Google Wallet, first transaction, liking it

[glhs837]

So, I got Verizons mobile payment app back when it came out, it was called Isis, in what is one of the unluckiest marketing moves in quite a while. Then after a bunch of under-employed camel herding goat effers screwed that name up for them and the animated show Archer, they changed the name to Softcard, not a really inspired choice. Who wants to think of their money as soft, really?

Anyway, I got $20 for setting up an Amex Serv account, one of only three credit services that worked with Softcard. Used that up and didnt bother reloading it, that was more effort than the convenience of not digging out a card was worth. Especially since you had to type a PIN into the phone to complete the transaction. Well, Google Wallet bought Softcard out, and now my bank card (supposed to be a debit card, but can be used as a credit card) works with GW. Tried it at Cooks tonight, since, oddly enough, they are one of not a lot of places that do Tap'N'Pay. Tap icon, it comes up, tap POS terminal with phone, it's done. No PIN required, Goggle routes the transaction through a shell account so your personal card info is never in the vendors hands.

Canr wait for more place to get the new terminals

 

[TPD]

If I make it to the tradeshow this weekend, I will be researching my options as a retailer for accepting all of these new fangled payment options and how much it will cost me to upgrade.

 

[glhs837]

If I make it to the tradeshow this weekend, I will be researching my options as a retailer for accepting all of these new fangled payment options and how much it will cost me to upgrade.

I think NFC is the key. The two biggies in the phone area are apple pay and Google wallet, although I saw that Samsung is going to offer one too. But I think on the retailer end, it all looks the same. One terminal should do them all.

 

[tommyjo]

Used that up and didnt bother reloading it, that was more effort than the convenience of not digging out a card was worth. Especially since you had to type a PIN into the phone to complete the transaction. Well, Google Wallet bought Softcard out, and now my bank card (supposed to be a debit card, but can be used as a credit card) works with GW. Goggle routes the transaction through a shell account so your personal card info is never in the vendors hands.

Oh the sheer and unbearable horror of having to pull a credit card out of your wallet...honestly how did the human race survive before "smart"phones?

 

[Tilted]

I think NFC is the key. The two biggies in the phone area are apple pay and Google wallet, although I saw that Samsung is going to offer one too. But I think on the retailer end, it all looks the same. One terminal should do them all.

Yeah, to the vendor they should look the same - and the key is having an activated contactless (NFC) terminal.

How they - Apple Pay as opposed to Google Wallet - work is different in a number of ways, but not ways that matter much to the vendor. I would qualify that by saying there may be one meaningful difference as far as the vendor is concerned, but I haven't been able to confirm it yet. It's been speculated about but I haven't heard issuers or the associations directly confirm it, so for my own purposes I work from the presumption that it isn't true. I'm referring to what rates are charged to the vendors (e.g. card present versus card not present rate).

 

[Tilted]

Oh the sheer and unbearable horror of having to pull a credit card out of your wallet...honestly how did the human race survive before "smart"phones?

Well, time matters - efficiency matters, especially when it comes to mundane tasks that many people don't enjoy for their own sake. Being more efficient when it comes to them affords people more time or energy or focus that they can expend on things which those people do enjoy for their own sake.

Beyond that though, there are more reasons to use Google Wallet or Apple Pay than the convenience of not having to swipe credit cards (and possibly sign something). There's the increased security and there are privacy benefits, at least when it comes to the later. And the online functionality (through apps for now, though I'd expect through browsers at some point) can be pleasantly simplifying - bypassing the need to set up accounts with a bunch of different online vendors.

 

[glhs837]

Oh the sheer and unbearable horror of having to pull a credit card out of your wallet...honestly how did the human race survive before "smart"phones?

Oh, screw off, you pay for stuff by bringing a goose or building a wall? If not, you use a more convenient means of paying also.

 

[PeoplesElbow]

Well, time matters - efficiency matters, especially when it comes to mundane tasks that many people don't enjoy for their own sake. Being more efficient when it comes to them affords people more time or energy or focus that they can expend on things which those people do enjoy for their own sake.

Beyond that though, there are more reasons to use Google Wallet or Apple Pay than the convenience of not having to swipe credit cards (and possibly sign something). There's the increased security and there are privacy benefits, at least when it comes to the later. And the online functionality (through apps for now, though I'd expect through browsers at some point) can be pleasantly simplifying - bypassing the need to set up accounts with a bunch of different online vendors.

Do you need a PIN or anything? I can see a future where someone bumps into you, gets your phones signal, duplicates it without even taking it and then goes and buys stuff with it.

 

[Tilted]

Do you need a PIN or anything? I can see a future where someone bumps into you, gets your phones signal, duplicates it without even taking it and then goes and buys stuff with it.

With Apple Pay, you have to have your finger over the fingerprint reader in order to verify that it matches as you move the phone close to NFC terminal. But that's not really what provides the increased security that I was referring to, I can get into that a little bit if you want me to. (With Google Wallet, I believe you have the option of having to enter a PIN; but based on what glhs837 said how that works might have changed recently. Also, when it comes to the Apple Watch, you won't have to verify you fingerprint; you'll have to enter a PIN when you first put the watch on to activate the functionality and then that functionality will be turned off whenever the sensors on the back of the watch lose contact with your skin.)

As for someone bumping into you, stealing any kind of signal (related to this functionality) would be pretty difficult because of how NFC works. The realistic range is very small, we aren't dealing with a radiating wave but rather a field. And, at any rate, at least with Apple Pay if a thief were to somehow trick the phone or watch into giving them the data that was meant to be given to a vendor's NFC terminal, that data would be of very limited use because of how the system works. A unique token is used for every transaction, not even the fake account number which is stored in the phone's secure element is transmitted during transactions.

 

[glhs837]

Do you need a PIN or anything? I can see a future where someone bumps into you, gets your phones signal, duplicates it without even taking it and then goes and buys stuff with it.

You can opt to use a PIN, but it's pretty secure even so. It's not as simple as bumping into someone. There are layers to it. Me, I don't use a pin, but that's because I use a pin lock on my phones home screen

 

[Tilted]

You can opt to use a PIN, but it's pretty secure even so. It's not as simple as bumping into someone. There are layers to it. Me, I don't use a pin, but that's because I use a pin lock on my phones home screen

So do you have to unlock the phone (by entering the PIN), or have it already unlocked, in order to make a contactless payment through Google Wallet?

 

[PeoplesElbow]

You can opt to use a PIN, but it's pretty secure even so. It's not as simple as bumping into someone. There are layers to it. Me, I don't use a pin, but that's because I use a pin lock on my phones home screen

Don't they only have to make the terminal think their fake phone is yours?

Stolen ESns are somewhat of an issue, as someone who is not glued to their phone I leave it on my desk when i go to the bathroom or in the car sometimes but I would never think of leaving my wallet there.

 

[DoWhat]

Canr wait for more place to get the new terminals

Does it come directly out of your bank account or do you have to transfer money from the bank to your google account?

 

[glhs837]

So do you have to unlock the phone (by entering the PIN), or have it already unlocked, in order to make a contactless payment through Google Wallet?

If I didnt have a homescreen lock, I could just tap and pay. I think you can opt for a PIN prior to payment also. SoftCard required this, but I thin it's an option for GW. SInce I do keep my phone locked all the time anyway, I think I'm fine.

Don't they only have to make the terminal think their fake phone is yours?

Stolen ESns are somewhat of an issue, as someone who is not glued to their phone I leave it on my desk when i go to the bathroom or in the car sometimes but I would never think of leaving my wallet there.

Right, but what they can get from your phone wont help, the server side sets up a virtual card, a one time pad if you will, that's only good for that transaction.

Does it come directly out of your bank account or do you have to transfer money from the bank to your google account?

For GW, it's right out of my checking account. But you could set up a card for another layer of cutout if you wish.

 

[PeoplesElbow]

If I didnt have a homescreen lock, I could just tap and pay. I think you can opt for a PIN prior to payment also. SoftCard required this, but I thin it's an option for GW. SInce I do keep my phone locked all the time anyway, I think I'm fine.



Right, but what they can get from your phone wont help, the server side sets up a virtual card, a one time pad if you will, that's only good for that transaction.



For GW, it's right out of my checking account. But you could set up a card for another layer of cutout if you wish.

So why can't a spoofed phone work, doesn't the merchants terminal only have to think it is yours?

 

[glhs837]

SECURITY
Credit Card fraud has been a major problem in the U.S. As banks and retailers work to upgrade their platforms, mobile payment systems like Pay and Wallet may actually allow the U.S. to leapfrog to the forefront of payment security.

While both systems appear to be equally robust, the two companies do take different approaches that shape what their products can and cannot do. For the consumer, the use of Touch ID vs. PIN Authentication is the most visible difference, but behind the scenes, there is a lot more going on. Most important is the fact that neither system reveals the user's card details to the vendor.

With both systems, the user's card details are provided only once, during the initial setup. Google adopts an intermediary role and saves your card details on their servers. They then issue a virtual card to your device, the Google Wallet Virtual Card. When paying, the device only transmits this virtual card. The vendor never sees your real card, which is safely protected by Google's own secure servers. When the virtual card is charged by the seller, Google in turn charges your stored debit or credit card, being the only entity that ever sees your real card through this transaction.


Apple employs a different system known as Tokenization. Here, when your card details are provided to the device, it contacts the issuing bank directly and upon confirmation receives a device and card specific token called the Device Account Number (DAN) that is stored on a secure chip on the device. The DAN structurally resembles a credit card number and is the thing that is passed on to the merchant when any payment is made, and authorized in the usual way with the bank.

DIVERGENCE
This seemingly small distinction makes all the difference. Since Google acts as an intermediary and stores your card details on its own servers, it does not need to worry about making any deals with the banks and practically any card can be added to your Google Wallet. In fact, you can even add loyalty cards and gift cards to your wallet, and send and receive money that can be stored in the Wallet and used directly without involving your bank.

In every single way, Google Wallet tries to replicate a real wallet in the virtual world. So much so that Google even tracks your transactions, saving order details, almost as if you stuffed your receipt into your wallet. This data will be used, as with all data on Google, to serve you ads that matter to you, which feeds directly into Google's business model. In keeping with its role as an intermediary, Google offers 100% security with its Google Wallet Fraud Protection policy.

Apple, on the other hand, explicitly declares that it will never track your transactions. In fact, Apple won't even store your card details on their servers or on the devices. All Apple does is transmit your card to the bank, authenticate with the bank and receive and store the DAN that the bank sends back.

Apple is not a payment intermediary, and is instead positioning itself as, true to its name, a payment medium alone. In essence, an Apple Pay enabled phone is an expensive and beautifully crafted credit card; one that can be lost or become useless if the phone battery dies.

Though fingerprint scan security and the ability to remotely disable the phone offer quite a bit of protection, if someone does get access to your Apply Pay phone, you have to take up the issue with your bank and not Apple.

This approach also means Apple must negotiate deals with banks and get them to sign-up for the payment revolution, a task that has limited the number of cards that can be used with Apple Pay at the time of launch. Not tracking transactions also means Apple has no way to monetize the user, and therefore it charges a per-transaction fee to the banks that it partners with, though the details of this fee structure remain somewhat murky.

All the above is from following linked article.

http://www.investopedia.com/article.../apple-pay-vs-google-wallet-how-they-work.asp

 

[PeoplesElbow]

So they are only as secure as your google and apple accounts? The apple accounts that people found a way into a few years ago.

 

[glhs837]

Social engineering always works. You can't keep people safe if they don't participate.

 

[Tilted]

So they are only as secure as your google and apple accounts? The apple accounts that people found a way into a few years ago.

In the case of Apple Pay, absolutely not.

Yes, if someone can figure out your account ID and your password (and you haven't set up multi-step verification), they can get into your accounts - whether they be your Apple accounts, your Google accounts, your Facebook accounts, your Amazon accounts or whatever. And some people are more vulnerable to such intrusions for whatever reasons - e.g., their being comparably cavalier when it comes to accounts security, their having a higher profile which makes them more likely to be a target. But when it comes to Apple Pay, it wouldn't matter if someone could get into your Apple accounts.

The processing of contactless Apple Pay payments doesn't go through Apple, Apple has just set up a better system - and set it up so that it could function seemlessly with certain Apple hardware - for the payment processors (e.g. the credit card associations and the issuing banks) to use. The only entities that ever see your credit card information are you (in the form of your physical card and your statements and such) and the issuing banks, which of course have to have your account information. The payment processing for contacless Apple Pay goes through essentially the same routing as would be the case with swiping a credit card, but the vendors and some of the entities in between just don't see your account info. They never get it, nor do they get transaction information in a form that could be linked to you in specific. Apple has set up a method (and hardware/software integration) that issuing banks are rushing to take advantage of because it results in more secure transactions for them and more convenience, privacy, and security for consumers (thus expected increased usage, which some banks are already reporting). But, aside from initial set-up, Apple is kinda out of the loop - and they don't store (as they don't need to) your credit card information.

Your credit card information can, of course, still be consequentially stolen in other ways - but not though the payment processing pipeline. Target, e.g., never sees your info, nor does its service providers - they never even get information that identifies a transaction to you, unless you otherwise provide it. They just get a piece of gibberish data that's of no further use. Likewise, Apple doesn't get information about transactions. And if your phone is stolen, meaningful info would be pretty difficult to steal - and even if it could be stolen, you can shut down its use very easily (and quickly) and still not need to have new cards (with different account numbers) issued. Further, with my accounts (that are linked to Apple Pay) I get instant notifications (in my case, on one of my iPads) any time my accounts are used to pay for something - whether they were used through Apple Pay or not. And when I say instant, I mean pretty damn quick. I've been online ordering stuff at sites where I can't use Apple Pay, so I was just using my credit card info, and I've noticed the alert for the purchase on my iPad before the screen comes up on my computer confirming that the purchase went through - as in, within the intervening 3 or 4 seconds after I clicked submit order and before I got confirmation back that it had been submitted.

Like I said before, Google Wallet works somewhat differently. But it works the same in a number of ways that make it similarly beneficial, and it can be used to do additional things.

 

[PeoplesElbow]

In the case of Apple Pay, absolutely not.

Yes, if someone can figure out your account ID and your password (and you haven't set up multi-step verification), they can get into your accounts - whether they be your Apple accounts, your Google accounts, your Facebook accounts, your Amazon accounts or whatever. And some people are more vulnerable to such intrusions for whatever reasons - e.g., their being comparably cavalier when it comes to accounts security, their having a higher profile which makes them more likely to be a target. But when it comes to Apple Pay, it wouldn't matter if someone could get into your Apple accounts.

The processing of contactless Apple Pay payments doesn't go through Apple, Apple has just set up a better system - and set it up so that it could function seemlessly with certain Apple hardware - for the payment processors (e.g. the credit card associations and the issuing banks) to use. The only entities that ever see your credit card information are you (in the form of your physical card and your statements and such) and the issuing banks, which of course have to have your account information. The payment processing for contacless Apple Pay goes through essentially the same routing as would be the case with swiping a credit card, but the vendors and some of the entities in between just don't see your account info. They never get it, nor do they get transaction information in a form that could be linked to you in specific. Apple has set up a method (and hardware/software integration) that issuing banks are rushing to take advantage of because it results in more secure transactions for them and more convenience, privacy, and security for consumers (thus expected increased usage, which some banks are already reporting). But, aside from initial set-up, Apple is kinda out of the loop - and they don't store (as they don't need to) your credit card information.

Your credit card information can, of course, still be consequentially stolen in other ways - but not though the payment processing pipeline. Target, e.g., never sees your info, nor does its service providers - they never even get information that identifies a transaction to you, unless you otherwise provide it. They just get a piece of gibberish data that's of no further use. Likewise, Apple doesn't get information about transactions. And if your phone is stolen, meaningful info would be pretty difficult to steal - and even if it could be stolen, you can shut down its use very easily (and quickly) and still not need to have new cards (with different account numbers) issued. Further, with my accounts (that are linked to Apple Pay) I get instant notifications (in my case, on one of my iPads) any time my accounts are used to pay for something - whether they were used through Apple Pay or not. And when I say instant, I mean pretty damn quick. I've been online ordering stuff at sites where I can't use Apple Pay, so I was just using my credit card info, and I've noticed the alert for the purchase on my iPad before the screen comes up on my computer confirming that the purchase went through - as in, within the intervening 3 or 4 seconds after I clicked submit order and before I got confirmation back that it had been submitted.

Like I said before, Google Wallet works somewhat differently. But it works the same in a number of ways that make it similarly beneficial, and it can be used to do additional things.

I suppose you are not understanding what I am saying. To register a new phone the only thing I had to do was enter my google account info into it, if I had previously registered for google wallet I suppose I would be able to use it immediately after that? I am not talking geting info from a retailer I am talking individual targeting. Most people use the same user names/passwords for many things since there are so many passwords etc to remember these days.