Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

How Google took a page from Apple to secure Android Pay

Caitlin McGarry | June 2, 2015
Android Pay is incredibly similar to Apple Pay, and not just the name.

androidpay 9121

In case you missed it, Google launched a new mobile payment service at its annual I/O developers conference Thursday. It's called Android Pay. But didn't Google already have a mobile payment service? Yes, yes, Google Wallet. That's not going away--in fact, it's getting a reboot as a peer-to-peer payment service--but Android Pay works a lot more like Apple Pay than Google's last attempt.

That's a good thing. Google Wallet required you to wake your phone, open the Wallet app, and enter a pin number if you decided to protect the app with a passcode, all before waving your phone near the payment terminal. That's a lot of work.

Android Pay will work just like Apple Pay: Upload your card information to the app, and Google will create one-time account numbers to represent your actual card number, so merchants never see your information. Then hold your Android phone near a payment terminal and watch the screen come to life with your cards already stored inside. Tap the card you want to use, and authenticate your purchase with your fingerprint (a feature like Touch ID that's new to Android M).

Sounds more than a little familiar.

Google gets serious about security--sort of

But Google was years ahead of Apple when it came to NFC payments, you say? Well, yes, but it certainly didn't perfect them. First, Google lacked support from three of the four big carriers, which were backing their own mobile payment service called Softcard, which recently folded into Google. The company also found a rival in Visa, which was also developing its own NFC payment option. And at last count just a few months ago, Google Wallet had support from just over 300,000 retail locations, a far cry from the 700,000-plus that are on board with Android Pay, plus the 1,000 apps that support Android Pay purchases.

Then there's the not-so-small issue of security, which Apple went to great lengths to perfect. Android Pay uses tokenization to create virtual representations of your real card numbers, just like Apple Pay. The big difference between the two services is that Apple uses a Secure Element, a physical chip inside your phone, to store your encrypted financial data. Android Pay, like Google Wallet before it, uses Host Card Emulation, storing your encrypted data in the cloud.

That can be off-putting. Google Wallet also stored all of your transaction information, including time, date, and geolocation, within the Wallet app. So helpful! And so creepy. Android Pay is now far more secure than its predecessor, thanks to tokenization and fingerprint authentication, though it sounds like the service still stores information on what you bought and when--you'll be able to see "transaction details right on your phone," Google said in a blog post announcing the new service.


1  2  Next Page 

Sign up for CIO Asia eNewsletters.