With ApplePay and AndroidPay, we finally have a converged standard and it will be a good thing for the industry
I’ve been reading about this cool new thing called AndroidPay and I wonder, what the speculation is about. From what I can see and read between the lines of the official Google posts, it’s essentially not different from ApplePay – just that it’s now available on Android.
But the real point here, is this is exactly why it’s a big deal. ApplePay & AndroidPay are a convergence of approaches – across plastic cards and mobiles – and, for once, the payments industry which was held back by fragmented approaches and standards truly has an opportunity to move forward. Let me explain the core tenets of the two systems and some of the minor differences between them.
Tokenisation
With mobile payments, consumers are always concerned if their primary payment card (credit or debit or prepaid) is being compromised. What happens if the card is stolen?
As such, Visa/MasterCard/AMEX/Discover, came up with the concept of a token which is an alternate card number that is a proxy to the original card number. This unique card number is only issued to your mobile phone via the ApplePay/AndroidPay app. However, think of it as an add-on card to your account. It hits the same balance.
The standard for tokenisation is just a Visa/MasterCard/AMEX/Discover standard – has little to do with either Apple or Google.
The token is issued by whoever issued the card to the consumer – i.e. the issuing bank. So when people say it’s only in the US, it just means that the banks that have started issuing the tokens are currently only in the US. Over a period of time, banks around the world are expected to implement this standard. (More on how Visa/MasterCard have made it simple for banks to implement tokenisation later).
Note that this token itself is static. It isn’t transaction-specific.
Also Read: Ardent Capital, 500 Startups invest in Thai co-working space HUBBA
NFC-based payments for face to face
Both ApplePay and AndroidPay use NFC (near field communication) for face-to-face transactions using the EMV standard (PayWave for Visa and PayPass for MasterCard). It’s therefore no wonder that it automatically works on all existing EMV/NFC terminals around the world. Neither Apple nor Google is actually involved in the processing of the transaction – which is why they say “we do not know who you are paying and how much”. However once a transaction is successful, the response comes back to the user’s phone in the ApplePay and AndroidPay apps – so they do know what you have spent and where!
The EMV/NFC standard also requires a unique code (called a cryptogram) to be generated for each transaction – the token itself is static but the transaction data is made unique by the addition of this cryptogram.
Secure element
In order to do NFC-based payments, two things are needed, a secure element to store the “tokens” and to generate the cryptogram and the NFC Antenna for communication. The secure element is essentially the same as the chip in the chip cards. The secure element is one where the token is stored.
One difference between ApplePay and AndroidPay is that in the former, the phone already has the secure element. Therefore all ApplePay phones can do transactions without any Internet connection.
However, having a phone with NFC doesn’t mean that you automatically have a secure element – in fact most Android phones in the market don’t. Therefore Google and Visa/MasterCard/AMEX/Discover came up with a standard called Host Card Emulation (HCE) – that allows a secure element in the cloud. In such cases the phone must be connected to the Internet so that the cryptogram can be generated. I also expect that, in due course, all Android phones will have a built-in secure element – and HCE will not be required.
Also Read: Can India prevent exodus of tech startups to US and Singapore?
Fingerprint authentication is a smoke-screen
At the end of the day, none of the banks care about the fingerprint authentication of Apple or Google or Samsung. The only thing that the banking systems rely on are the token and the cryptogram. Even in India, RBI has allowed transactions of up to INR 2000 (US$31) without second factor authentication.
The fact that Apple is doing the fingerprint authentication is largely irrelevant – it’s purely for consumer comfort. Technically in India, it’s likely that transactions more than INR 2000 (US$31) will not work with ApplePay, unless a PIN is entered or the issuing bank and/or RBI accepts Apple’s fingerprint authentication mechanism.
Support for Internet payments
Both ApplePay and AndroidPay support the token being used by other applications on the mobile phone – and by extension the desktop Internet for payments. This is also an awesome development for all of us in the industry, as there is a convergence of approaches.
Also Read: Is your e-commerce store built for success?
Indeed, with ApplePay and AndroidPay we finally have a converged standard, and it will be a good thing for the industry. AndroidPay is a clone of ApplePay with a few OS specific quirks – but it’s great for the banks that a common implementation has emerged across plastic and operating systems.
As a long-time mobile payments afficionado, I can’t wait to see such payments take-off – finally!
Kudos to Visa/MasterCard/AMEX/Discover as well as Apple/Google for making this happen – and I can’t wait to see the proliferation around the world. I fully expect and hope that China’s Union Pay and India’s RUPAY will also extend support for EMV/NFC, so that there is one robust and globally accepted standard for the future.
Side note: Regarding the rumours of people using AppleWatch payment in Singapore or ApplePay or AndroidPay in other parts of the world – of course they will work, as long as the token was issued by a US-member bank that is already on ApplePay. The terminal in Singapore is just one that supports EMV/NFC. This isn’t magic – it’s how it’s supposed to be!
The views expressed here are of the author and e27 may not necessarily subscribe to them. e27 invites members from Asia’s tech industry and startup community to share their honest opinions and expert knowledge with our readers. If you are interested to share your point of view, please send us an email to writers[at]e27[dot]co
The post Go mobile payments – your time is now! appeared first on e27.