IE 11 is not supported. For an optimal experience visit our site on another browser.

What's Wrong With Google Wallet?

/ Source: SecurityNewsDaily

In the mobile-phone market, if you want to oust the current market leader, you have to offer consumers something that the top dog doesn't do — or at least doesn't do well. So it was surprising when Verizon Wireless confirmed earlier this month that it would not be deploying Google's mobile-payment system, Google Wallet, with the Galaxy Nexus.

Google Wallet would enable you to pay for items at cash registers using your phone instead of a credit or debit card, and it's based on a wireless technology called near-field communication, or NFC for short.

"Let's say you were standing on a dock, looking down at the water," said Dr. Joe Mitola, a professor, researcher and administrator at the Stevens Institute of Technology in Hoboken, N.J. He's a self-professed "radio guy" and has a simple analogy to explain NFC.

"If you throw in a rock you will see ripples. The big rocks will make big ripples. Someone across the pond could see those ripples," Mitola said. "[But] if you throw in a small rock, the ripples won't go far. Near-field is like that small rock — it sends a signal that can be picked up by an antenna that is close by."

[ Dialing for Dollars: Credit-Card Smartphones Pose New Risks ]

Basically, NFC is a radio-signal protocol that can send and receive data between transceivers that are a very short distance apart — no more than a couple of inches. Mobile-payment systems that use it use a special chip to both handle the signal and provide secure communications. So what's the controversy?

Google, Verizon Wireless and Isis

Explaining why it chose not to include Google Wallet on the Galaxy Nexus, Verizon Wireless made a somewhat vague statement citing matters of data security and the complexity of integration as the reason for not using Google Wallet's custom-made NFC chip.

"Google Wallet is different from other widely available m-commerce [mobile commerce] services," Verizon Wireless said. "Google Wallet does not simply access the operating system and basic hardware of our phones like thousands of other applications.

"Instead, in order to work as architected by Google, Google Wallet needs to be integrated into a new, secure and proprietary hardware element in our phones. We are continuing our commercial discussions with Google on this issue."

For its own sake, Google merely said, "Verizon asked us not to include functionality in the product."

Getting unrelated hardware and software to work together smoothly may be a serious concern, but it's one that could have been surmounted had Verizon Wireless really wanted to include Google Wallet.

But there's another reason Verizon Wireless might not want Google Wallet on its phones. Along with AT&T Mobility, and T-Mobile, Verizon Wireless is developing Isis, a competing NFC-based mobile payment system. (For the moment, Google Wallet appears in the U.S. only on phones carried by Sprint, the sole Big Four wireless carrier not participating in Isis.)

Isis is expected to be ready sometime in the next 18 months. Like Google Wallet, it will let consumers make payments at point-of-sale terminals with mobile phones. It's possible that Verizon Wireless' security concerns about Google Wallet may be nothing more than a shrewd business decision.

Isis and Google Wallet: Data Security

Right now, the security details are sketchy for Isis, not unexpected for a product that's far from release. As for Google Wallet, it works with the same point-of-sale termninals as MasterCard's PayPass system, which consumers may already be familiar with.

PayPass uses a "handshake" style of encryption to protect the data, which is generally considered to be secure and is used in a wide variety of applications.

"The [handshake] system makes you prove you are who you say that you are," Mitola said. "When your phone sends a request to the [cellular] tower, the system issues a challenge.

"The phone has to send back the right 50-number sequence," Mitola said. "If your answers don't match, then you don't get access."

So, is Verizon Wireless just looking to strangle a competitor to Isis at birth? Mitola isn't so sure. He pointed out that there is a certain "liability dimension" that companies have to consider when they deal with NFC-based mobile payments, and no technology is bulletproof. Verizon Wireless may simply feel that it can limit its liability by using its own system.

(Earlier this week, a researcher found that the Google Wallet software did not secure valuable details about the cardholder's account, including the balance, spending limit, expiration date and purchase history, as well as the cardholder's name and email address.)

In the 1940's, Mitola explained, Bell Labs created an early version of NFC for the U.S. military to send secure data transmissions. Later on, the Bell researchers realized the secure data could be read with the help of an oscilloscope — a basic electronic instrument that shows the wave-shape of an electrical signal — placed in a nearby building.

Few of us may be tooling around with spare oscilloscopes, but Mitola said, small, modern oscilloscopes can be plugged into laptops.

Regarding NFC, "vulnerability is about the same as any other technology," he said.

Neither Google nor Verizon Wireless responded to requests for comment.