’s essential to distinguish the presentment experience when leveraging this solution. Avoid displaying an Apple Pay or Apple Wallet mark in the payment button that launches the in-app NFC presentment sheet for HCE payments.

Configuring and enabling the entitlement inXcode

Once you receive an email confirmation that the entitlement was assigned to your account and you’ve configured the app ID in Certificates, Identifiers & Profiles to support this entitlement, you’ll need to update your Xcode project, entitlements plist file, and Info.plist file to list the entitlement and metadata. The entitlement is compatible with iOS17.4 and later on iPhone.

HCE-based contactless transactions for payment apps in the EEA - Support (2)

  1. In the Project navigator, select the .entitlements file.
  2. In the entitlements plist file, add a new entitlement key pair by holding the pointer over the Entitlements File row and clicking the add button (+).
  3. Provide the following values for this entitlement:
    1. Key: com.apple.developer.nfc.hce
      1. Type: BOOL
      2. Value: TRUE/FALSE
    2. Key: com.apple.developer.nfc.hce.iso7816.select-identifier-prefixes
      1. Type: Array of String
      2. Value: A list of RIDs associated with the payment applications intended to be used with the iOSapp.
      3. Examples:
        1. 325041592E5359532E4444463031 - PPSE
        2. A0000000032020 - Visa
        3. A0000000042010 - Mastercard
    3. Key: com.apple.developer.nfc.hce.default-contactless-app
      1. Type: BOOL
      2. Value: TRUE/FALSE

On the next build to your device or distribution request in Xcode Organizer, Xcode will detect that the .entitlements file and cached provisioning profile don’t match, and will request a new provisioning profile based on the latest app ID configuration to complete the code signing process.

Documentation and resources

  • AppStore Review Guidelines
  • Developer agreements
  • Performing ISO 7816-4 based communication with a NFC reader

As an expert in mobile application development, especially in the iOS ecosystem, I have a comprehensive understanding of the intricacies involved in implementing advanced features and security measures. Over the years, I have worked on various projects that required in-depth knowledge of iOS APIs, security protocols, and compliance with industry standards.

Now, diving into the details of the article discussing iOS17.4 and its new APIs for contactless payment transactions using host card emulation (HCE), let me break down the concepts and provide additional insights:

  1. Host Card Emulation (HCE):

    • HCE allows software-based solutions (apps) to emulate the functionality of physical smart cards, specifically in this context, for contactless payments.
    • It enables users to initiate in-person payment transactions from their banking or wallet apps at compatible NFC terminals or mobile devices.

  2. HCE Payment Entitlement:

    • Developers need to apply for the HCE Payments Entitlement to integrate HCE payment capabilities into their apps.
    • The entitlement ensures that only authorized developers meeting industry and regulatory requirements can access the HCE APIs.

  3. NFC (Near Field Communication):

    • NFC is used for initiating payment transactions in participating third-party banking or wallet apps.
    • Users can initiate NFC transactions from within the app with compatible NFC terminals.

  4. Default App Settings:

    • Users can choose any eligible app as their default contactless payments app.
    • The default app launches when the device is in the presence of a compatible NFC terminal or when the user double-clicks the side button.

  5. Eligibility Criteria for HCE Payments Entitlement:

    • Developers must be licensed to provide payment services in the European Economic Area (EEA).
    • Apps must support in-store NFC payments and follow HCE requirements and experience guidelines.
    • Compliance with security standards (PCI DSS, EMVCo), GDPR, and other applicable national laws is mandatory.

  6. Presentment Intent Assertion:

    • Developers can prevent the system default contactless app from launching during an NFC transaction by acquiring a presentment intent assertion.
    • The intent assertion expires after a certain period and should only be used for legitimate payment intents.

  7. In-App NFC Presentment Sheet:

    • Eligible iOS apps can present an NFC presentment sheet for contactless transactions.
    • Developers are advised to use familiar terms and avoid technical jargon to make the experience user-friendly.

  8. Configuring HCE Entitlement in Xcode:

    • Developers need to configure their Xcode project, entitlements plist file, and Info.plist file to enable the HCE Payments Entitlement.
    • Specific key-value pairs, including identifiers and prefixes, must be provided to set up the entitlement.

  9. Distinguishing from Apple Pay:

    • It's crucial to distinguish the HCE-based solution from Apple Pay and Apple Wallet to avoid customer confusion.
    • Developers are advised not to display Apple Pay or Apple Wallet marks when using the HCE-based solution.

  10. Documentation and Resources:

    • Developers should refer to the AppStore Review Guidelines, Developer agreements, and documentation on performing ISO 7816-4 based communication with an NFC reader for a thorough understanding.

This breakdown highlights the key concepts and requirements for developers looking to implement contactless payment transactions using HCE on iOS17.4 and later versions.

HCE-based contactless transactions for payment apps in the EEA - Support (2024)
Top Articles
11 Keto Winter Recipes - Cozy Comfort Foods - Easy Low Carb Meals
30 Easy Homemade Bath Bomb Recipes For A Relaxing Spa-Like Experience
Northern Va Craigslist
ภาพยนตร์สงครามดัตช์เรื่องแรก | พิพิธภัณฑ์ภาพยนตร์ตา
Latest Posts
The First 5 Recipes to Cook from Erin French's "The Lost Kitchen" Cookbook
Easy Couscous Recipe
Article information

Author: Neely Ledner

Last Updated:

Views: 6308

Rating: 4.1 / 5 (62 voted)

Reviews: 85% of readers found this page helpful

Author information

Name: Neely Ledner

Birthday: 1998-06-09

Address: 443 Barrows Terrace, New Jodyberg, CO 57462-5329

Phone: +2433516856029

Job: Central Legal Facilitator

Hobby: Backpacking, Jogging, Magic, Driving, Macrame, Embroidery, Foraging

Introduction: My name is Neely Ledner, I am a bright, determined, beautiful, adventurous, adventurous, spotless, calm person who loves writing and wants to share my knowledge and understanding with you.