Google has announced, to some fanfare, what it hopes will be a revolution in the way we pay for things: Google Wallet.
Google Wallet is a smartphone app (currently only available for the Nexus S 4G Android phone) that aims to replace your credit cards.
It works like this. You go to a store (let’s imagine it’s a coffee shop), the barista hands you your steaming skinny caramel macchiato and a toasted onion bagel with low fat cream cheese and bacon, and rather than give them your credit card or reach into your pocket for some coins, you..
* take out your smartphone
* unlock it
* run the Google Wallet app
* enter the PIN for your Google Wallet app
* swipe your smartphone against the coffee shop’s pay point.
The Google Wallet app uses NFC (near-field communications) technology in your smartphone to wirelessly debit the credit card you have linked with the application.
Here’s a video that Google has produced describing Google Wallet.
Human nature being what it is, some people will be nervous of adopting this kind of technology to pay for goods. Just remember how long it took for some people to switch to using credit cards.
It looks like Google recognises that some people will be fearful, and is keen for potential users to know that the Google Wallet app is protected by a four digit PIN.
Unless the PIN is entered, the NFC antenna is switched off – meaning that you can’t make any purchases. Similarly when the phone’s screen is switched off, the NFC antenna is disabled.
The Google Wallet app insists that you re-enter your PIN every five minutes by default – something that I suspect many users will find irritating, and will change to a longer time period for more convenience and less security.
Another concern I have, though, is whether users will choose sensible PINs to protect their Google Wallet.
When you’re waiting to slurp your steaming skinny caramel macchiato and munch on your toasted onion bagel with low fat cream cheese and bacon, will you be entering a PIN code that is convenient or one that is more secure?
Research published earlier this year, revealed the top 10 passcodes that iPhone owners use to protect their devices and we have to assume that Google Wallet users will be just as laissez-faire when choosing a PIN.
We already know that 67% of consumers don’t have any form of password on their mobile phones.
It’s hard to imagine that all users are going to choose a PIN code for their Google Wallet which is hard to crack, let alone different from the one which they should be using to protect all the rest of their smartphone.
So, if you lose your smartphone and have not chosen a sensible PIN code both for the device and a different one for your Google Wallet then there may be opportunities for criminals to take advantage.
Update: PC Magazine’s @MarkHachman got in touch with me to point out that you get five chances to enter the correct four-digit PIN and after that “the phone’s secure element is wiped clean”. That sounds like a good way of defending against a brute force attack against the PIN, but I wonder if the threat of having their Google Wallet disabled will actually encourage users to choose potentially risky easy-to-remember PINs or simply use the same PIN that they use for the phone as a whole.
Don’t throw away your wallet just yet
I don’t want to rain on the parade entirely, however. It’s not Google’s fault that people might choose dumb obvious PINs or use the same PIN code for their digital wallet as for the device itself (although Google might do some work to reduce the likelihood of those happening, or give an option for longer pass codes).
Update: Google has told PC Magazine reporter @sarapyin that Google Wallet “rejects ‘obvious’ PINs”. If that’s the case then we should welcome that news, but I still think it would be a positive step if Google Wallet offered the option of longer pass codes and/or more than just a numeric key for your wallet.
We may be a long way off throwing away our physical wallets entirely – as folks still like to carry around their receipts, driving license, business cards and some old fashioned bank notes – but we will see mobile devices being used more and more for commerce.
It’s going to take some years for merchants to invest in the hardware to provide support for Google Wallet, and some may prefer to wait and see how the market plays out and if a rival option becomes more popular.
Always have a backup
I have one piece of advice though, which will probably hold true for many years to come. Think about this. What happens when your smartphone runs out of juice?
You won’t be able to open your Google Wallet app to pay for the late night train ride home if the battery is flat. Then you’ll be rueing not having a real credit card in your pocket or a couple of notes hidden in the sole of your shoes.