Computing Applications

Google Takes On Mobile Payments

Using Tap and Pay to pay for a purchase via a mobile device.
The Android Pay service allows Android mobile device owners to make payments by simply tapping their phones on a payment terminal.

Google, developer of the ubiquitous Android operating system that runs more than 75% of smartphones worldwide, recently announced the launch of Android Pay, a service that will enable the tens of millions of Android mobile device owners to make payments by simply tapping their phones on a payment terminal.

The technology company, best known for its search engine, has worked on numerous payment solutions over the years. Its Android Pay service will debut less than a year after Apple Pay, launched by Apple last October. Functionally, Android Payat least on the surfaceappears to be very similar to Apple Pay. Both products enable smartphone owners to make payments using their mobile devices.

Google, however, has made a number of technology and process choices that make the product different from Apple Pay. Says Pali Bhat, director of product development at Google, "We’ve approached Android Pay the same way we approach every other part of the Android familypartnering with the ecosystembringing together mobile carriers, payment networks, banks and retailers to deliver choice and flexibility."

Contactless paymentsoften referred to as "tap and pay"have been around since the late 1990s, according to the Smart Card Alliance, but low penetration rates of the enabling chips in credit cards, coupled with low adoption rates of payment terminals capable of reading the cards by retailers, led to stagnation in the market. That changed with the introduction of Apple Pay, which reignited the contactless payments market.  

One key difference in Android Pay is its open architecture, which will enable developers to come up with creative solutions to payment problems. Google has already released the Android Pay API, a set of tools that will allow developers to create payment solutions within mobile applications. Bhat says the openness of the platform will allow developers "to collectively push mobile payments forward."

Another technology choice in Android Pay is the method by which information is securely stored and transmitted. The embedded contactless chip in traditional contactless credit cards holds data required for the transaction to be processed (such as the account number). When tapped at the point of sale, data is transmitted using near-field communication (NFC) technology between the card and the terminal. Android Pay uses the same NFC technology, along with host card emulation (HCE), a software architecture that creates a virtual representation of the credit card.

HCE is another key technology in which Android Pay and Apple Pay have diverged. Apple chose to use a physical secure element chip on its devices to secure payment information and create tokens for transactions. Android Pay, in contrast, uses HCE, which stores card data and generates tokens in the cloud.

An interesting challenge to mobile payments arises when users are trying to transact when there is no signal available to the device. Martin Cox, global head of Sales at Bell ID, a company whose software "integrates with any third party technology and simplifies the issuing complexities of payment, identity, loyalty and transit applications," explains, "obviously, with a card you have all of the data available on the chipyou tap it and it works. With a mobile device, if you have no signalsay you’re in the basement of a shopping mallyou’re not going to be able to transact.

"Even if a signal is available, the round trip is really not fast enough," says Cox. "You’re looking at 400 milliseconds as the target time for tapped transactions. Even on a fast 4G network, the transaction time is over one second; not really acceptable at a busy merchant."

To overcome this latency issue, the HCE technology used in Android Pay pre-stages part of the transaction. As many as five tokens are created and stored on the device and are ready for use when the device is tapped on a retailer’s payment terminal. These "payloads," as they are called, allow for transactions when the device may not have a signal. The result is mobile transactions that are actually faster than those of other contactless cards, because some of the steps normally done at the time of the transaction have already been staged.

It is important to note that while a traditional contactless card stores a credit card number on its embedded chip, mobile payment solutions do not, which provides an additional layer of security. Neither Android Pay nor Apple Pay store credit card information on the device, instead using tokens that are transmitted at the point of sale.

To further allay concerns over security, the mobile payment schemes are storing data used for payment processing within trusted zones on the device. Apple Pay uses the aforementioned secure element, while Android Pay uses the Trusted Execution Environment (TEE). Both technologies use dedicated chips on the mobile device that compartmentalize and encrypt secure data, such as payloads. According to Cox, TEE is particularly secure: "If you’re running an application in the TEE, you can’t, at the same time, run another application on your device. It’s binary which execution environment you’re going to run: the normal one that runs your games and other apps, or the secure one that is going to run temporarily for payments-related functions." This prevents potential scam applications from gaining access to secure information, he adds.

It appears companies are doing a good job of overcoming consumers’ concerns about mobile payment security. Survey data from 451 Research found 27% of respondents based primarly in North America think mobile payments are less secure than traditional credit cards, significantly better than the 43% of respondents who were troubled by mobile payments a year ago.

Quite a bit of the focus on mobile payments has been on the use of the mobile device as a proxy for credit cards at the point of sale. While the application of mobile payments at brick and mortar locations has been an exciting development, online retailers are anxious to overcome consumers’ reservations about making purchases on their mobile devices. While security is a concern, a key barrier to consumers making purchases on their mobile devices is the difficulty in manually keying in information. Mobile devices are often a less-than-ideal environment for typing lengthy card numbers and shipping information into small text boxes; a single typo, and a transaction will fail.

Mobile payment schemes are actually a great solution to this challenge. Android Pay is working with mobile retailers and integrating its payment technology into mobile apps; at launch, over 1,000 Android apps were expected to have Android Pay built in, enabling customers to complete purchases without entering any payment or shipping information. The mechanics have not yet been made public, but it will likely be as easy as clicking a "pay with Android Pay" button within a merchant’s mobile application to complete a transaction. It is here where the open nature of Android Pay will shine, as developers will have the opportunity to come up with new and different ways to integrate payments within their apps.

The pre-launch excitement for Android Pay is significant. All four of the major payment networks (American Express, Discover, MasterCard, and Visa) already are on board, and Google has partnered with some of the largest financial institutions and retailers ahead of the launch.

While Apple Pay has a lead of almost a year on Android Pay, millions of Android users will be ready, willing, and most importantly able to use their devices to make payments soon.

Mark Broderick is a Tampa, FL-based senior research analyst covering the financial services and payments industries for ORC International.

Join the Discussion (0)

Become a Member or Sign In to Post a Comment

The Latest from CACM

Shape the Future of Computing

ACM encourages its members to take a direct hand in shaping the future of the association. There are more ways than ever to get involved.

Get Involved

Communications of the ACM (CACM) is now a fully Open Access publication.

By opening CACM to the world, we hope to increase engagement among the broader computer science community and encourage non-members to discover the rich resources ACM has to offer.

Learn More