nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

Google's Softcard hookup: Never mind Apple Pay ... it's about beating the networks

Cutting the wire

By Bill Ray, 24 Feb 2015

Comment So Google Wallet will come installed on Android handsets in the US. It is an assault on Apple Pay, but it's also end of a dream which saw operators as custodians of the electronic wallet.

That dream started in 2007, when SIM manufacturers hit on the idea of embedding a secure transaction element into the SIM, connected to the NFC circuit in the phone over the last unallocated pad. Thus was born the Single Wire Protocol (SWP), and a three-way battle to see who would own the electronic wallets of the future.

NFC (or N-Mark is it is properly known) covers short-range radio and the use of induced current, which restricts the range to a few centimetres while powering the encryption chip. But the location of that chip (and thus ownership of the keys stored on it) has been hotly contested.

In one corner were the phone manufacturers, and platform owners, such as Google, Samsung and Apple. They wanted the secure element embedded in the phone and linked to their cloud. A customer who changed handsets could use the cloud service to transfer their account to the new device, as long as they stayed within the same ecosystem.

In the other corner were the network operators, who argued that the secure element should be stored in the SIM. Connected by SWP, the SIM could authorise transactions without relying on the security of the mobile platform, all under the control of the mobile operators. A customer who changed handsets could move their SIM – and thus their wallet – between devices.

In the third corner were the banks. They didn't trust the mobile platform providers or the network operators, so proposed that the secure element be stored in a MicroSD card provided by the issuing bank. The card could also use SWP, so avoiding interaction with the (untrusted) device operating system. A customer who changed handsets could easily move their wallet to the new device.

Thus the battle lines were drawn, and each side started bolstering their claim while keeping a careful eye out to see what Apple was going to do.

Apple's reaction was crucial, not only because of the popularity of the iPhone, but because Cupertino has a knack of packaging existing ideas into an acceptable form. NFC was a geek technology which needed Apple magic to make it work.

While waiting to see what came out of Cupertino, the three sides dug in. The banks got a lead from DeviceFidelity: cases with MicroSD slots and NFC, claiming an early victory in bringing pay-by-bonk to the iPhone. Trials in Nice, France, and an assortment of US cities showed that the technology would work, but the device manufacturers weren't going to play along and in February 2013 the NFC SD Consortium gave up and called it a day, signalling the end of the banks' play.

The network operators have more sway with manufacturers and could insist that SWP be supported, so all they needed was a standard platform. SIM chips are immensely secure (assuming the NSA hasn't lifted the keys during manufacture), and only the network operator can deploy a SIM application. That's great when the applications are only used to secure phone calls and enforce roaming deals, but less useful when one is trying to create a developer ecosystem.

Network operators in various countries decided that strength would come from unity, and formed consortia to create standard platforms for payments and other (secured) NFC applications. The most advanced were in the USA and the UK, branded as ISIS and Weve respectively.

ISIS started out intending to take a percentage from every transaction, but Visa and Mastercard weren't going to allow that, so a different model was developed. The idea, also adopted by Weve, was to create the SIM platforms and charge companies rent to host their applications.

So Barclaycard might decide to make an ISIS version of their card and would have to pay a few cents every month for every customer who downloaded it. Tesco might do the same for a loyalty card and Oyster for mass-transit ticketing, combining to create a sustainable revenue stream for the network operators.

Google, meanwhile, took the initiative and bypassed the network operators, using a secure element embedded in the handset for Google Wallet, which was launched in May 2011. The advantage was a fast deployment, the drawback was that Google had a very tough time convincing anyone to develop payment apps for its proprietary platform.

In August 2012 Google found a way to work around that problem with the Cloud Wallet – this involves having only one payment card in the wallet, and using card details stored in the cloud to pay off the debt as soon as possible, but that hasn't been enough to make the service successful.

Then Apple came along with Apple Pay and everyone panicked.

Apple Pay was announced last September, and within a week Weve was briefing journalists that it had dropped its plans for a UK payment system. ISIS had already been forced to change its name, but wasn't gaining any ground as Softcard. Media pundits were breathlessly reporting that Apple was about to revolutionise the payments industry.

Four months later and Apple Pay has been launched, in the US at least.

Google needs to compete with Apple Pay, and the network operators who started ISIS know that the enemy of their enemy will have to be their friend. The operators need to see multiple companies involved, and (in the US at least) they know that they can't fight both Apple and Google, so have passed their ammunition to the weaker side.

Android handsets sold by the biggest US carriers will now have Google Wallet pre-installed, but more importantly they will use a secure element stored in the phone handset and under the complete control of Mountain View. Google gets to say which applications are installed, and Google gets the transaction data to feed its advertising engine.

The concept of an NFC secure element embedded in the SIM is over, in the USA at least. In the UK only EE's Cash On Tap still uses one, but how long will Android tablets continue to support SWP when Google has such a vested interest in seeing it dropped?

In the long term, this will hurt the network operators, as they are further reduced to carrying data which belongs to someone else. The battle for control over the electronic wallet is all but over, with the network operators and the banks being thrown from the ring.

In February 2008 we said that the future of the SIM was hanging by a single wire. Six years later, Google has undoubtedly cut that supporting wire. ®

The Register - Independent news and views for the tech community. Part of Situation Publishing