RBC expands mobile payment support to all Android phones running KitKat and above

Update, 4:30pm: RBC has responded to questions of why the app has not rolled out to everyone. It says that the initial rollout was limited, and that more news of the HCE-enabled Mobile Wallet will be available next week.

RBC customers no longer have to worry about having the right SIM card or smartphone to tap-to-pay on with a smartphone — as long as that phone is running Android 4.4 or later.

Announced late last year, Canada’s largest bank has finally rolled out Host Card Emulation support, moving the “secure element” for storing credit and debit card credentials from the smartphone itself to the cloud. RBC has been working to make this technology universally accessible for some time, and reportedly held off until Apple Pay was on the precipice of launching in Canada.

Customers on any smartphone or carrier running Android 4.4 on above can add a Royal Bank of Canada Visa Debit or Credit, or Interac Debit card to their RBC Mobile app to make payments at NFC-enabled terminals across the country.

RBC mobile payments

The actual payment process — authenticating with a PIN on the device and tapping the phone gently on the payment terminal — is unchanged. What has changed is the way the card credentials are stored and transmitted. It’s unclear at this time whether RBC has implemented tokenization, whereby the numbers conveyed from the phone to the bank to the payment network (such as Visa or MasterCard) are not one’s real PAN (primary account number or, colloquially, credit card number) but a randomly-generated series of numbers of little use to a thief. Apple Pay was the first major mobile payment solution to issue tokens to credit cards added to its network, but the iPhone stores those credentials on a physical space in the A8 SoC itself; RBC is working with the banks and payment networks to store them in the cloud.

Google’s response to the per-device certification required for traditional NFC-based payments was to integrate Host Card Emulation, which, as the name implies, emulates a physical secure element. Added to the core Android code in Android 4.4, it allows all devices, regardless of make or carrier affiliation, to use mobile payments, avoiding the disastrous fragmentation that we’ve seen to date with most Canadian banks. Until now, RBC’s mobile payment solution only worked with a small number of Android devices running on Bell’s network.

One quirk of Host Card Emulation: it does not work on rooted devices, likely because once a user gains root access to the system, the efficacy of the link to the bank’s cloud wallet can not be guaranteed.

RBC didn’t respond to a request for comment in time for this article, but we’re hoping to get more information soon about the bank’s mobile payment strategy.

Thanks to reader Tyler Rochwerg for the tip.