Google Inc. officially embarked on its rollout of Android Pay starting Sept. 10, 2015. The new app will enable Android phone users to make payments at more than 1 million near field communication- (NFC) equipped U.S. locations, the company stated. At launch time, Android Pay supported all four major card network-branded credit and debit cards, and was aligned with most major U.S. banks and credit unions, as well as popular nationwide franchises.
According to Google, Android Pay was built as an open platform, meaning users can activate the service through Google or any available bank-supported app. The app will come preloaded on NFC devices from AT&T, Verizon Wireless and T-Mobile USA Inc. Existing Google Wallet users can access Android Pay via a Wallet app update; new users can download the app through Google Play.
Most major POS manufactures have been gearing up for the mobile payments confluence for some time. “Over the past three years we decided we were going to support every major mobile wallet, and 90 percent of the products that we deployed in the U.S. during that time have NFC on board,” said Greg Burch, Vice President of Mobility, Business Development & ISV Relationships for Ingenico Group.
How secure is it?
Like other mobile wallets, Android Pay relies on tokenization. The app employs virtual account numbers (so actual account numbers are never transmitted to process payments) and an optional fingerprint to authorize and authenticate payments. Users can instantly lock lost or stolen devices using Google’s Android Device Manager, the company said.
But some experts believe the Merchant Customer Exchange’s cloud-based CurrentC mobile payment model offers greater security than the latest phone-based offerings, since payment credentials are not stored on the phone nor are they given to merchants during the transaction process.
“In the industry it’s referred to as tokenization of the entire session,” said Richard Crone of Crone Consulting LLC. “So you tokenize the entire session, whereas Apple Pay, Samsung Pay and Android Pay tokenize the primary account number, and that account number, even though it’s a token, is stored on the phone. The token itself could be vulnerable to a fraudulent act, though it’s harder to get at than just having an account number in the clear.”
That said, Android Pay and Apple Pay each rely on the existing rails. “We do think that is a very strong solution, having a phone that has the token part inside,” Burch said. “But we are also proponents of EMV (Europay/MasterCard/Visa), so we like both technologies.” He added that the phone-based wallets operate on the EMV rails, an acknowledgment that the companies feel the technology is secure.
What does the future hold?
Feature-rich offerings may tip the tide for consumers who have been slow to adopt mobile payments thus far. “What we’re really excited about is the evolution that this represents,” Burch said. “Today people typically carry around two cards: a credit card and loyalty card. With Android Pay and Apple Pay, the initial version is just credit card payment inside the phone through your phone to our device.
“But what will be coming in the near future is the ability to combine that with loyalty, and that’s where it’s going to get really exciting, where with the tap of a phone you’ll be able to redeem points and coupons and pay your bill in one interaction, and it will all be kept track of in your phone. I think that will be really unique for users.”
Google plans to phase in other features over time. In a blog post, Pali Bhat, Direct of Product Management at Android Pay, said, “Later this year, you’ll also be able to use Android Pay to speed through mobile checkout in your favorite apps, and, with select merchants, you’ll soon be able to transmit your loyalty cards and special offers with just a tap.”