Late last month Google used the occasion of the annual developer conference Google I/O to announce the arrival of Android Pay, a mobile payment service for smartphones using the search giant’s open-source operating system.
The unveiling came roughly nine months after that of Apple Pay, and despite the great edge in market share that Android has over Apple’s iOS – almost 80% of the world’s smartphones are Android-powered – it was met with a great deal less fanfare, and many more warnings about the road ahead.
Among the main criticisms are Android Pay’s confusing relationship with Google Wallet, the mobile payment service that was launched in 2011 and never gained much traction, and a potential for compatibility issues with the various versions of Android installed on handsets by different equipment makers and network operators around the world. Also embarrassing was an apparent failure of Google to follow Apple in negotiating a slice of transaction fees before Visa and Mastercard moved to a new “tokenization” system which prevents payment services from charging fees to card providers. Even one of Android Pay’s unique value propositions – its integration of merchant loyalty programs – was quickly overshadowed by news that Apple Pay is likely to do the same in the near future.
Unfortunately, there is yet another, less-publicized problem Android Pay faces: A brake on its adoption in Europe and other non-EU markets due to the slow spread of EMV tokenization, a necessary security measure for the “chip and pin” (EMV) credit and debit cards which are now standard in many of these markets. While Apple Pay faces the same hurdle outside the US, it matters to Android Pay more because Android’s strength is its larger global user base.
EMV tokenization is necessary to move beyond the storing of bank card data and other sensitive information in the “secure element” of a mobile device’s SIM card, which gives mobile network operators ultimate control over transactions using the device. It was in part because of this control by carriers that Google earlier found itself stymied in its efforts to promote Google Wallet, and which led to the development of host card emulation, a software-only architecture that bypasses the secure element.
But EMV tokenization is dependent on the card networks signing up issuing banks, after which they can then be approached by Google or Apple to be included in their respective mobile payment systems. And this is a process that is simply not happening quickly enough.
The problem is ironic, because it was in Europe that EMV was first mandated (in 2006), while adoption of the more secure card has only recently begun to pick up in the US. Then again, it is also ironic that Google is playing catch-up in announcing a mobile payment service, when in reality it beat Apple to the party by several years.