There have been many attempts at mobile wallet products over the years, from letting your phone simulate a swipe of your magnetic strip through NFC-based replication of contactless cards to the laughable CurrentC that relies on scanned QR codes. Over on Android phones, there’s Google Wallet, Android Pay and Samsung Pay – along with a whole slew of smaller competitors.
But for iPhone users, Apple Pay is the undisputed champion. Security is unrivalled. Your card details are never stored at all, replaced with a unique Device Account Number. That number is stored in the Secure Enclave. And a one-time code is generated for every single transaction.
Convenience too is maximized. iPhone users need only hold out their iPhone with their thumb or finger on the Touch ID button, while Apple Watch owners simply raise their wrist to the reader. I didn’t think there was any way to improve on it, but Google may be about to prove me wrong with its Hands Free service …
Hands Free is designed to allow you to pay for things without doing a single thing. Just walk up to the cashier, tell them you want to pay with Google, smile and walk away with your purchases.
The version Google is piloting in San Francisco today isn’t very impressive. The payment terminal detects your phone as your approach the till, and displays your initials and photo to the cashier. The cashier asks for your initials, manually verifies your face against the photo and then approves the purchase. It’s hands-free, but it’s clunky.
Security also falls considerably short of that offered by Apple Pay. Google says that your “full credit card number” (my emphasis) is never shared with the store, and your payment details are only shared with the payment processor. There’s no mention of one-time codes, and the only verification that the phone is in the possession of its rightful owner is the request for your initials and a cashier trying to figure out whether the person stood in front of them looks vaguely like their photo.
Right now, it’s a non-starter, and Google’s video is – frankly – annoying. It’s one of those stupid ones usually used by startups that show a whole bunch of problems that don’t actually exist in real life before proudly presenting the ‘solution.’
https://www.youtube.com/watch?v=Qxet1VdpOQ4
But this is merely phase one. Google wants to automate the face-recognition part, so that technology, not a cashier, will verify your face.
Modern-day facial recognition tech is very, very good. The latest techniques use three cameras to build a 3D image of the face, allowing literally hundreds of measurements to be made, including things as detailed as the contours of your eye sockets and exact shape of your nose. This can be supplemented by skin texture analysis, where the lines and patterns in your skin are also verified.
If Google can get that right – sufficiently secure that there are no false positives (verifying someone else’s face as yours) and an extremely low rate of false negatives (failing to recognize your face) – it will achieve something I didn’t think possible: a payment method more convenient than the Apple Watch.
Google also has to match Apple Pay’s card security. Apple Pay’s use of one-time codes is one of the things I love about the service: even if a retailer or card processor was hacked, and someone got access to all the transaction details, it would do them no good at all. The code that was used for my purchase cannot be used to make any further purchases. Unless Hands Free Payment replicates that, I’m not interested.
There is one additional thing Apple does that Google will be unable to do: store a unique Device Account Number in the iPhone’s Secure Enclave. No third-party app is ever going to get access to that. But given that my entire iPhone is encrypted and protected by Touch ID and a strong passcode, I think I could live with that. The risk would still be exceedingly low.
Perhaps I’m just being crazily lazy. I mean, come on, raising my wrist to a payment terminal is too much trouble now? But my general attitude to technology is that half its job is eliminating the need for effort, even if the effort saved is minimal. I am, after all, the guy who – temporarily deprived of Apple Pay – considered it a slight chore to have to take my wallet out of my pocket.
In fairness to myself, I don’t think it’s actually laziness. It’s more the principle. Feeling that anything that can be automated should be automated because gadget. If I can simply pay with a smile, why not?
What are your thoughts? Could a secure, automated version of Hands Free tempt you from the path of Apple Pay righteousness? As ever, take our poll and share your thoughts in the comments.