Google Wallet Gets a Big Update
August 2, 2012
Google Wednesday updated its Wallet capability with significant changes. Instead of just a few Citi cards and Google's own prepaid card, Google Wallet now allows any card to be added to its mobile wallet.
Looking a lot more like PayPal, Google’s new approach stores the cardholder’s card numbers in the cloud on its servers. Google Wallet uses a prepaid virtual card as a wallet ID to connect its wallet to those cards that function as the eventual transaction funding sources. This virtual card or wallet ID is a 16-digit number provisioned by Google over the air on to the secure element of NFC-equipped smartphones on the Sprint and Virgin Mobile networks. MasterCard is the network behind Google’s prepaid virtual account and facilitates transaction routing to the other card networks. As far as the merchant goes, the transaction proceeds to the acquirer as usual. It then goes to Google where a look-up to the linked card is performed and the message proceeds to the issuer for authorization. The authorization is then passed back to the merchant.
Google is adding what it refers to as a lightweight API to ease issuer integration. One option is to include the ability to find and download Google Wallet from within an issuer’s online banking and mobile banking portals. That’s a great idea to improve consumer awareness. The API also allows each issuer to insert a visual representation of its card into the wallet but that level of integration is not required for a consumer to add any card – Visa, MasterCard, AMEX, Discover – into the Google Wallet. A digital receipt, produced by Google, that includes payment transaction totals, is generated. The APIs also allow a merchant to send a coupon from a website or via a promotional email to the user’s Google Wallet where, with a single tap, the value of the incentive is subtracted from the purchase price. This "Save to Wallet" feature can be added as button on the merchant's webpage or placed with an email.
A non-technical benefit for issuers is that Google does not charge issuers for inclusion in the Google Wallet. That makes for a very different proposition than Isis.
Google has also added some security features, including the ability to disable the mobile wallet and remove payment information remotely via a web portal interface. In the case of a lost or stolen phone, that's a good thing.
Other aspects of this updated Google Wallet that are of interest:
First, Google Wallet continues to be an NFC-based scheme at the point of sale. In-store POS transactions use NFC's card emulation mode via standard ISO 14443 contactless transactions. The Google prepaid card / virtual wallet ID is a 16-digit PAN that is provisioned over the air by Google to a slot in the secure element. Because of that, Google Wallet is limited to Sprint, its mobile virtual network operator Virgin Mobile, and unlocked smartphones.
The virtual card or wallet ID concept is a powerful one. Advantages include simplicity for issuers and flexibility for consumers. It also conserves secure element real estate. Some handset secure elements only have enough memory space to store no more than three payment or identity credentials. That obviously is not enough for many cardholders, who carry many more payment cards. It would also preclude the use of a secure element-based identity used for physical access at work, home, or a hotel room.
Google’s business model is all about the data it can collect and the advertising it can deliver. For Google Wallet users, it sees the overall payment transaction and has the ability to deliver incentives directly to the Wallet. At that level of granularity, Google may have found a data acquisition balance that doesn’t threaten the merchant with SKU-level insight and the issuer with irrelevance and high costs. Time will tell if the consumer appreciates that combination—and if Google can scale the mobile operator walls of Verizon, AT&T and T-Mobile.