The evolution of NFC-enabled mobile devices promotes the development of NFC-based mobile applications, especially in mobile payments. An NFC-enabled phone, in the card-emulation mode, behaves like a contactless smart card or a credit card, which allows payment applications with personal information stored in the Secure Element (SE). Mobile network operators and services providers control and dominate the lifecycle of SEs and related services through a third-party trust service manager. However, the solution relies on the cooperation of all parties in the NFC ecosystem. This paper presents a secure NFC mobile payment system based on HCE technology. The HCE technology enables the realization of a virtual smart card using software. In HCE mode, the host CPU can process APDU commands sent by an NFC Reader. This study aims to develop a mobile payment scheme without the need of SEs. The proposed system achieves security features based on contemporary AES and RSA encryption algorithms, and two effective authentication schemes are proposed with timestamp and nonce methods respectively.