Google has unveiled its mobile wallet service, to much fanfare, in New York, joining a field of well established technology, payment and wireless network companies, not to mention a slew of start-ups, in the process. To further hype up the event, one of Google’s rivals, eBay’s subsidiary PayPal, immediately greeted the search giant’s new foray into the online payment processing provider’s home turf with a law suit.
What is Google Wallet?
Google Wallet, launched in beta, is an Android application that enables users to store multiple credit card accounts, as well as a Google prepaid card. The app is password-protected and enables users to make purchases at participating stores by waving (or tapping) their phones by a specially equipped point-of-sale (POS) terminal.
The app is only compatible with near-field communication (NFC)-equipped smart phones, of which currently there is only one available on the U.S. market — the Google Nexus S 4G, available for Sprint customers. NFC allows the wireless exchange of information between enable devices within short distances (up to 8 inches or so).
Additionally, at present Google Wallet users can only store the account information of MasterCard cards issued by Citi. The NFC data exchange is facilitated by MasterCard’s PayPass contactless technology. Currently there are about 135,000 merchant locations in the U.S. equipped with PayPass POS terminals.
Is Google Wallet Secure?
Osama Bedier, Vice President of Payments at Google and the cause of PayPal’s law suit, took great pains to convince the audience how secure Google Wallet is. Here is what he had to say on the subject:
The Wallet PIN protects access to the Wallet Application itself. If a user enters the PIN incorrectly too many times, the Secure Element [the chip where card information is stored] is disabled and cannot be used for payment until it has been reset by a combination of the issuing bank, the Trusted Service Manager, and the user. Resetting the PIN requires the user to reprovision their credit cards to the Wallet, thereby forcing a would-be thief to provision all the card credentials from scratch. In addition to this, the Secure Element prevents an individual from reading any information directly from it. There are multiple security components to its design that make it difficult for any criminal to extract the data contained within its memory.
What happens if the phone catches a virus? Bedier:
If malware compromises the phone’s operating system, the Secure Element is designed to protect the credentials. The Secure Element’s OS and the data contained in the Secure Element are completely isolated from the phone’s OS. Indeed, the Secure Element hardware is separate from the other storage mechanisms on the phone. Further, the phone’s OS does not have the capability to read any data from the Secure Element.
Only the future will tell how well this “Secure Element” protects cardholder data.
As we reported in our first post on the Google Wallet project a month and a half ago, the search giant is not really interested in the payment processing aspect of the new service. In fact, Google will not be getting any portion of the processing fees, collected by Citi and MasterCard.
Google is creating a new mobile information management platform. To that end, in conjunction with the wallet, the search giant is launching Google Offers, a service that will be sending coupons and deals to users, similarly to what GroupOn does. The company says that it will not have access to the card account information and transaction history of its wallet users, something that would run squarely against industry regulations anyway. However it will be monitoring the time of the purchases and coupons used.
It is clear that Google wants to keep track of consumer purchase patterns, although they claim such data will not be used for targeted ads. I wonder, what else could this information be used for?
Image credit: Izaid.net.