Intrepidus Group
Insight

The Cloud Comes to Your NFC Wallet

Posted: August 6, 2012 – 10:58 am | Author: | Filed under: android, NFC, RFID

This week, Google released a new “cloud” based wallet. We had some difficulty getting a device which actually *supported* this wallet, and in the end used Cyanogenmod 9 on a Nexus S 4G from Sprint and installed Google Wallet from the market.

The new wallet welcome screen

We were pretty curious what could possibly be cloud-based about a mobile wallet and how the Secure Element (SE) would be involved in all of this. It turned out that the difference between this wallet and the previous Google Wallet incarnations is that payments are made via a “virtual” credit card, and Google charges back to the original credit card. One Google credit card number (a Mastercard) is used for all of your Google wallet purchases, regardless of the “Selected Card”. For example, if you have a Visa and an Amex card in your wallet, and you want to pay for your groceries with the Visa card, you first select the Visa card via the Google Wallet UI, and it becomes the “Selected Card”. However, to the point-of-sales (PoS) terminal at the grocery store, it looks like you are paying with a Mastercard (which Google has issued to you).

The dialog displayed after making a payment using Google Wallet.

We haven’t yet tested if this MC credit card number is the same across all devices, though my initial guess is that each user will be issued a unique Mastercard credit card number from Google. If you read one of our previous posts on Google wallet, APDU commands are still sent between the wallet application and the phone’s secure element to select the active card, and they are logged to the standard logcat utility.

APDU command visible via logcat as 'desired' data when changing the selected card.

This behavior has a lot of parallels to Google Checkout (which now looks like it’s been merged with Wallet), where you link different financial institutions (credit card, bank account) to a single virtual account from which all your payments are made. This new update changes Google Wallet from a way to store and pay directly with your payment cards to a NFC Google Checkout service. Of course, this means that Google can now keep a repository of your purchases (blah blah big data blah blah). This new wallet format raises several interesting questions:

  1. Is the Mastercard credit card the same on my device and on your device? Or does each Google Wallet user get their own credit card number?
  2. What happens if this Google Mastercard credit card gets stolen?
  3. If I have multiple credit cards in my wallet, how does Google differentiate between cards? The standard “Selected Card” user interface still applies, but either Google is transferring data to its servers using the device’s internet connection (unlikely becuase I was able to make a transaction in airplane mode) or Google is transferring some piece of EMV Co. compatible data across the contactless interface at the time of the transaction.
  4. How do credit card rewards work if all transactions show up on my statement as “GOOGLE * <merchant>”
  5. How do Visa and Mastercard handle splitting the fees? Since there are now two transactions made (one between you and the merchant, and one between Google and you), we’re assuming there are twice as many fees. Is Google eating the fees and taking this as a loss leader?

We hope to find out the answers in a future post, after we get some more quality time with the magical Cloud Wallet.

Cheers,

Max

Both comments and trackbacks are currently closed.

image

This site is protected with Urban Giraffe's plugin 'HTML Purified' and Edward Z. Yang's Powered by HTML Purifier. 24479 items have been purified.