Here’s what caught my attention in the commerce space this week.
Verizon to Google: Leave your Wallet at home
Verizon’s decision not to support Google Wallet in a new NFC-enabled phone renewed concerns that the mobile payments landscape is in for a long turf battle. Samsung’s Galaxy Nexus, an Android-powered phone in all other respects, won’t support Google Wallet on Verizon because, the carrier says, Google Wallet differs from other apps in that it interacts not only with the operating system but also with “a new and proprietary hardware element in our phones” — presumably, the NFC chip.
Few thought that was the whole story: the consensus among observers was that Verizon won’t ship Google Wallet because it’s one of the founding partners of Isis, a competing mobile-wallet solution. Isis isn’t on any phones yet, but it’s planning trials in Austin and Salt Lake City later this year. Verizon teamed up with fellow telecoms AT&T and T-Mobile, along with Barclaycard US and Discover Financial Services to launch the Isis effort last autumn. Since then, Isis has signed agreements with the other major credit card services to collaborate on development.
ZDNet’s James Kendrick said it’s not just about Isis, but about how much Google should pay to reach a new, large pool of customers: “Google will have to pay Verizon to play.” And besides, Kendrick wrote, Google has a deal with Sprint right now — though it’s going to be a long, cold winter for Google if that agreement keeps it off the other major carriers.
This fragmentation is likely to be the case for a while, noted Rebecca Greenfield at The Atlantic. Mobile wallets are probably fine for enthusiasts and early adopters, but mainstream shoppers won’t take it too seriously until they know they can use their mobile wallets in most of the places they go. “[W]e won’t leave our wallets at home until we get a cord-cutting equivalent,” Greenfield wrote. “For now, users either have to load a smorgasbord of mobile payment apps, or settle for the current half-hearted solutions.”
Crooks take swipe-and-pay literally
In a reminder that unattended payment points — such as pay-at-the-pump terminals, ATMs, and self-serve check-out lanes — are weak links in the payments security chain, shoppers at Lucky supermarkets in Northern California appear to be the victims of criminals who tampered with card readers to skim debit card and PIN data. As of Tuesday, police in Petaluma, Calif., had 112 reports from customers of the local Lucky who reported unauthorized withdrawals from their accounts.
SaveMart, Lucky’s parent corporation based in Modesto, Calif., said on its website that it discovered breaches back on November 23 and replaced compromised card readers at 20 stores. Unfortunately, they missed a few stores, including the one in Petaluma.
It’s not clear yet what method was used to skim the data and the PINs.
BankInfoSecurity.com reports that there are several ways to capture the PIN, including compromising the PIN pad hardware inside the box. In that case, it’s also possible that Bluetooth technology could be used to transmit data to a laptop in a car parked close outside. Michael’s craft stores were hit by a similar breach last May, causing that company to replace 7,200 PIN pads.
“Criminals realize that retailers are understaffed to the point that swapping out a [point-of-sale terminal] will go unnoticed,” McAfee consultant Robert Siciliano told BankInfoSecurity. “Once they determine the make and model of an easily swappable device, they target a chain they can easily comprise.”
Starbucks succeeds with payments, moves on to augmented reality
Starbucks said it has processed more than 26 million transactions on its mobile app since launching it last January. The novelty effect appears not to have worn off: in the first nine weeks of the program, there were three million transactions. For the nine-week period starting in October, there were twice that number. The Starbucks app is a nice example of what’s possible with lightweight payments when you have complete control of a closed-loop system. Customers can load up a Starbucks card by credit card online or at a store (with cash or credit). They can draw off that card’s credit by clicking a button on the mobile app, which displays a barcode that Starbucks’ cashiers scan to debit the card.
But payment is just one part of Starbucks’ mobile strategy. In November, it introduced Cup Magic, an augmented-reality application that lets users interact with characters on its red holiday cups and on displays in its stores. After launching the associated iOS or Android app, you find drawings of the characters and view them with your phone’s camera. The app identifies shapes in the characters and launches simple interactive animations, like snowflakes falling and the characters playing.
When I first read the release, I thought it was yet another way for customers to engage with their phones rather than anyone else in the store. But when my daughter and I went to a nearby Starbucks to try it out, just the opposite happened: a crowd of curious customers gathered around to see what we were laughing at. Some downloaded the app right away and began doing the same. The two cashiers, who were unaware of the app or the secret behind the character drawings, demanded to know what we were all doing. When we explained, they agreed it was pretty cool and helped us locate the other characters in the store. As we drove home with her hot chocolate, my daughter explained to me how each of those people in the store would probably go home and tell a few other people about what they saw at Starbucks this evening. I smiled and thought to myself: a viral marketer’s dream.
News tips and suggestions are always welcome, so please send them along.
If you’re interested in learning more about the commerce space, check out DevZone on x.com, a collaboration between O’Reilly and X.commerce.