403 Forbidden


nginx
403 Forbidden

403 Forbidden


nginx
Follow us:
403 Forbidden

403 Forbidden


nginx

Brier Dudley's blog

Brier Dudley offers a critical look at technology and business issues affecting the Northwest.

May 26, 2011 at 10:05 AM

Gaga over Google Wallet, with TPM?

I don’t understand why the tech press is so enchanted with Google Wallet, the payment system announced this morning, and other “near field communication” [NFC] products.

Syncing credit cards to particular smartphones that work with a particular kind of credit card reader is interesting. But it’s not so transformative that people should skip past questions about privacy, security and whether Google should be the company orchestrating your offline purchases.

It will take awhile before these systems are widely used by consumers, so the buzz seems aimed at pressuring merchants to buy a new kind of credit card reader and move their credit card business to companies on the bandwagon.

Eventually this could probably be a standard feature on phones, just as credit accounts are commonly tied to online stores nowadays. Google’s trying to get a jump on it and boost the number of customers who have added credit information to their Google accounts. It’s still playing catch up to Apple and Microsoft, which aren’t yet doing NFC payments on their phones but have enomous online account systems with millions of customers.

Google is partnering with credit card companies on the Wallet app it’s building into its Android phone software.

So far it will work with one phone model with a special antenna and security module. This phone will be able to make payments at the “contactless” card readers that are starting to be used by merchants. These readers detect signals from credit cards with a special chip inside or phones that can broadcast the same short-range signals.

For security, Google Wallet taps into a new “black box” chip that’s on the Nexus S 4G phone sold by Sprint. It presumably will become a more common feature on Android phones.

This chip sounds similar to the trusted platform module [TPM] that began appearing on PC hardware around five years ago, sending privacy advocates into a tizzy. We’ll have to see how transparent Google is about what it calls the “Secure Element.”

I wonder which other programs will access this module. Maybe it’s going to be used for digital rights management to appease music and movie companies and get them to participate in future Google media services. Here’s a bit of Google’s description of its TPM module:

“The Secure Element has many features designed to protect the security of the data it stores. It’s separate from the phone’s main operating system and hardware, which enables encrypted protocols to enforce access control. Only authorized programs like Google Wallet can access the Secure Element to initiate a transaction.”

Google said Wallet “does not currently receive data about what products you purchase with it” but it does record on the phone when you make a transaction and the credentials used. It will also keep track of where you made the transaction, if you click a box agreeing to provide that information.

But by using Google Wallet, consumers will be linking their financial activities and information to their Google accounts, potentially giving the company access to priceless data with which to target advertising. The company already is planning an “offers” program for Wallet users.

Google’s putting responsibility for any fraud that occurs with your Google Wallet onto the credit card companies. In its FAQ posted today, it said “the same rules that apply to unauthorized use of your plastic credit card, apply to unauthorized use of a credit card stored in Google Wallet. Many banks apply a $0 liability policy for unauthorized use. For more information, please consult the terms and conditions of your account supplied by your card issuer.”

The FAQ also suggests that there will be several steps involved in using Google Wallet, so it won’t be quite as simple as just tapping your phone against a special card reader. It’s in the response to a question about security:

If someone gets close to my phone, could they read sensitive data from my Google Wallet?

The NFC antenna in your phone is only activated when the screen is powered on, and even if the antenna is on and in proximity of a reader, payment credentials can only be transmitted from the Secure Element to a payment terminal if you first enter your Google Wallet PIN.

So yes, consumers won’t have to fumble for credit cards at the checkout line. But they will have to wake their phone and enter their PIN number.

The name’s a little funny. Microsoft introduced a product called Microsoft Wallet in 1997. It partnered with banks on the system, which synced credit cards with a Microsoft Web account, to simplify online transactions. The system morphed into Microsoft’s Passport authentication system, which is now the Windows Live ID program.

Comments | Topics: Google, Microsoft

COMMENTS

No personal attacks or insults, no hate speech, no profanity. Please keep the conversation civil and help us moderate this thread by reporting any abuse. See our Commenting FAQ.



The opinions expressed in reader comments are those of the author only, and do not reflect the opinions of The Seattle Times.


403 Forbidden

403 Forbidden


nginx
403 Forbidden

403 Forbidden


nginx