Skip to main content

Opinion: Could Google’s Hands Free payment be the one mobile wallet service to challenge Apple Pay?

hands-free-e1456940514508

There have been many attempts at mobile wallet products over the years, from letting your phone simulate a swipe of your magnetic strip through NFC-based replication of contactless cards to the laughable CurrentC that relies on scanned QR codes. Over on Android phones, there’s Google Wallet, Android Pay and Samsung Pay – along with a whole slew of smaller competitors.

But for iPhone users, Apple Pay is the undisputed champion. Security is unrivalled. Your card details are never stored at all, replaced with a unique Device Account Number. That number is stored in the Secure Enclave. And a one-time code is generated for every single transaction.

Convenience too is maximized. iPhone users need only hold out their iPhone with their thumb or finger on the Touch ID button, while Apple Watch owners simply raise their wrist to the reader. I didn’t think there was any way to improve on it, but Google may be about to prove me wrong with its Hands Free service …

Hands Free is designed to allow you to pay for things without doing a single thing. Just walk up to the cashier, tell them you want to pay with Google, smile and walk away with your purchases.

The version Google is piloting in San Francisco today isn’t very impressive. The payment terminal detects your phone as your approach the till, and displays your initials and photo to the cashier. The cashier asks for your initials, manually verifies your face against the photo and then approves the purchase. It’s hands-free, but it’s clunky.

Security also falls considerably short of that offered by Apple Pay. Google says that your “full credit card number” (my emphasis) is never shared with the store, and your payment details are only shared with the payment processor. There’s no mention of one-time codes, and the only verification that the phone is in the possession of its rightful owner is the request for your initials and a cashier trying to figure out whether the person stood in front of them looks vaguely like their photo.

Right now, it’s a non-starter, and Google’s video is – frankly – annoying. It’s one of those stupid ones usually used by startups that show a whole bunch of problems that don’t actually exist in real life before proudly presenting the ‘solution.’

https://www.youtube.com/watch?v=Qxet1VdpOQ4

But this is merely phase one. Google wants to automate the face-recognition part, so that technology, not a cashier, will verify your face.

Modern-day facial recognition tech is very, very good. The latest techniques use three cameras to build a 3D image of the face, allowing literally hundreds of measurements to be made, including things as detailed as the contours of your eye sockets and exact shape of your nose. This can be supplemented by skin texture analysis, where the lines and patterns in your skin are also verified.

If Google can get that right – sufficiently secure that there are no false positives (verifying someone else’s face as yours) and an extremely low rate of false negatives (failing to recognize your face) – it will achieve something I didn’t think possible: a payment method more convenient than the Apple Watch.

iPhone-6s-teardown-3-1280x960

Google also has to match Apple Pay’s card security. Apple Pay’s use of one-time codes is one of the things I love about the service: even if a retailer or card processor was hacked, and someone got access to all the transaction details, it would do them no good at all. The code that was used for my purchase cannot be used to make any further purchases. Unless Hands Free Payment replicates that, I’m not interested.

There is one additional thing Apple does that Google will be unable to do: store a unique Device Account Number in the iPhone’s Secure Enclave. No third-party app is ever going to get access to that. But given that my entire iPhone is encrypted and protected by Touch ID and a strong passcode, I think I could live with that. The risk would still be exceedingly low.

Perhaps I’m just being crazily lazy. I mean, come on, raising my wrist to a payment terminal is too much trouble now? But my general attitude to technology is that half its job is eliminating the need for effort, even if the effort saved is minimal. I am, after all, the guy who – temporarily deprived of Apple Pay – considered it a slight chore to have to take my wallet out of my pocket.

In fairness to myself, I don’t think it’s actually laziness. It’s more the principle. Feeling that anything that can be automated should be automated because gadget. If I can simply pay with a smile, why not?

What are your thoughts? Could a secure, automated version of Hands Free tempt you from the path of Apple Pay righteousness? As ever, take our poll and share your thoughts in the comments.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

  1. lincolnsills - 8 years ago

    Terrible…period.

  2. Javier Rapoport - 8 years ago

    would love to see poll results if the technology presented here was introduced by Apple and not Google… just saying :)

    • jorheu - 8 years ago

      Same thought. I love apple but I can see the hypocrisy of the users

    • tibble (@tibble) - 8 years ago

      I wish there was an option for ‘I doubt this could ever be secure’……..
      IF secure, who wouldn’t want this?

    • Chris Deeming - 8 years ago

      I think it’d be a terrible idea doomed to fail even if it was “Apple Hands Free Pay”. It falls at the first hurdle: It requires retailers to add special equipment to their existing POS systems. They won’t do it. At least with Apple pay it uses existing, industry standard technology that the majority of stores already had, or were planning to install anyway. I believe the story was a bit different in the US, but in the UK at least, most stores already had the contactless technology to read normal cards. One of the beautiful things about Apple Pay is I don’t even need to tell the retailer I’m paying with my phone, or I’m paying with Apple Pay; I’ve sadly found that some staff get confused by this. I simply say “I’m paying by card” and they already know what to do. Utilising the existing contactless system is perfect. To read a phone it is no different. Google should ultimately surrender to this fact and either do the same (under a unified Google/Android brand rather than the separate ones they already have, if they haven’t already) or just not bother at all. Or even, heaven forbid I’m sure, license Apple Pay. (That last bit was mostly a joke, I can’t see that happening :) )

  3. smartysanky - 8 years ago

    As soon as this happens, we might expect super hi accurate masks. Its easy hackable!!!

    • AbsarokaSheriff - 8 years ago

      Has no one ever seen Mission Impossible TV Series and Movies. I want the Donald Trump mask and his bank account.

  4. Robert - 8 years ago

    There seems to be a number of security flaws. For example, what stops someone from setting up a malicious register and taking money from unsuspecting passers by? All you need is their initials. Or am I missing something?

    • Ben Lovejoy - 8 years ago

      The automated version would be configured to recognise faces standing face-on right at the counter, but yeah, the current pilot version is pretty poor.

      • Henry Johansen - 8 years ago

        But that should be exactly the
        point. Apple’s top argument in the FBI dispute is that once an insecure version is built, you can’t undo it. Google simply starts by releasing the hack? Not okay.

    • standardpull - 8 years ago

      This is definitely demo-ware, and will not hit the street.

      1. When I buy something, I’m not usually carrying a baby with zero hands free.
      2. I don’t want to talk to a clerk, Siri, Hey Google, or anything else.
      3. This doesn’t stop the fraudulent store clerk from “mistakenly” debiting from someone else’s device. I’m sure a couple misplaced transactions per thousand will be typical.
      4. This allows a retailer to capture the presence of people who are simply passing by who are not shopping. Very not cool.
      5. I don’t see how this works with online shopping, or at the fuel station, or many other scenarios.

  5. viciosodiego - 8 years ago

    yeah but no thanks.
    I don’t exactly trust google with my data.
    For all you know google mite sale your data to the stores you buy from.

  6. aztecskater - 8 years ago

    The technology is great, but there could be problems behind it. What if it have bugs that can ruin the experience, or what if the facial recognition doesn’t recognize your face. Yes, I know all these can be fix but it might take some time to see the real potential of this.

  7. Photo? Sending that photo to the store’s computers? Fuck no. There’s is ZERO chance of any bank authorizing this as a payment solution, ever.

    • Ben Lovejoy - 8 years ago

      Well, it must have been authorised by at least one bank for the trial … But biometrics does seem to be the direction in which bank security is headed: http://9to5mac.com/2016/02/19/hsbc-touch-id-voice-recognition/

      • Robert - 8 years ago

        A photo is not a good way to do biometric security (MasterCard are experimenting with this as well). Anyone can get hold of a photo of me.

        It’s a much harder for someone to get my fingerprint AND my unlocked iPhone.

      • Ben Lovejoy - 8 years ago

        “Modern-day facial recognition tech is very, very good. The latest techniques use three cameras to build a 3D image of the face, allowing literally hundreds of measurements to be made, including things as detailed as the contours of your eye sockets and exact shape of your nose. This can be supplemented by skin texture analysis, where the lines and patterns in your skin are also verified.”

  8. joelwrose (@joelwrose) - 8 years ago

    The biggest issue, honestly, is educating the store employees. As an Apple Pay user, I’ve found its always best to never tell cashiers that you’re paying with Apple pay- it only complicates things. Even in situations when I had to tell the I was using Apple pay (because the CC terminal wasn’t out where I could reach it), they couldn’t get it right until I told them just to do it like I’m paying with a Credit Card.
    Anyway, my point is, unless Google does an AMAZING job of educating store employees (which is not their strong suit) cashiers will be super confused by the whole thing.

  9. Jay Froscheiser - 8 years ago

    This isn’t about security. They won’t release it without being secure so I consider that a given. This is about privacy. Stores want to know who is shopping and builds profiles off them. They can’t do this with Apple Pay until loyalty cards are implemented in some way (why do you think Target doesn’t support Apple Pay while having the Red Card – and by all means they should have been the first company jumping on a secure payment solution after their breach). Google is going to appeal to stores because by getting the photo of the shopper, they can now place facial recognition cameras throughout the store to look at your movement. They already have them at the door. Would it be valuable to know a customer walked in the door and left without a transaction? How about timing how long the customer was in the store before checking out? All of this would be possible with Google’s proposed tech.
    Joelwrose hit it on the head. If I had a dime for every clerk I instructed how to use Apple Pay to check me out. The number of stores that take Apple Pay but the clerk says “whats that” when I say I am paying with Apple Pay is a travesty to customers and to Apple. Apple needs to get out and educate retailers. If that doesn’t happen soon, Apple Pay will die. If it causes embarrasement to a customer at check out because they hold up the line.. .or after asking about Apple pay end up having to pull out a credit card anyway, it will cause customers to just walk up and use the swipe/chip.

    • Jake Becker - 8 years ago

      I think pound-for-pound it may be the single issue Apple needs to be most aggressive on right now. It is a 5 star service and they need to push even harder.

  10. I don’t think this will catch on, how many people will be talking, and who’s going to remember to say “I’m paying with Google.”? I probably won’t remember to say that, especially if I’m with someone else and talking to them.

    • This makes no sense whatsoever. You’re in a line to pay for something but you’re not going to remember how to pay? There may be many, many, many valid reasons to not use the service. Not remembering to pay is not on the list of valid reasons.

  11. My questions are…where does the retailer get a picture of me to compare to my actual physical presence and where is that picture stored and by whom? What other personal data is, or needs to be, stored with my picture? None of this sounds like anything I want to get involved with.

  12. Otto Olah (@ottoolah) - 8 years ago

    “…while Apple Watch owners simply raise their wrist to the reader. ” Not exactly, they have to push the long button twice on the watch first. You need both hands to pay with an apple watch. One hand is enough to pay with iPhone.

  13. Phil Randle - 8 years ago

    This wouldn’t work in reality in most Tap ‘N’ Pay solutions, sure the US is only starting to get tap and pay solutions in large platform stores, in Australia Tap ‘N’ Pay NFC facilities are everywhere, from your supermarkets, large stores, local cafes, even market stalls and kiosks have Eftpos terminals that have Tap ‘N’ Pay functionality.

    A lot of the time, most of those external merchants only have an Eftpos System with a sim card so it can communicate transactions, Apple Pay works completely fine on it because it’s just requires NFC, but requiring stores to also have a decent data connection so they can download the photos for authenticity checking, will only work in actual shops with a checkout station.

    One of my favourite things in most cafe’s in Sydney is that I can pay from my table because the waitress/waiter can just bring the terminal over to my table, double tap the button on my watch, and out I go. Sure 4G sim compatible terminals with a display could be made available along with a data plan, but it wouldn’t be worth the effort for most retailers when other forms of payments are available and are also just as convenient.

  14. AbsarokaSheriff - 8 years ago

    This is intriguing but there are a number of issues.

    First is scalability. If you have 200 million credit card users in the US alone that’s a huge facial recognition database. If you’re capturing the face data and transmitting it on the web you’re sending lots of data. Talking hundreds of kilobytes vs 20 bytes for a token.

    So that’s a non-starter. So the facial authentication has to be on the phone. So the phone must be on and able to contact with NFC or BlueTooth. Or the phone must be woken up like for a voice call. Doable.

    The camera must be a similar camera to the one on the phone.

    So phone authenticates. Phone then has to transmit a token for payment.

    Another issue is unattended payment for vending machines, parking meters, subway turnstiles. All of these are Apple Pay compatible because they use the same infrastructure. Would voice recognition be required or special buttons to pay with Google Hands Free.

    I’d be curious to see how the facial recognition handles shaving and beards as well since it’s common to have or not have stubble. Your fingerprints can change with sweat and moisture but you can dry them off.

    It’s all possible but a huge investment in hardware, cameras, voice recognition and changing user experience. Doesn’t seem like it’s more secure or more efficient than Apple Pay especially with a watch when you already have biometric authentication.

    Definitely worth following though.

  15. Rich Davis (@RichDavis9) - 8 years ago

    I don’t think I would want an automated payment system, it just a little too out of my control. What happens if I didn’t want to pay by my mobile payment system and I wanted to pay with cash instead? It might rack up my credit card when I didn’t want it to. It’s just a little weird. I only want to use the payment method I want to use and I don’t want that being done AUTOMATICALLY.

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear