Mobile wallets are attracting a lot of the wrong kind of attention, from hackers, faux hackers, and business disputes that have security overtones — all suggesting that despite the best efforts of firms such as Google to shore up defenses, the contactless payments safety issue is a shadow that won't go away.
"There is concern that the technology can be hacked. Consumers are always going to wonder. And so when we look at Google in particular, we see the trust among consumers is low, and so when these [reports of vulnerabilities] happen it's not going to help. It's going to hurt the perception among consumers," says Mary Monahan, executive vice president and research director at Javelin Research and Strategy.
Google's been hamstrung by questions about its mobile wallet security for some time, and in the past week has been hit with bad reports on two fronts — a dispute with a large Australian bank and chatter about vulnerabilities at the upcoming Olympics.
According to local press reports, Australia's Commonwealth Bank (CBA) is in dispute with Google (GOOG) over an alleged lag in development of Android near field communication (NFC) technology that has a potential impact on payment security as well as business interests connected to the Google Wallet in that country. The bank, which did not respond to requests for comment by Tuesday morning, claims locally available Android smartphones only have the radio transmitting portion of NFC enabled, but not the "secure element" that's necessary to safely process payment transactions. The definition of secure element varies, but it's generally the encrypted storage device that contains payment data, protects that data from hackers, and runs payment transactions.
The secure element dispute is not just about security, and Commonwealth Bank is not saying mobile payments in general are unsafe. The secure element is often a hot button issue in mobile payments, since the party that possesses the secure element is in the best position to negotiate revenue and fee sharing agreements among mobile payment participants. But Commonwealth Bank is partly referencing security, saying the secure element needs to be provided by Google or handset manufacturers before the bank can offer secure NFC payments on Android devices — something the bank says it wishes to do. Google also did not return requests for comment. The bank claims Google has not given it a timeline for the availability of the secure element.
The bank recently extended its mobile commerce product, Kaching, to Android sans NFC enabled payments, and has updated Kaching to accept Facebook payments. Commonwealth Bank is also quite active in other areas of mobile payments. This week it released an alternative to Square, in which a piece of hardware attached to the Apple iPod Touch, iPhone 4 or iPhone 4S enables the mobile device to be used as a merchant terminal to accept payments.
While security is only one component of the NFC-related haggling between Commonwealth Bank and Google, analysts say it lends to the series of issues Google has faced regarding security as it attempts to build a mobile payments network to rival other efforts such as ISIS. Google says it has been shoring up security for its mobile wallet application, but a series of publicized hacks, mostly staged attacks by third parties such as researchers that have demonstrated vulnerabilities, are creating a broader narrative of safety concerns surrounding the Google Wallet that's slow to fade.