One small step for Google, one giant leap for NFC
NFC payments deployments have been hampered by the turf war between mobile operators, banks, technology companies, payments providers and device manufacturers, each pulling the the gloves to push to get their slice of the revenues. For those that know me, you'd appreciate that I think NFC as a technology has real value. But its adoption has been hampered. Putting a secure chip into a connected smart device is superior to magstripe and EMV in every way. It adds additional factors of authentication and risk management that just aren't possible on disconnected plastic cards. Google has sunk larges amount of cash in an attempt to make the technology work. Investments into Google Wallet, plus the acquisition of TxVia have been bold attempts to drive success. But they kept hitting that Mobile Operator defences. Google's ambitions for its mobile wallet have been hampered in the US by the refusal of key mobile carriers to introduce support for the search giant's payments applications on the Secure Element in the NFC chip. Verizon in particular has flatly refused to introduce support for Google Wallet in its firmware, citing 'security' precautions. A more obvious ulterior motive lies in boosting the chances of the telco's own Isis consortium NFC play.
But on November 1st, Google announced that they have found a way to circumvent carrier restrictions on its mobile wallet by introducing support for Host Card Emulation in the latest version of its Android operating system, effectively removing the need for access to the telco-controlled Secure Element. In common terms, it looks like Google has found a way to put the secure element in the cloud.
With their latest OS, Android 4.4 (announced during the Nexus 5 announcement), Google introduces new platform support for secure NFC-based transactions through Host Card Emulation (HCE), for payments, loyalty programmes, card access, transit passes, and other custom services.
NFC faithfuls will nitpick that there is no TSM, or security. But we need to remember that security is relative. And in the world of payments there is no such thing as 100% non-repudiation. Visa and MasterCard have both developed controls for how this will work, for example having a “token” that refreshes at a given rate based upon where the phone moves and how the phone transacts.
This is a strong step forward for Google, who continue to be the most aggressive investor in NFC deployments. While this technological step forward may seem rather small, or insignificant, it could play a pivotal role in changing the rule of the game for NFC issued payments services.