How Google Wallet works


In May, Google announced Google Wallet, its innovative new smartphone payments platform. (Broad details about the announcement can be found here.) But how will you, a smartphone owner, actually use this technology? To help answer that question, we’ve broken down of how all of this works.

What it does

Using an embedded NFC (near-field communications) chip, Google Wallet is an open platform (and an Android app) that will allow you to use credit cards, coupons, store loyalty cards, etc without actually swiping each card. Instead, you’ll simply tap your phone up to a payment receiver to complete a transaction. For those who’ve used MasterCard, Visa, American Express, or Discover PayPass wireless systems, where you can tap your credit card to wirelessly pay, this isn’t a completely foreign concept. For the rest of you, just think of tapping as you would credit card swiping.

Field trials for Google Wallet have begun in San Francisco and New York City and MasterCard is currently the only major credit card provider onboard, along with a bevy of retailers. However, Google is working aggressively to get more providers to join.

Update: Google Wallet is being sent to all Google Nexus S owners via an over-the-air update soon and the field trial is over. Visa, MasterCard, American Express, and Discover have all signed on board and will be added to the app in the near future. It should be available around the country, though we’re waiting to hear about more compatible handsets.

Activating your credit card


Assuming you have a NFC compatible Android phone and have installed the Google Wallet app, the next step is activating a credit card. The steps to do this are pretty simple. You simply enter the account number, type of card, and the relevant personal information. Google then verifies this information with the credit card company and FirstData (which securely runs the backend of much of the financial industry). Once you activate the card via email, you can use it however you wish; however, you can spend up to $100 without entering the activation code.


Google has also included a prepaid card with every Google Wallet. You can use this like a debit card, filling it up with a set amount of cash through a credit card or bank account. This type of card is especially useful for those who are a bit weary of the security risks associated with using a full credit card.

As you can also see in the picture above, there is a circle icon under each card (swipe between cards) that allows you to turn a card on or off. If a card is deactivated, there is no way to use it for payments.

Making a transaction


Making a transaction is fairly easy. You must have the Google Wallet app open, at least one credit card activated (that is accepted at the store you are at), and then place your phone no further than two inches from a receiver (seen above). This is similar to how PayPass technologies work. With one “tap,” you’ll pay for your item, get a credit on any reward programs you’re a part of, and use any coupons you’ve gathered. The process looked excessively simple and automated during Google’s in-house demonstration. Real world use could prove to be more complicated, but we are hopeful.

Using a coupon


Google also announced Google Offers in May, which will pair up with Google Wallet to provide users Groupon-style incentives to use the new system. While that program appears to be a Groupon clone with heavy Google integration, Google Wallet will be able to utilize digital coupons of all kinds. Demonstrating the technology, Osama Bedier, a member of the Wallet team, searched for “Denim Shorts” on Google and found a coupon for American Eagle. We did the same search and found the same coupon (seen above). If you have Google Wallet, you’ll be able to click on this coupon and “Save to Wallet,” which will instantly send it to the Offers section of your phone. We don’t yet know how interoperable or “open” this part of the Google Wallet system will be.

Security of your Wallet


Google made a point to say how much of a focus is on security. “Security is very important to us. It was a fundamental consideration from day one,” said a Googler named Rob von Behren. He explained that on top of being able to lock your wallet and deactivate cards easily, Google is taking extra measures using a combination of hardware and software. It complies with all PayPass standards, but has added security measures. If your phone is off or your screen is dark, NFC is disabled. On top of that, if the screen is on, NFC is enabled, but the secure element is off, making it impossible to do a transaction. Only when the app is open and you’ve entered your four digit PIN, will it work. Google sends information to several secure channels for verification. This is seen via the flow chart below.


Behren also hinted at the “secret sauce” that Google is using to beef up security even more. On its Google Wallet Website, the search giant describes the “NFC chip + Secure Element,” which is almost a miniature computer of its own: “Google Wallet stores your encrypted payment card credentials on a computer chip on your phone called the Secure Element,” writes Google. “Think of the Secure Element as a separate computer, capable of running programs and storing data. The Secure Element is separate from your Android phone’s memory. The chip is designed to only allow trusted programs on the Secure Element itself to access the payment credentials stored therein. The secure encryption technology of MasterCard PayPass protects your payment card credentials as they are transferred from the phone to the contactless reader.”

Google representatives said that the system has “baked in” protection against many “laser attacks” and many other forms of data theft. Speaking with CNET, an NXP spokeswoman said that the Secure Element is actually impenetrable by malware as well. Here’s how it works: “The Secure Element requires authenticated access rights–the architecture is set up such that the Secure Element is firewalled off from the rest of the system,” she said. “The technology is similar to that used in high-security solutions/applications such as ePassports.”

Other security experts have mixed opinions. CNET defends Google Wallet, saying that your chances of being exploited are lower than if you carry around a physical wallet: “Nimble-fingered pick pockets nab wallets from people all the time, spending the cash and using the credit card at retail shops that don’t ask for identification. And unsavory personnel at stores online or off can easily use your credit card number before you even suspect anything is amiss. So, yes, your data locked behind PINs and encrypted on your phone is safer than in your wallet at this point.”

Just getting started

While many will get riled up at the idea of using a smartphone to pay for things, and rightly so, it appears that Google has its act together. Only time will tell if this is truly the case. The only way this program will succeed is if almost all major credit cards, banks, and retailers get onboard quickly. The major credit cards have already signed up, but unfortunately, here in New York a lot of smaller stores and restaurants don’t even use credit cards, and instead opt to have an ATM inside the store due to high fees from credit card companies. Does Google have a plan to catch them? And, again, can we really have a smartphone for our wallet if the battery life is so poor?

Find out if your Nexus S supports Google Wallet

To find out if your Nexus S is currently capable of using Google Wallet, perform the following. If not, you’ll have to wait for the OTA Google update.

1. Open settings.

2. Find “build number.”

3. If it reads GWK74, you’re all set. If not, you’re going to have to wait until the phone gets an OTA update.

If you don’t yet have access, be patient and watch this introduction. Your time will come.

Update 5-20-2011: Added more content to the security section.

Update 9-20-2011: Visa, Amex, and Discover have joined Google Wallet. It’s field trial is over and it has launched. If you’ve used it, let us know!

Get our Top Stories delivered to your inbox: