With Launch of Google Wallet, the Wallet War Begins

Google has unveiled its much anticipated NFC mobile wallet and, as expected, we learned that it is much more than just an app for Android phones.

Google is building a whole infrastructure for its bold move into NFC-based mobile commerce, including signing up banks and big retail chains, paying for all or most of the cost of thousands of contactless point-of-sale terminals and hiring a trusted service manager to deliver and manage applications securely on phones.

The Google Wallet along with the Google Offers service, which works hand in glove with the wallet, underpins the search giant’s entire strategy for NFC.

With Offers–which launched yesterday in its first city, Portland, Ore.,– and its other targeted mobile couponing and advertising services, Google is hoping to make the leap with its lucrative Web advertising business to the physical world, where the vast majority of consumer purchasing is done.

As Stephanie Tilenius, vice president of commerce at Google, said in a preannouncement statement last week, “We’re making a big bet on it as a company.”

So one has to ask, how might Google protect that investment?

Google Wallet: How Open?
Google executives at last Thursday’s wallet unveiling and again this week at a demo of Google Offers were at pains to say the platform will be open to additional banks, card networks, handset makers and network operators.

But with billions at stake in this so-called “new era of commerce” on smartphones, as Google puts it, it is questionable how truly open Google’s or the other major wallets will be.

And there will definitely be wallets from other large organizations competing with Google, especially in the United States. It is here where we will see the first battles in what I’ve described as a brewing wallet war.

Both the Isis joint venture, anchored by AT&T and Verizon Wireless, and Visa Inc. have announced their intentions to roll out their own mobile wallets on NFC phones. And like Google, they have been repeating the “open” mantra for their wallets.

Although they might open their wallets to various banks and other service providers, the three major wallet providers all plan to retain control over their wallet brands.

More importantly, they will be fighting for space on the same NFC phones. And whomever controls the secure elements on the phones will gain the upper hand.

Already a dispute is growing over control of the embedded secure chips expected to be included in most NFC phones–with device and mobile operating system suppliers vying with mobile operators for possession of the master encryption keys to these chips. The dispute will not only involve Android. Research in Motion, for example, also wants to keep the keys to embedded secure chips in its BlackBerry NFC phones.

But I expect one of the prime battlegrounds in the wallet war to be the secure territory in Android phones, now the most popular smartphone platform in the United States.

Google in Control
Though possible, it’s difficult to imagine more than one wallet residing on the same Android NFC phone or on other mobile phone platforms that go to NFC, both for technical and commercial reasons.  

For the Nexus S, the first handset that will carry the Google Wallet, Google is firmly in control of the secure chip.

The main applications in the wallet, including payment and probably the offers, will be stored there. It’s unclear how much of the Google Wallet software itself resides on the embedded chip. Part of the wallet is in the phone itself, providing the menu of services and other features of the user interface. But the wallet is certainly anchored on this secure chip, for which Google controls the master keys.

First Data, the trusted service manager, or TSM, that Google has hired, will handle those keys as an agent for the search giant.

“In the end, the TSM will manage the service, manage the delivery of keys,” said Steve Owen, vice president for sales and marketing, for the identification unit at NXP, which supplies the NFC chip and secure element for the Nexus S and which helped Google develop the wallet. “Each application is an agreed and approved app in the Android Market–approved for the Google Wallet. It has to be an approved application.”

While Owen isn’t saying it outright, it’s obvious that Google is maintaining complete control over its wallet, at least for its own phone, the Nexus S.

Other observers see Google cementing its control over the wallet through the secure chip.

“Their relationship with the handset vendors is interesting as they play the ‘open mobile OS’ message very well, but on the other hand, are protecting the access to the SE (secure element) for their own and their partners commercial gain,” Tim Jefferson, head of UK-based consulting firm The Human Chain, which specializes in mobile and NFC, told me.

Google did not address the question of whether it would allow other providers, such as Isis or Visa, to put their wallets onto the Nexus S, or on other Android handsets, notes NFC industry veteran Hans Reisgies, vice president of product and sales for startup Sequent Software.

“That’s the fundamental question that was not answered in the (Google) briefing,” Reisgies, whose company seeks to make a business of managing secure elements on NFC phones as a specialized TSM, told me. “Can the Isis wallet use the secure element on NFC Android phones?”

He believes the answer will be no. Google Offers is too important to the search giant, and it wouldn’t want any competition from other wallets that also enable merchants to deliver offers to consumers. And for Google Offers, the Google-controlled secure element is important.

Reisgies, former head of NFC business development for U.S.-based contactless reader supplier and TSM Vivotech, said the coupons and other offers that consumers can “clip” by searching on their phones or tapping smart posters and then put into their wallets would also have to be stored on the secure chip.

Otherwise, it would be very difficult for Google to pull off what the company has already trademarked as its “SingleTap” system of redeeming offers and paying with one tap of the phone.

Others agree, such as Austria-based NFC researcher Michael Roland of the NFC Research Laboratory Hagenberg. For a single tap with payment, the coupons would have to be on the secure element and use NFC’s card emulation mode, otherwise the phone would have to do the payment with one mode, card emulation, and switch to tag-reading mode for the couponing.

“I’m not sure if the phone would be able to do card emulation and read-writer action in the same tap,” he said.

Sharing a Secure Element? Unlikely
So this tells us that control of the secure element is key to Google’s wallet plans. 

And it’s doubtful whether applications for more than one wallet could share the same secure element.

Jürgen Spänkuch, director of business development for embedded security at Germany-based Infineon Technologies, which provides the secure elements for NFC chips supplied by Inside Secure, said he expects to see a “one-to-one relationship” between wallet applications and secure chips.

In other words, he expects to see only one wallet per secure chip.

Nor is it likely anytime soon that we’ll see a Google Wallet on an embedded chip and a separate wallet with similar applications on a SIM card in the same phone.

While NFC chips from both NXP and Inside support multiple secure elements, standards organizations and NFC application providers have yet to agree on a way for phones and readers to smoothly determine which secure element to address when a consumer approaches a reader wanting to tap to pay or use a transit ticket.

One option is to make one secure element in the phone the default, so that all readers look first to applications on this chip. But imagine the protests by, say, Visa if wallet applications from its banks are on an embedded chip while mobile operators have decided the default secure element will be on the SIM, with the Isis wallet applications stored there.

The alternative is to have some kind of lookup table stored on the phone that knows which applications are on which secure elements and then determines which chip to address based on the application the consumer chooses. And there could be more than two secure elements in the same NFC phone, including one on a microSD card.

All this risks a bad user experience, so it seems likely there will be only one wallet per phone for some time to come.

Google Initiative: Competitors Lash Out
Such new Google rivals as online payment company PayPal and card network Visa appear concerned about the search giant’s ability to control the NFC m-commerce experience.  

PayPal, a unit of eBay and planning to make its own jump from the online to the physical world, wasted little time on May 26, the day Google introduced its wallet, in filing suit against the search giant and its two top m-commerce executives, Stephanie Tilenius and Osama Bedier. The suit accuses the execs of stealing trade secrets and poaching staff at PayPal, where both had worked.

Over at Visa, Jim McCarthy, head of global product, writing in a blog posted the day of the Google Wallet launch, noted that Visa’s own recently unveiled digital wallet is open to “any mobile network, with any NFC-enabled smart phone, with any financial institution and on any payment product” (italics, his).

“Contrast our approach with our competitors’ plans, and the fundamental differences become apparent,” he sniffed. The Visa digital wallet also enables payment for online purchases.

Visa took a similar dig at Isis when the telco joint venture was planning to launch its own payment scheme. But observers point out that it’s unlikely Visa will be so open when it comes to the branding of its wallet on various devices. The Visa brand is expected to feature prominently.

Control over Other Android Phones?
While Google controls the secure chip in its own Android phone, the Nexus S, which was made for it by Samsung Electronics, it’s a different story with other Android NFC phones. These will be produced by a variety of phone manufacturers, including HTC, LG Electronics and others by Samsung.  

The handset makers will technically own the keys to the secure chips after the phones roll off the assembly line and might also want to control the chips themselves for applications and as an alternative revenue source.

But the Isis telcos, which will be buying the vast majority of the Android NFC phones in the United States, will expect the phone makers to hand over the keys. And Isis believes these manufacturers will comply. After all, they want to sell high volumes of phones, and U.S. carriers control the distribution channels.

“Whether that’s the SIM or embedded (chip), it’s ultimately the carriers that buy the devices and have control of the secure element,” Jaymee Johnson, head of marketing for Isis, told me.

He denies there is a budding wallet war and said Isis and its member telcos could work with both Visa and Google.

Of course, that is after the Isis telcos have the keys to the embedded secure elements firmly in hand. Not only do the Isis telcos plan to try to make revenue by helping merchants deliver mobile offers to consumers, they also plan to charge fees to banks and other service providers to enable the service providers to put their applications onto any secure element in the phones. This is the new Isis business model, and it makes control of these chips by the telcos just as critical as before, perhaps more. 

Update: Mark Hung, director of wireless at U.S.-based research firm Gartner, believes phone makers and eventually Isis would give Google permission to access the secure chips in the phones. Google needs this access, whether its wallet is based on a secure element embedded in the phone or on a SIM or microSD card.

“In order for Google Wallet to work, Google will need to have control over the secure element,” he said. “In essence, the Google Wallet is like an app store for secure applications. Just like Apple controls the end-to-end experience with iTunes and the App Store, Google will control the end-to-end experience with Google Wallet.” End update.

Perhaps that permission will come with a price. But if phone makers and telcos refuse to go along with granting access for the wallet, Google might still be able to exercise some control over the secure elements in other Android phones besides the Nexus S. It might be able to do this by limiting access to the application-programming interfaces, or APIs, for applications using the secure chips, say some observers.

In Android 2.3, dubbed Gingerbread, Google still has not added the APIs for card emulation, which are needed for application developers to create NFC apps that would use the secure chip. The latest Android version, 2.3.4, does add a note that special permission is needed to access the chip. That is not unusual, since applications using secure chips require developers with extra knowledge of security measures, so the APIs and developer toolkits would not be open to just any Android app developer.

Still, if it wanted to, Google could restrict the APIs for card emulation in Android NFC phones, effectively excluding developers of applications intended for competing wallets, said Sequent’s Reisgies. Even if the Isis carriers have the keys to the embedded chip in the phones, they would not be able to use them.

“If those secure-element APIs are never available to developers, then the Isis wallet will never be able to talk to that secure element, even if it has the keys.”

Since Android is an open-source operating system, the only alternative would be for handset makers and wallet developers to create their own customized APIs for particular handsets. 

Boxing with Straw Men?
It remains to be seen when Google will add the APIs for the secure chips and how restrictive they will be. Google’s Bedier said at the wallet unveiling last week that the company was working to make APIs available for banks and merchants. 

For James Anderson, head of mobile product development at MasterCard, a partner in the Google Wallet launch, any talk of Google taking over wallets on other Android phones or even on the Nexus S and keeping other players out is nonsense.

“This is a straw man that somebody is boxing with,” he told me. “Nobody is proposing a closed solution.”

He said he believes there could be multiple wallets competing on the same device, and the market will determine the winner.

But U.S.-based payments consultant Steve Mott of BetterBuyDesign said he wouldn’t be surprised if Google, Visa and other wallet providers use their market clout and any other resources at their disposal to try to gain an edge in what he sees as a land grab for the coming mobile-commerce bonanza.

“How people are going to transact for the next 15 years is going to be determined in the next year or two,” he said. “It is going to be interesting to see.”



Lax Security Blamed for Hack of 7-Eleven’s Mobile Payments Service in Japan

NFC TIMES Exclusive Insight – Japan’s popular 7-Eleven convenience store chain reported Thursday a major hack of its QR code-based mobile-payments app, but the breach appears to be due to poorly designed security protections in the app. 

In-Depth: More Nordic Banks Support Payments on Passive Wearables with Provisioning after Sale

NFC TIMES Exclusive Insight – Two more large Nordic banks, Nordea and Swedbank, have launched contactless payments on analog watches, using technology from Swedish provisioning company Fidesmo that enables consumers to buy the watches and provision them with tokenized Mastercard-branded cards after the sale by tapping the watches on Android NFC phones.

Insight: Apple Pay’s Expansion to 13 New European Countries Won’t Add Much Transaction Volume but Follows Familiar Strategy

NFC TIMES Exclusive Insight – Apple’s expansion this week into 13 new European countries may not look so good on paper, but it follows a divide-and-conquer strategy that Apple has used effectively before.

Visa Deepens Push into Tokenization with Planned Acquisition of Rambus Payments and Ticketing Unit

NFC TIMES Exclusive Insight – Visa plans to buy the payments and ticketing unit of U.S.-based chip company Rambus for $75 million, as the payments network seeks to expand tokenization beyond Visa cards, including to bank accounts used for real-time payments, as well as to transactions processed by domestic networks.

With Contactless Payments Ready to Take Off in U.S., Payments Trade Group Concerned ‘Fragmented POS Experience’ Could Hinder Growth

NFC TIMES Exclusive Insight – While contactless payments in the U.S. is “expected to accelerate in the near future,” merchants and issuers must improve the “POS experience” for consumers, the U.S. Payments Forum, a payments industry trade group, said today.

Melbourne Transit Agency Touts Successful Launch of Closed-Loop Payments with Google Pay; Plans to Add Support with Apple Pay

Jun 17 2019

NFC TIMES Exclusive Insight – Following a successful launch of its closed-loop Mifare-based transit payments service, myki, with Google Pay, Melbourne, Australia, transit authority Public Transport Victoria has allocated AU$1 million to expand the service onto other smartphone platforms, including iOS and the iPhone, an agency spokeswoman confirmed to NFC Times.

Analysis: BBVA’s ‘Global Payment Platform' Unlikely to Make Much Impact

NFC TIMES Exclusive Insight – The recent announcement by large Spain-based banking group BBVA of plans to enable more banks across its footprint in Latin America to roll out the NFC-enabled BBVA Wallet as part of their banking apps could run into problems, given trends for low take-up of bank-issued NFC wallets. 

In North America, Many Cities Not Ready for Open-Loop Payments

May 31 2019

NFC TIMES Exclusive Insight – While open-loop transit payments services, such as one being launched this week by New York’s Metropolitan Transportation Authority, get most of the attention, most public transit agencies and operators do not plan to accept credit and debit cards directly for payment of fares anytime soon.

Visa and Chase Seize on Launch of New York City Transit Payments Service to Try to Build ‘Momentum’ for Contactless

NFC TIMES Exclusive Insight – Unlike in most developed countries in Europe and Asia, in the U.S., only a small percentage of the population regularly uses mass transit. But New York City is an exception, with more than 4 billion transit trips per year in the metropolitan area–seven times greater than in the next largest U.S. city in terms of transit use, Chicago.

As Their Resistance Crumbles, Australia’s Big Four Banks have Found that Opposing Apple Pay Too Costly, Despite Tech Giant’s Fees

NFC TIMES Exclusive Insight – Another one of Australia’s big four banks, National Australia Bank, has given in to pressure from customers and has agreed to support Apple Pay.

In-Depth: Ticketmaster Embraces Digital Ticketing to Cut Fraud and Improve Communication with Ticket Purchasers and Fans

NFC TIMES Exclusive Insight – U.S.-based sports and entertainment ticketing vendor Ticketmaster sees its new digital-ticketing technology–supporting bar codes and NFC–as a way to reduce fraud and stay in touch with both ticket purchasers and event attendees.

Japanese Payments Players Expand Support for QR Code-Based Payments

May 20 2019

NFC TIMES Exclusive Insight – Japan’s mobile payments market is expanding, but the talk is not about NFC payments services, such as Apple Pay, Google Pay or the pioneering FeliCa wallet services originally pushed by NTT DoCoMo and rail operator JR East.