Like any good format war, both NFC and cloud payments have their own big-name backers. The biggest name carrying the NFC banner is ISIS. The company, which is backed by three of the Big Four U.S. carriers (AT&T, T-Mobile and Verizon Wireless), will allow users to pay for items using specific Chase Bank, American Express, Capital One and Barclays cards more info here. ISIS also allows users to add coupons and their own loyalty and rewards cards to their virtual wallet. Users add loyalty cards via the ISIS Read Pay & Save merchant directory. Coupons are added using the Clip To ISIS button on participating merchants’ websites. ISIS truly has the potential to make your smartphone your one and only wallet.
To use the service, however, consumers must have an ISIS-enabled, NFC-equipped smartphone. “From an ecosystem perspective, if you are talking about NFC-based payments, both the consumer and the merchant have to have hardware that can support those payments and very few on either side do,” explained Denée Carrington, senior analyst with Forrester Research. “So that’s certainly a hurdle for now. And a strong kind of critical mass on either side isn’t likely to happen until 2015 or 2016.”
Carrington said there will be significant ramping up in the meantime, but it will take “another three to four years before there is significant usage of NFC payments in the marketplace.”
Despite these limitations, ISIS representatives say they are confident that NFC is the best method to enable mobile payments. “We believe NFC is the most secure technology to modernize the payments process. A combination of hardware and software — as opposed to vulnerable software-only solutions — provide the best security protections for consumers and merchants,” said ISIS spokeswoman Catherine Sherman.
On the opposite side of the spectrum are cloud-based digital wallets from the likes of PayPal and Square. Both solutions can be connected to a user’s bank account and used at many participating merchants. Unlike NFC-based solutions, PayPal and Square don’t require consumers to purchase any additional hardware to use either service, and support iOS 4 and higher devices and Android 2.2 and higher handsets. Merchants who choose Square will, however, need to purchase additional hardware to use the service. Square also limits users by only allowing them to connect one bank account.
PayPal’s digital wallet is a mobile extension of the popular Web-based payment platform. Users download the app and can select PayPal as a payment method at a merchant’s sales terminal and enter the mobile phone number linked to their account to complete their purchase. If a store is having a sale, the PayPal app will automatically apply any coupons to your purchase, explained Anuj Nayar, PayPal senior director of communications.
The advantage of services like PayPal is that they allow users to access their account from any Web-connected device. NFC-based mobile wallets are bound to the hardware on which they reside. “Digital wallets don’t live on any one device, they live in the cloud,” Nayar said. “You can access that same wallet from any device. You can access it from your computer, mobile device or a kiosk in a store.”
Google Wallet Grows Up
For now, the biggest name in the virtual wallet space is Google Wallet, which pioneered mobile payments for Sprint customers way back in the summer of 2011. At launch, Google Wallet focused mostly on NFC technology but the service has since evolved to rely more on the cloud. Google Wallet allows users to pay by using both NFC-enabled contactless payment terminals as well as purchasing items online at participating websites much like PayPal. When used in stores, Google Wallet will also automatically apply Google Offers deals at participating merchants without ever having to clip another coupon. Wallet essentially attempts to offer the best of both worlds for consumers.
When it first launched in 2011, Google Wallet was only available on one Sprint device, the Samsung Galaxy Nexus. Google also limited the number of payment cards consumers could connect to their Wallet account. Since then, Google has revamped Wallet to include Virgin Mobile and added a host of Google Wallet-compatible devices to its lineup, including the LG Viper 4G LTE. Still, Google Wallet doesn’t enjoy the kind of backing from wireless carriers such as AT&T, T-Mobile and Verizon Wireless that ISIS does.
But according to Aite Group’s Oglesby, Google’s move to the cloud should prevent it from being usurped by ISIS. “Wallets can operate from the cloud, and Google Wallet has moved there, so they don’t really need the support of the carriers,” Oglesby explained. “They can get people signed up for Google Wallet via their own distribution channels, including the Android Marketplace, which is a powerful wallet distribution channel. So, yes, I do think that [Google Wallet] can take off without support from the carriers.”
The most pressing concern for consumers when it comes to virtual wallets is how secure they are. According to Forrester’s Carrington, as much as 37 percent of early mobile payment adopters say they are very concerned. Just 9 percent of survey respondents said they were not concerned.
As previously mentioned, NFC- enabled smartphone solutions such as ISIS use a secure element chip stored on a user’s phone to keep payment information safe. Google Wallet and ISIS users can also remotely lock or wipe their payment information if they ever lose their phone.
According to Derek Halliday, senior product manager of security with Lookout Security, one of the inherent security benefits of NFC-based solutions such as Google Wallet and ISIS is that NFC signals have a very short range. Hackers have demonstrated that criminals can take information from an NFC device in a person’s pocket by rubbing an NFC reader past it, but Halliday said doing so requires that the hacker be very close to you while your phone and payment app are running and open.
Both Google Wallet and ISIS offer users the ability to set a password PIN that must be entered to complete a transaction, making hacking difficult.
Google, which previously saved payment information on users’ devices like ISIS, has taken the further step of moving user information to the cloud, Robin Dua, head of product management for Google Wallet, said. “Cards are securely stored on our servers in the cloud and protected with financial-grade security measures that data processors or banks use to protect card information and personal information.”
Cloud-based digital wallets such as PayPal offer similar protections against hacking, storing users’ financial information on secure servers. According to PayPal, transactions are also monitored 24/7 for any suspicious activity.
There’s nothing guaranteeing that either NFC- or cloud-based solutions are completely safe from hackers and other criminals. But with the safety measures these providers offer, users should feel confident that their financial data won’t fall into the wrong hands.
“The biggest risk is that consumers aren’t fully aware of the precautions associated with this technology and aren’t diligent about the general security of their phone,” said Lookout co-founder Kevin Mahaffey. “This comes down to the normal things like PIN locking their phone.”
The Long Wait
So when can you expect to start using virtual wallets in place of your standard credit or debit card? Unfortunately, you’re going to have to be patient. PayPal’s mobile solution is still in its early testing phases at Home Depot stores, while ISIS is finally in the trial phase.
Initially set to begin a trial run in August, ISIS pushed back the date to September. That date was then extended to Oct. 22. When asked about the reason behind the delays, an ISIS spokesperson said, “We’re working through a final punch list of things to ensure a great consumer experience and seamless partner integration. The list is short, but a few pieces require additional time.”
Perhaps the biggest hurdle facing the movement to virtual wallets is the fact that they aren’t yet a necessity. “There has to be a compelling reason for consumers to use it,” Carrington said. “There’s nothing wrong with using a credit card today. There has to be a compelling reason even for early adopters beyond just the novelty.”