cancel
Showing results for 
Search instead for 
Did you mean: 
1

Ask

2

Reply

3

Solution

Great News! Android Pay is arriving in the UK!

Nabs
17: Community Champion
17: Community Champion

In a post on the Official Android Blog this morning they have announced the launch of Android Pay in the UK

 

Android users in the UK are already enjoying many great features of Android from Google Photos to Google Play, and in the next few months Android smartphones will become even more useful with the launch of Android Pay. We’re bringing together payment networks, banks and retailers to help you pay simply and securely.

 

In the US Android Pay requires a device running 4.4 or newer and a compatible debit or credit card. Much like Apple Pay it will initially launch with a few major banks with more to join later.

For full info, including supported banks visit http://officialandroid.blogspot.co.uk/2016/03/tap-pay-uk.html

43 REPLIES 43

hrym
17: Community Champion
17: Community Champion

Very exciting.  I'll probably give it a few months to settle down and any security issues to be ironed out - if there are any.   I'm not sure how they're getting round that, given the huge variety of devices out there and that Apple have never offered it to anything other than the iPhone 6 (and presumably onwards).  As I understand it, the 6 has an area of memory that holds the card info and is separated from the operating system to prevent hacking.  I wonder whether there's some fancy footwork in Android N?  I also can't help thinking that a fingerprint reader may be a requirement.  If it was easy, it would have happened by now, wouldn't it?

Nabs
17: Community Champion
17: Community Champion

@hrym they have been using itin the US for ages, I'd be surprised if there will be any issues at launch.
As for security; contactless payments are more secure than a regular transactions as your card details are never revealed.
I don't know the details of how it's been implemented but I would assume they will be using the card emulation API's that have been built into the core OS for almost 3 years. It was all added in KitKat so any device running 4.4 or newer will likely be able to do it so no "fancy footwork" should be necessary. 

 

I was excited for this when it launched in the US last year, in the meantime Barclaycard have added the functionality to their Android app so I really don't have much need for it anymore. 

hrym
17: Community Champion
17: Community Champion

Absolutely, @Nabs, though card security is, I believe, different in the US*.   The fact that banks haven't been queuing up to support those wallet apps that are available at least suggests that there have been some concerns.  I wouldn't argue that contactless payments are more secure and I'm not suggesting that's the issue; rather that it probably relates to the identity of the card when it's stored on the device.   However that's done, it needs to be inaccessible by a hacker or malware.   And I'd be surprised if the fingerprint reader doesn't come into the equation.  Whatever it is Google have done, it's a pretty comprehensive list of banks that are behind it, so one has to assume they're happy.

 

* Interesting question: we're told that chip & pin is essential for security, yet I believe it's not implemented in the US (?)   If not, is card fraud rife there?   It seems unlikely that it is or there'd be no confidence in them.   The cynic in me says that C&P is mainly a way for the banks to shift the responsibility for fraud onto the user :smileymad:.

Nabs
17: Community Champion
17: Community Champion

The US does use Chip and PIN though I believe a lot of places still rely on the mangetic strip and signatures.
I think the concern is money focussed, It's not going to help their profits so why bother spending money implementing such a system. 

I'm not sure what you mean by the "Identity of the card" @hrym?
I would personally think that your card details encrypted on a phone would be more secure than the card itself, if someone were to steal the phone they couldn't use the cards, if they stole your wallet they could easily rack up a lot of sales.

hrym
17: Community Champion
17: Community Champion

I may be wrong, @Nabs, but I think I read somewhere that ApplePay stores the card as an encrypted token in an area of memory that's not accessible by the normal processes of the operating system, and that's why it's only on the 6 - earlier models don't have this in place or, come to that, the fingerprint reader (or is that on the 5 too?).

 

The simple fact of the matter is that any form of bank-suppported wallet has been slow in coming and it can't be for want of trying.   Whatever it is that Google have done, they've convinced the banks that the security is up to snuff.   I assume that there may have been a concern that, if even encrypted cards could be accessed, there was at least a theoretical possibility of their being cracked.  Either this has been addressed or an extra security measure has been added (maybe combined with the encryption?) and my money's on the fingerprint reader if that's the case.   We shall see soon.

 

I can't see AP being available on all devices and flavours of Androind, but it'll also be interesting to see a) how universal it is and b) how far back in the OS chain it goes.

 

If someone steals your wallet they can only rack up sales if they have the PINs (other than contactless).   Mobile payments are, of course, contactless and subject to the £30 transcation limit, which tends to limit potential liability.  But yes, it would be harder to do that with a phone that with a wallet, where you'd probably get two goes at £30 on each before pattern-of-use security started to cut in.

 

I'm not overly worried about security, but I might only put one card on the system to start with.  However, I am assuming that the banks have raised it and that Google have addressed it.

Nabs
17: Community Champion
17: Community Champion

@hrym wrote:

I may be wrong, @Nabs, but I think I read somewhere that ApplePay stores the card as an encrypted token in an area of memory that's not accessible by the normal processes of the operating system, and that's why it's only on the 6 - earlier models don't have this in place or, come to that, the fingerprint reader (or is that on the 5 too?).


I'm not sure how Anroid Pay stores the cards but it works on devices in the US that don't have the so called "secure element" that's needed for Apple Pay.


hrym wrote:

The simple fact of the matter is that any form of bank-suppported wallet has been slow in coming and it can't be for want of trying.   Whatever it is that Google have done, they've convinced the banks that the security is up to snuff.   I assume that there may have been a concern that, if even encrypted cards could be accessed, there was at least a theoretical possibility of their being cracked.  Either this has been addressed or an extra security measure has been added (maybe combined with the encryption?) and my money's on the fingerprint reader if that's the case.   We shall see soon.

I can't see AP being available on all devices and flavours of Androind, but it'll also be interesting to see a) how universal it is and b) how far back in the OS chain it goes.


I don't believe security is the issue, Banks are pushing people to use contactless payments, they prefer it, I actually get cashback if I do a transaction as contactless rather than the traditional means.
I personally believe it's down to a lack of being able ot agree a standard approach and/or the banks not wanting to spend the money on developing and supporting a solution.
I don't think the finerprint reader has anything to do with it. the Android Pay app works on any device running 4.4 or newer. Support for fingerprint readers wasn't added until 6.0, 2 years later!

 


hrym wrote:

If someone steals your wallet they can only rack up sales if they have the PINs (other than contactless).   Mobile payments are, of course, contactless and subject to the £30 transcation limit, which tends to limit potential liability.  But yes, it would be harder to do that with a phone that with a wallet, where you'd probably get two goes at £30 on each before pattern-of-use security started to cut in.


Wouldn't take someone long to buy lots of items worth less than £30 on contactless cards.
Mobile payment don't necessarily need to be subjected to the same restrictions as traditional contactless payment. I can make purchases up to £100 using the My Barclaycard app which is considerably more convenient!
A phone has (or should have) many layers of security from day one. Devices should be encrypted, they should have lock screens or patterns. On top of that I can remote wipe my phone in seconds if it gets lost or stolen, that option isn't there with a wallet.

hrym
17: Community Champion
17: Community Champion

I saw the bit about 4.4 later - yes, it does rather rule out the fingerprint reader.   I'd like to think that banks had at least some regard for security and that an unusual pattern of use on contactless (in this case related to frequency) would trigger a stop.   Though I think somewhere there was an admission that contacless payments could still go ahead even after a card had been reported lost, albeit they'd be refunded to the cardholder.

 

There has the be something that's delayed on-phone payments in the UK - after all, it's not as if all the parties aren't keen on the idea.

ad47uk
4: Newbie

Contactless is insecure, the card suppliers, took years to come out with a secure system in the UK, called chip and pin annd now they want us to use a card that we can just pop onto a termianl with no pin. Now Google wants us to take out a expensive phone in a busy store and do the same thing. 

 

Nope, I will stick with cash.

 

hrym
17: Community Champion
17: Community Champion

Such data as is available does actually suggest that contactless is quite secure.   I agree that chip and PIN isn't the panacea that the banks would have us believe, though, and that it was - at least partly - introduced as a way of transferring the responsibility for fraud onto the customer.