Google has announced that it is testing its new payment app, Hands Free, which (as the name suggests) allows users to make payments without the need to use their hands, mobile device or wallets.
Relying on Wi-Fi, Bluetooth and location services to determine whether you’re near a participating retailer, users would be able to pay for goods by simply uttering “I’ll pay with Google”. The cashier will then confirm the users’ identity by checking the individual’s initials and using a picture of the person, which has been added to the app, to complete the transaction.
This new payment method is yet another innovation in the industry to simplify the payments experience. With Google’s Android Pay, which stores payment information on your device, set to launch in various countries this year, this Hands Free application, with payment information stored in the cloud, is another approach addressing that frictionless payment convenience consumers demand.
As Google’s senior director of product management stated, the current user experience is “quite clunky”. Hands Free, then, introduces a ‘social interaction’ payment approach replacing the need for people to reach for their phones, or cards, to pay for goods – which, up until now, has been relatively slow.
There are multiple reasons for this reluctance to embrace mobile payments, namely users not seeing the need for it, especially if payment cards are doing the job just fine and then there are also fears over security.
Balancing user convenience with security
Therefore, cloud based payment apps such as Hands Free will need to have the underlying security infrastructure to protect the payment card and biometric information against misuse or theft if such payment solutions are to succeed. The challenge for the industry has been to find a way of emulating the cryptographic security of an EMV chip, as found in a physical payment card, in a virtual environment.
Tokenization is one of the security tools available. Until recently, tokenization had been used primarily by acquirers to help merchants reduce their PCI DSS scope and devalue data stolen by fraudsters. In digital payments, tokenization is now being used to reduce the security risks inherent in the transfer of highly sensitive data such as payment card personal account numbers (PAN).
But how does this work in reality? The 16-digit number used for transactions has different value for a mobile payment transaction than a physical payment card and the real PAN is held, securely, by the issuer. Tokenization, in short, enables parties in a payment transaction to trade numbers that represent a person’s real PAN rather than account number itself. By doing so, if the mobile transaction is compromised by a cyber criminal, the information is rendered useless for creating counterfeit cards, for example.
In short, ensuring that consumer data is protected will be crucial if payment methods such as ‘Hands Free’ are to make a lasting impact in consumer’s everyday lives. Only when consumers are offered a universally trusted solution to securing their valuable data will we reach the ‘tipping point’ for mass-adoption of innovative payment solutions.