Skip to content

Real World Cloud NFC Mobile Payments

2013 December 3

I went on a shopping spree yesterday using my Nexus 7 Android tablet to pay via NFC.

I wanted to test out KitKat’s new NFC capabilities provided by SimplyTapp, which is in all official Android builds going forward. I also wanted to compare making payments using Google Wallet and an experimental app.

Google Wallet with McDonald's mobile payment receiptsAs I mentioned in my previous post, Android 4.4 KitKat no longer requires a hardware secure element. This is called host-based card emulation (HCE). Importantly, this means wireless carriers no longer control provisioning cards for NFC payments.

Mobile carriers are now just one of many types of organizations that can provision virtual payment cards onto NFC-enabled devices. Plus this means no more annoying trips to your carrier’s retail store to get an “enhanced” SIM card to enable mobile payments.

Now banks, retailers, loyalty card companies, card networks – and anyone else who wants to – can embed payment functionality into their applications.

Of course, this means they have to provide a lot of back-end services and integrations with payment processors. But it’s now possible and it works.

I went shopping to try it out.

First I had to setup my Nexus 7 tablet. Many other Android devices support NFC. Here’s the full list. Android 4.4 KitKat is still rolling out to some users. I got my upgrade opportunity on Wednesday, just in time to play with it over Thanksgiving weekend.

Google Wallet mobile payment setup using bank account instead of credit or debit cardNext I installed Google Wallet. Google Wallet lets me manually enter both card and bank account information.

Behind the scenes, when you pay with Google Wallet, it actually uses a “Virtual MasterCard” from The Bancorp Bank then the bank turns around and bills the payment method you entered.

Think of it as a proxy of sorts – or even a benevolent “man-in-the-middle”. Collecting millions of bank accounts can be a profitable business by itself with mobile payments as the trojan horse.

With Google Wallet, I can also order a Google Wallet card with a traditional magstripe that lets me pay using my wallet funds anywhere. I find the card of little use because I don’t plan to keep money in my Google Wallet. Rather, I plan to only use it as a passthrough.

Lastly, it’s worth noting that you can use Google Wallet like PayPal to send money to someone else with Google Wallet (aka a P2P payment). If Google Wallet catches on, this might be useful and another step towards World Domination for Google. Right now, it’s a curiosity with little opportunity for use – like NFC payments.

Later I also installed my experimental wallet application that also can use NFC to make payments. A bank embedding this technology into their mobile banking app can skip Google Wallet’s card entry step.

Banks already know your card information and can simply provision your card from the cloud once you enable mobile payments and setup your PIN.

Merchants could also do this for white-labeled credit cards and loyalty cards while offering the option for customers to enter any card into their app. When you think about it, this is exactly what we’ve been doing with Amazon.com and other online retailers since the 1990s.

Merchants could even consider transferring existing payment tenders from online accounts to the retailer mobile shopping app with the customer’s permission.

Next I had to find a merchant with a) NFC readers, and b) NFC readers that worked. I went to Walgreen’s first. They had an item I wanted to buy for my son for Christmas. (I won’t mention it by name, in case he reads this blog). Since I wanted to test out both apps, I also picked up some gum.

I nervously wandered around the store looking like a shoplifter waiting for a slow period at the one cashier. Unfortunately a nearby retirement home had literally dropped off a busload of senior citizens to do their shopping.

Finally, when the line was empty,  I went to make my payment. I set Google Wallet as the NFC default.

I told the cashier I wanted to make two transactions. She just looked at me for a second before scanning the expensive item. I held the ‘x’ in “Nexus” on the back of the tablet over the contactless reader. (This is where the NFC antenna is located).

Nothing happened.

I tried again – not even a beep. The cashier just looked at me.

“Do you know if this thing works?” I asked.

“I’ve never even seen anyone try to use it,” She said. “Do you have a card you can use?”

I pulled out my credit card and finished the purchase. Then we both realized I still had the gum and she started another transaction to pay for the it.

“The Photo Department is also available for checkout, ” I heard announced over the loudspeaker. I looked up and there was a line of seniors waiting behind me.

Next, I drove to Staples where I bought my Nexus 7. I noticed they had contactless readers when I bought it. The checkout was empty when I walked in. I grabbed a large bag of candy and walked up to the cashier.

“I want to pay using this thing,” I said, wiggling the Nexus and mostly hoping he didn’t think I had stolen it.

“It doesn’t work,” the cashier said as he rang me up. “I’ve seen people try it and it never works. I think it doesn’t work with our register.”

I held the tablet over the reader anyway – and it beeped. A red light also flashed. But nothing happened on the checkout display.

The card reader should say that my card was scanned and eventually say “Accepted,” just like with a card swipe. Nothing happened. I tried it again. Nothing. I pulled out my card again and paid with using the magstripe.

“Try GameStop or Home Depot. I think their readers work,” He said.

I went out to the car and started eating the bag of candy. I decided to try Lowe’s first because it was closer. My store didn’t have contactless readers.

I got back in the car and ate more of the candy. I headed toward GameStop but saw a McDonald’s on the way. I pulled in. McDonald’s is one of the largest contactless-enabled merchants.

Fortunately, McDonald’s was empty. Again I made sure Google Wallet was set as the default. I ordered a coffee and put my tablet over the reader to pay. It beeped, the light flashed and a few seconds later the checkout display listed my card and the receipt printed.

“I want to try it again with another card,” I said to the cashier. He didn’t seem to mind.

I set the experimental app as the default and ordered another coffee.

I held the tablet over the reader. It beeped and flashed and instantly started printing the receipt and opened the cash drawer.

I now had two large coffees to counteract the sugar crash of the candy from Staples.

 

 

 

 

Be Sociable, Share!
4 Responses leave one →
  1. December 4, 2013

    Dave, nice real-world summary. This type of all the steps required is enlightening. Obviously, still work in progress on many fronts. More importantly, you need to cut down on the caffeine and sugar.

    -Charles

  2. Joel C. permalink
    December 4, 2013

    I would have bet that you purchased at least a KitKat to test HCE ;-)

    Interesting and intriguing. Many questions may be raised, especially on the SE.

    You need to store your Card Credentials somewhere. If they’re in the device, that means your Issuer trusts the Andoid OS security; I would be surprised to hear comments from the Payment Networks (Visa, MC, …). Don’t they have to certify the devices and Payment App?
    Otherwise, the Card Credentials may be in the Cloud. It means that the Payment App communicates live between the Payment Terminal and the Issuer Cloud… Their may be some delays introduced that might cause card reading failures/timeout?

    One thing sure is that when all planets are aligned, you can buy any number of coffee you want.

  3. December 4, 2013

    Thanks Joel. The card credentials are stored in the cloud rather than on the device. In the age of smartphones, I think this is a more secure architecture anyway. The card networks don’t have to certify mobile app providers any more than they have to certify e-commerce providers. There is integration on the cloud-side, but it’s far more straightforward now that carriers and TSMs don’t also have to be involved in the negotiations.

    It’s also worth noting that these transactions was completed offline. My tablet isn’t cellular enabled. The POS communicates to the card issuer essentially the same way regardless of whether the card is read via magstripe, EMV, or contactless.

    HCE does create many interesting possibilities when there’s a connection to the device during payment.

  4. December 4, 2013

    Thanks Charles. In fact, I had to go to bed early after the sugar crash. On my next shopping spree, I’ll try to purchase non-consumable items.

Leave a Reply

Note: You can use basic XHTML in your comments. Your email address will never be published.

Subscribe to this comment feed via RSS