Google has been busy making some wholesale changes to the way Google Mobile Wallet (NFC payments) works. Note: there are two Google Wallets – the mobile* which allows you to use your mobile device while out shopping and an online version which is inbuilt in the Google Play Store – this allows you to purchase apps. Now let us take a look at some of the security improvements recently made by Google to the mobile version of Google Wallet. *The Google (mobile) Wallet app is not available in the UK and is only available on specific devices.
Firstly, Google has opened additional payment methods, which includes credit cards and credit cards previously tied to your Google account. Secondly it has moved everything off your device (Secure Element) into the cloud. What this means is that when you make a purchase from the wallet, a wallet ID (this is stored on the Secure Element) is sent to the Google online servers, which completes the transaction with the card information stored in the mobile wallet’s online counterpart. The useful element (no pun intended folks ;)) is that you actually don’t need connectivity (it will also work with a dead device battery – very cool) between the phone and the wireless network for any transaction to take place.
TIP: For those in the US, look out for “Google SingleTap™ merchants” – Find out where Google (Mobile) Wallet works
What about the competition? US network operators (AT&T, T-Mobile USA and Verizon Wireless) actually use an alternative secure element which is embedded in the SIM called ISIS. The next Apple iPhone will actually be using Bluetooth 4.0 for making mobile payments instead of NFC. It’s clear that the US banks don’t appear happy to hand over control to Google – this brought about the changes mentioned above by Google. Google is also under some competitor pressure from the ISIS consortium.
Here are some useful security tips you should know about Google Wallet:
- You will still need to use a 4-digit PIN* to use Google Mobile Wallet (don’t forget to use your Android device PIN for added protection).
- Google also allows you to lock and remotely disable Google Mobile Wallet on any lost device which is something you cannot do with a leather wallet folks! https://wallet.google.com/manage – when a device reconnects to the wireless network the wallet is reset and device stored data is deleted.
- Credit and debit cards stored in Google Mobile Wallet are encrypted on secure servers. The merchant and your Android device will never get your real payment card information.
- Card account numbers are always hidden. Only the last four digits on the screen in-store will ever be visible.
- Google Mobile Wallet never shares your credit or debit card information you store in your wallet with any merchant online or offline.
*Google is actually using a system that uses a type of ‘password logic’ that they claim detects and rejects obvious weak passwords i.e. “1234”.
Right now, Google’s challenge is that financial institutions are reluctant to put their faith in Google managing financial transactions such as loyalty cards and vouchers. There is also the issue of NFC being relatively immature in the global market – how many stores in the US use NFC? What about here in the UK? Will merchants buy into NFC and in particular the cost of merchant processing? There is also competition from PayPal which is already a leader in NFC payments. Right now, it’s too early to tell whether Google Wallet, ISIS, Apple or PayPal to name four, will be the major leaders in NFC/bluetooth mobile payments and/or mobile payment processing as well as stimulate a new global payment revolution. Only merchants and consumers will be able to decide whether NFC or Bluetooth payments will be a global success.
Safe surfing folks!