Google ‘Wallet’ Will Be More Secure Than Plastic Credit/Debit Cards

Image Credit: cloudave.com

Yesterday, the Google Wallet was announced.   given that security has always been the number one concern of consumers, the most important question on people’s mind is, “will it be more secure?”

The short answer is: Yes.

Here’s why:   a Smartphone can be secured on the network of your bank, or the network of your credit card company, or any other network using the exact same technology that secures your smart phone on the network of your mobile phone company.

Do you remember decades ago when fraudulent  phone calls appearing on your mobile phone bill was a relatively common problem? Did you use a mobile or cellular phone back in the late 1980s or early 1990s? If so, you used a system  where the mobile phone would TRANSMIT an electronic serial number to a cellular phone tower to identify itself. The cellular phone tower would use the serial number to make sure your account was active, complete your phone call, and add  the charge to your bill.

Unfortunately, transmitting the secure number was a really bad idea. Crooks figured out a way to  capture your serial number, and then program your serial number into somebody else’s  mobile phone. Then, that other  mobile phone could make all phone calls  to anywhere, but you got the bill.

The way they fixed that  was to simply stop transmitting the serial number. Today, when you buy any  mobile phone, a “secret code” or a “kernel” is installed on a chip in your mobile phone. The same kernel is stored securely back in the computer systems of your phone company. The important part is, this code is never transmitted in any way either from your  mobile phone or from the network.

So, when you turn your mobile phone on today, your phone receives a complicated formula, for example: 225.73*K –  17.2752*K  +  111.1705*K = ?.   your phone needs the value of “K” or secret code, to respond back with the correct  answer. (The formula is actually a lot more complicated than  this example, and is intentionally written so that more than one number would solve the equation,  so even if you intercepted both the formula and the answer, you could not establish the value of “K” .

Most Smart phone wallet services available in North America will use this process to secure your mobile phone when you use it to buy something at a retail store.  in addition to the mobile phone carrier installing the “’secret” on your smart phone, your credit card company will need to install  another “secret” on your smart phone through a service called Trusted Service Management, or TSM.   Then, whenever you want to use your phone as a payment device, the network will send a complicated formula to your phone, and if your phone does not answer correctly then the bank will reject the transaction.

for the Google wallet, First Data provides the TSM function. Although the role of a TSM is new to First Data (actually,  it is new to everybody), First Data is by far the largest processor of secure payment transactions in the world. in other words, they are not new to the topic of security, and they should be able to be trusted to handle this function.

In addition to the Google Wallet, Isis  will also use TSM  as part of its security.

And, as  if that’s not enough security, that  TSM process will simply allow the transaction to begin.  Once the transaction begins,  Google  Wallet will  likely use an additional security layer such as the system used to secure credit/debit card uses today in  Europe and Canada, which is called “EMV”. For those of us in the United States, who have neither EMV nor TSM in any large scale at present, smart phones will represent a remarkably more secure payment device then our current cards.

Note: There are many books written on the subjects of TSM, EMV, and mobile wallets (including mine).

© 2011 by David W. Schropfer

Advertisements
    • Kashif Zahid
    • June 3rd, 2011

    That’s good insight. However, it would have been good to address some other concerns related to security of mobile wallets i user’s mind like: some scanner when touched with the phone will allow them to skim our credit card information, when the phone is lost who is able to deprovision the CC and how in the transaction security is implemented as compared to Plastic Card use. The topic above mainly describes the security in the process of provisioning i.e communication with the SIM (through TSM) for start or updates later on. Isn’t it?

    • Correct; there is an entirely different layer of security that will be used for all MC transactions in addition to TSM called EMV. The combination of TSM providing credentials on the phone before EMV begins is a reason why GW will be more secure. If other, alternate payment methods are available through the G Wallet in the future (and the ‘jury’ is out on that), then those payment types may use EMV or perhaps something else.

  1. I think Google Wallet is an evolution more than a revolution. More thoughts on my blog post here –> http://www.totaltab.com/2011/05/27/googles-mobile-wallet-and-nfc-an-evolution-not-a-revolution/

    • This may be a case of semantics, but: I think NFC is an evolution of other computer to computer products like bluetooth; NFC’s improvement is its 4-in range, which is better for a making a retail purchase. Google Wallet is an evolution of other mobile wallet systems like Isis. So far, it seems that the Google advantage is its partnerships with industry leaders, such as First Data (processing), Bloomingdale’s and RadioShack (retail), MasterCard (payment scheme) and VeriFone (POS manufacturer). However, the mobile wallet itself is, in my opinion, revolutionary. It allows for systematic tender steering, for example, which does not require the sales clerk to do anything they are not doing already (see my post about that here: https://davidschropfer.wordpress.com/2011/04/27/tender-steering/). Also, it allows for seamless integration with any loyalty products and rewards programs; So all the cards in your wallet and the SKUs dangling from your keychain can be consolidated into a convenient screen on your smart phone.

  1. No trackbacks yet.

You must be logged in to post a comment.
%d bloggers like this: