Google next year plans to expand its application program interfaces to make it easier for third parties such as Groupon, merchants and banks to interact with the Google Wallet, according to Rob von Behren, co-founding engineer for Google Wallet.
“From Google’s perspective, the wallet is an appliance for users,” he says, noting Google will not charge for the use of the program interfaces.
Von Behren believes the Google Wallet should be able to hold whatever a user would want in it, and it should work with all credit cards and coupons from third parties such as Groupon.
“The way that Google Wallet or any wallet will be successful is by being as open as possible and allowing as many different payments into the wallet,” he says.
The new application program interfaces would enable banks to more easily interact with the wallet and with their customers, von Behren says.
“If I’m looking at a credit card in the wallet, I’ll be able to click a button or link and go out to my Citi application on the same handset and look at my mortgage value or whatnot,” he says.
Although so far Citigroup is the only bank that lets its cards work with the Google Wallet, Google is in conversations with all the large banks, which are at various stages of interest, von Behren says.
Some technical work is required on the part of banks and payment processors such as First Data Corp. to move cards onto the Google Wallet, and this will take time, he acknowledges.
Many banks’ host customer database systems do batch processing of credit accounts. To issue a new credit card, typically they gather all the credit accounts into a file they send to a personalization bureau that prints and mails out plastic cards, von Behren says.
Most banks are not set up to do immediate card issuance to a phone, but many are in the process of updating their back-end systems, von Behren says. “We’re discussing the technology with them, working with them to ease that technology transition,” he says.
Google is working with the industry at large to back standards around this concept, von Behren adds. The standards would enable banks to make one technology upgrade and then let their cards work with any mobile wallet.
The company also is designing similar application program interfaces to improve the experience for merchants. For example, one would allow a customer perusing Target.com to purchase a gift card and electronically send it to a family member who has the Google wallet.
And Google is looking to extend its merchant network. But like banks, merchants require technology upgrades to accept the Google Wallet, such as software changes to receive the dynamic card verification value codes the wallet application issues. They also must ensure their payment terminals can understand the protocols the handset uses.
“That’s a big challenge for the industry in general and something that we spend a lot of time working on,” von Behren says.
Google is in talks with handset manufacturers to increase the number of devices that will work with Google Wallet. So far, only the Samsung Nexus S phone is compatible.
“We’ve had conversations with lots of [original equipment manufactures]; we get approached by [them] all the time,” von Behren says. “We make sure they understand what’s required for the phone to work with [a Near Field Communication] payment and be compatible with the security requirements of the Google Wallet.”
Von Behren could not comment on any developments in Google’s purchase of Motorola Mobility (
If the merger goes through, it will give Google the opportunity to make its own Google Wallet-friendly phones.
Sprint is the only provider on board with Google Wallet to date, but Google also has an open call out to all carriers.
“We’re happy to work with all of them and have a lot of ongoing conversations with them,” von Behren says. “It comes down to them figuring out what they want to do in this space. A lot of them are still researching their options. They’ve put together Isis as a joint venture, and they’re exploring what the options are there.”
Isis is doing field trials at the end of 2012, so it may be that the other carriers will wait around and see what happens with the Isis test, he says (
Google’s most recent engineering move, the merging of the mobile-payment application with Google Checkout, an online payment-processing service the company launched in June 2006, was another step toward openness (
“For the consumer, the best way to have a wallet product is to make it a natural and easy place to manage payments, like a physical wallet,” von Behren says. “It makes a lot of sense for the user to say ‘I have my six credit cards, I should be able to put them in one place and use them online or offline.’”
Perhaps one key to the success Google has had in lining up partners is its anything-goes approach to mobile payment technology.
On the issue of who will control the “secure element”–the hardware portion of a mobile device that stores account information and the cryptographic keys used to generate a one-time version of the card verification value code–Google says it has no preferences. This temporary CVV code provides a big advantage in fighting fraud in that it enables the bank to verify the CVV it expects to see for a particular transaction, von Behren notes.
“If somebody puts a card-skimming device on the merchant terminal and tried to reuse card-transaction information, the bank would be able to see that the transaction already took place and that this new iteration must be fraudulent,” von Behren says.
The payment protocol works the same regardless of whether the secure element hardware is a SIM card, a microSD chip or embedded in the handset, von Behren says. The only differences are in how the handset is connected to the secure element and how the antenna for the NFC interaction is done, he says.
Some microSD services include a small antenna, and the radio properties tend to be a bit weaker than if with a larger antenna built into the handset, and radio-interference problems can occur with the smaller antennas, especially if next to the battery or some other large, metal piece of the phone, von Behren says.
“That technology is still in the development process,” he says. “It’s not quite ready for mainstream, but it’s very promising.”
The telecommunication network carriers are gravitating toward SIM card-based secure elements (
Some SIMs, for example, do not include the right tamper-proof hardware, he says. “Those would not cut muster. There are secure SIMs, and those are fine,” von Behren says.
In the case of having credentials on a SIM card, a crook easily could take all of someone’s credit cards and pop them into a new phone. However, if the SIM-based phone has the individual’s credentials on the SIM and he goes on vacation to Europe or Australia and uses a local SIM to make phone calls, “the credentials may be stuck in your luggage,” he says.
However, Google is happy to work with both formats and will try to smooth the user experience for both.
The Nexus S phone has an embedded secure element (a computer chip) that can run programs and store data. It is separate from the Android phone's memory and only allows programs on the secure element itself to access the stored payment credentials.
When evaluating new devices, Google follows MasterCard’s chip authentication protocol, which specifies security requirements for secure elements. Google also does its own internal evaluation of the overall security of the handset, the Android operating system and the wallet software to make sure there are no problems.
“We also go through a number of reviews to make sure the physical and radio properties of the NFC in the device are sufficient so there’s a good user experience,” says von Behren.
Not all NFC phones are created equal, depending on the design of the antenna, the layout of the board and other factors, von Behren points out.
“You can have good behavior with one type of reader but bad behavior with a different kind of reader,” he says. “We do a lot of compatibility tests to make sure the device will behave well for peer-to-peer NFC interactions for reading posters and for NFC payments.”
What do you think about this? Send us your feedback.
