Google's Softcard hookup: Never mind Apple Pay ... it's about beating the networks

Cutting the wire


Comment So Google Wallet will come installed on Android handsets in the US. It is an assault on Apple Pay, but it's also end of a dream which saw operators as custodians of the electronic wallet.

That dream started in 2007, when SIM manufacturers hit on the idea of embedding a secure transaction element into the SIM, connected to the NFC circuit in the phone over the last unallocated pad. Thus was born the Single Wire Protocol (SWP), and a three-way battle to see who would own the electronic wallets of the future.

NFC (or N-Mark is it is properly known) covers short-range radio and the use of induced current, which restricts the range to a few centimetres while powering the encryption chip. But the location of that chip (and thus ownership of the keys stored on it) has been hotly contested.

In one corner were the phone manufacturers, and platform owners, such as Google, Samsung and Apple. They wanted the secure element embedded in the phone and linked to their cloud. A customer who changed handsets could use the cloud service to transfer their account to the new device, as long as they stayed within the same ecosystem.

In the other corner were the network operators, who argued that the secure element should be stored in the SIM. Connected by SWP, the SIM could authorise transactions without relying on the security of the mobile platform, all under the control of the mobile operators. A customer who changed handsets could move their SIM – and thus their wallet – between devices.

In the third corner were the banks. They didn't trust the mobile platform providers or the network operators, so proposed that the secure element be stored in a MicroSD card provided by the issuing bank. The card could also use SWP, so avoiding interaction with the (untrusted) device operating system. A customer who changed handsets could easily move their wallet to the new device.

Thus the battle lines were drawn, and each side started bolstering their claim while keeping a careful eye out to see what Apple was going to do.

Apple's reaction was crucial, not only because of the popularity of the iPhone, but because Cupertino has a knack of packaging existing ideas into an acceptable form. NFC was a geek technology which needed Apple magic to make it work.

While waiting to see what came out of Cupertino, the three sides dug in. The banks got a lead from DeviceFidelity: cases with MicroSD slots and NFC, claiming an early victory in bringing pay-by-bonk to the iPhone. Trials in Nice, France, and an assortment of US cities showed that the technology would work, but the device manufacturers weren't going to play along and in February 2013 the NFC SD Consortium gave up and called it a day, signalling the end of the banks' play.

The network operators have more sway with manufacturers and could insist that SWP be supported, so all they needed was a standard platform. SIM chips are immensely secure (assuming the NSA hasn't lifted the keys during manufacture), and only the network operator can deploy a SIM application. That's great when the applications are only used to secure phone calls and enforce roaming deals, but less useful when one is trying to create a developer ecosystem.

Network operators in various countries decided that strength would come from unity, and formed consortia to create standard platforms for payments and other (secured) NFC applications. The most advanced were in the USA and the UK, branded as ISIS and Weve respectively.

ISIS started out intending to take a percentage from every transaction, but Visa and Mastercard weren't going to allow that, so a different model was developed. The idea, also adopted by Weve, was to create the SIM platforms and charge companies rent to host their applications.

So Barclaycard might decide to make an ISIS version of their card and would have to pay a few cents every month for every customer who downloaded it. Tesco might do the same for a loyalty card and Oyster for mass-transit ticketing, combining to create a sustainable revenue stream for the network operators.

Google, meanwhile, took the initiative and bypassed the network operators, using a secure element embedded in the handset for Google Wallet, which was launched in May 2011. The advantage was a fast deployment, the drawback was that Google had a very tough time convincing anyone to develop payment apps for its proprietary platform.

In August 2012 Google found a way to work around that problem with the Cloud Wallet – this involves having only one payment card in the wallet, and using card details stored in the cloud to pay off the debt as soon as possible, but that hasn't been enough to make the service successful.

Then Apple came along with Apple Pay and everyone panicked.

Apple Pay was announced last September, and within a week Weve was briefing journalists that it had dropped its plans for a UK payment system. ISIS had already been forced to change its name, but wasn't gaining any ground as Softcard. Media pundits were breathlessly reporting that Apple was about to revolutionise the payments industry.

Four months later and Apple Pay has been launched, in the US at least.

Google needs to compete with Apple Pay, and the network operators who started ISIS know that the enemy of their enemy will have to be their friend. The operators need to see multiple companies involved, and (in the US at least) they know that they can't fight both Apple and Google, so have passed their ammunition to the weaker side.

Android handsets sold by the biggest US carriers will now have Google Wallet pre-installed, but more importantly they will use a secure element stored in the phone handset and under the complete control of Mountain View. Google gets to say which applications are installed, and Google gets the transaction data to feed its advertising engine.

The concept of an NFC secure element embedded in the SIM is over, in the USA at least. In the UK only EE's Cash On Tap still uses one, but how long will Android tablets continue to support SWP when Google has such a vested interest in seeing it dropped?

In the long term, this will hurt the network operators, as they are further reduced to carrying data which belongs to someone else. The battle for control over the electronic wallet is all but over, with the network operators and the banks being thrown from the ring.

In February 2008 we said that the future of the SIM was hanging by a single wire. Six years later, Google has undoubtedly cut that supporting wire. ®

Similar topics

Broader topics


Other stories you might like

  • Google has more reasons why it doesn't like antitrust law that affects Google
    It'll ruin Gmail, claims web ads giant

    Google has a fresh list of reasons why it opposes tech antitrust legislation making its way through Congress but, like others who've expressed discontent, the ad giant's complaints leave out mention of portions of the proposed law that address said gripes.

    The law bill in question is S.2992, the Senate version of the American Innovation and Choice Online Act (AICOA), which is closer than ever to getting votes in the House and Senate, which could see it advanced to President Biden's desk.

    AICOA prohibits tech companies above a certain size from favoring their own products and services over their competitors. It applies to businesses considered "critical trading partners," meaning the company controls access to a platform through which business users reach their customers. Google, Apple, Amazon, and Meta in one way or another seemingly fall under the scope of this US legislation. 

    Continue reading
  • Makers of ad blockers and browser privacy extensions fear the end is near
    Overhaul of Chrome add-ons set for January, Google says it's for all our own good

    Special report Seven months from now, assuming all goes as planned, Google Chrome will drop support for its legacy extension platform, known as Manifest v2 (Mv2). This is significant if you use a browser extension to, for instance, filter out certain kinds of content and safeguard your privacy.

    Google's Chrome Web Store is supposed to stop accepting Mv2 extension submissions sometime this month. As of January 2023, Chrome will stop running extensions created using Mv2, with limited exceptions for enterprise versions of Chrome operating under corporate policy. And by June 2023, even enterprise versions of Chrome will prevent Mv2 extensions from running.

    The anticipated result will be fewer extensions and less innovation, according to several extension developers.

    Continue reading
  • I was fired for blowing the whistle on cult's status in Google unit, says contractor
    The internet giant, a doomsday religious sect, and a lawsuit in Silicon Valley

    A former Google video producer has sued the internet giant alleging he was unfairly fired for blowing the whistle on a religious sect that had all but taken over his business unit. 

    The lawsuit demands a jury trial and financial restitution for "religious discrimination, wrongful termination, retaliation and related causes of action." It alleges Peter Lubbers, director of the Google Developer Studio (GDS) film group in which 34-year-old plaintiff Kevin Lloyd worked, is not only a member of The Fellowship of Friends, the exec was influential in growing the studio into a team that, in essence, funneled money back to the fellowship.

    In his complaint [PDF], filed in a California Superior Court in Silicon Valley, Lloyd lays down a case that he was fired for expressing concerns over the fellowship's influence at Google, specifically in the GDS. When these concerns were reported to a manager, Lloyd was told to drop the issue or risk losing his job, it is claimed. 

    Continue reading
  • End of the road for biz living off free G Suite legacy edition
    Firms accustomed to freebies miffed that web giant's largess doesn't last

    After offering free G Suite apps for more than a decade, Google next week plans to discontinue its legacy service – which hasn't been offered to new customers since 2012 – and force business users to transition to a paid subscription for the service's successor, Google Workspace.

    "For businesses, the G Suite legacy free edition will no longer be available after June 27, 2022," Google explains in its support document. "Your account will be automatically transitioned to a paid Google Workspace subscription where we continue to deliver new capabilities to help businesses transform the way they work."

    Small business owners who have relied on the G Suite legacy free edition aren't thrilled that they will have to pay for Workspace or migrate to a rival like Microsoft, which happens to be actively encouraging defectors. As noted by The New York Times on Monday, the approaching deadline has elicited complaints from small firms that bet on Google's cloud productivity apps in the 2006-2012 period and have enjoyed the lack of billing since then.

    Continue reading
  • UK competition watchdog seeks to make mobile browsers, cloud gaming and payments more competitive
    Investigation could help end WebKit monoculture on iOS devices

    The United Kingdom's Competition and Markets Authority (CMA) on Friday said it intends to launch an investigation of Apple's and Google's market power with respect to mobile browsers and cloud gaming, and to take enforcement action against Google for its app store payment practices.

    "When it comes to how people use mobile phones, Apple and Google hold all the cards," said Andrea Coscelli, Chief Executive of the CMA, in a statement. "As good as many of their services and products are, their strong grip on mobile ecosystems allows them to shut out competitors, holding back the British tech sector and limiting choice."

    The decision to open a formal investigation follows the CMA's year-long study of the mobile ecosystem. The competition watchdog's findings have been published in a report that concludes Apple and Google have a duopoly that limits competition.

    Continue reading
  • Google recasts Anthos with hitch to AWS Outposts
    If at first you don't succeed, change names and try again

    Google Cloud's Anthos on-prem platform is getting a new home under the search giant’s recently announced Google Distributed Cloud (GDC) portfolio, where it will live on as a software-based competitor to AWS Outposts and Microsoft Azure Stack.

    Introduced last fall, GDC enables customers to deploy managed servers and software in private datacenters and at communication service provider or on the edge.

    Its latest update sees Google reposition Anthos on-prem, introduced back in 2020, as the bring-your-own-server edition of GDC. Using the service, customers can extend Google Cloud-style management and services to applications running on-prem.

    Continue reading

Biting the hand that feeds IT © 1998–2022