Google Wallet: Smartphone mobile commerce

Well the future is finally here. With your smartphone, you can board airplanes, order a latte at Starbucks, watch 3D movies and now dispense a Coke from a vending machine.

Google Wallet is a mobile application that aims to “turn your phone into your wallet.” It allows users of phones with near-field communications (NFC) hardware to pay for items using one of two virtual payment cards: a Citi MasterCard or a Google Prepaid Card, a card funded from a person’s other credit cards.

The technology uses the PayPass contactless payment network familiar to many at Mobil gas stations. It requires a retailer or vending machine to have hardware that when “tapped” by a phone with NFC hardware will accept a wireless payment transfer from the customer’s account.

The capability initially will be available on the Samsung Nexus S 4G phone on Sprint’s network. This smartphone payment application differs from the one available for Starbucks’ customers. That application displays a barcode on the phone’s screen. The customer then holds the phone in front of a scanner at the register, which reads the barcode and processes the sale against the customer’s prepaid Starbucks account.

Naturally, we were interested in the security for this uber mobile application.

First, the payment hardware (radio transmitter) in the phone is disabled when the user’s phone is not active  – a state of automatic lockdown -and users have to ability to turn on or off the capability.

Next, the “Secure Element” chip which contains the users credit card or payment information is separated from the operating system and phone hardware, and its data is encrypted. Only authorized programs like Google Wallet can access the Secure Element to initiate a transaction.

Additionally, because Google Wallet enforces a security PIN, the only way to transmit payment credentials is if you first enter the security PIN. Entering your PIN temporarily enables the NFC chip and unlocks your card credentials so that they can be read by the vendor’s device.

The other potential risk would happen when your payments are wirelessly transferred from your phone to the PayPass reader ( a few inches away). We’ve already heard about hackers who intercept wireless transmissions with the potential to pick credit card numbers out of the air.

However, Google says MasterCard’s “secure encryption technology” will keep your data safe during its short, mid-air journey from phone to PayPass sensor.

I guess we have nothing to fear but fear itself. Might as well load up the smartphone and leave the wallet at home…for now.