Here are some of the news stories that caught my eye this week.
Google says its Wallet is still safer than your leather one
Google’s mobile commerce team spent the week doing damage control after the revelation of security flaws. Last week, it was widely reported that engineers at Zvelo, which provides web-categorization services, had found vulnerabilities in Google Wallet that allowed an app they had written to expose the PIN and tap prepaid funds in the wallet. Google’s initial response was to advise users not to run Google Wallet on rooted phones, and be sure to have the screenlock on. But further work, as reported by Zvelo engineer Joshua Rubin, suggests that the hack requires root access, but not necessarily a pre-rooted phone: “While it is true that this PIN vulnerability requires root privileges to succeed, it does not require that the device be rooted previously.” Rubin’s post and a nice summary by Neil J. Rubenking at PCMag give a good picture of the vulnerability.
Security flaws like this feel inevitable to those accustomed to the ups and downs of web start-ups and the public bugs that accompany any release-early, release-often philosophy. They are, however, more alarming to those who work with banks, merchants, and anyone else who has experience moving money around. Bank Technology News captured the split between the two attitudes and cited Aaron McPherson, a practice director with IDC Financial Insights saying the recent security problem demonstrates “an almost cavalier attitude by non-payments companies toward protecting consumer security.”
Google wasn’t cowed by the charges, responding with a calm coolness and an insistence that, despite any flaws in its payments system, it’s still better than what everyone else is doing:
“Mobile payments are going to become more common in the coming years and we will learn much more as we continue to develop Google Wallet. In the meantime, you can be confident that the digital wallet you carry provides defenses that plastic and leather simply don’t.”
Buck enters the one-click mobile payment fray
Buck (previously Billing Revolution) announced a one-click credit card checkout for goods this week. Entering your credit card information once in the app allows you to buy with a single click at participating online merchants — providing you want to buy from Glamour magazine, Papaya Mobile’s social gaming network, or any of the other (relatively few) merchants now offering Buck.
If, on the other hand, you’re at your local Starbucks, you’ll want to pay with one click by unlocking your Starbucks mobile payment option, generating a 2D barcode, and holding it up for the cashier to scan. But suppose you were feeling too groovy for Starbucks this morning and you stopped at your local independent coffee house? Then you might want to pay with a single click with Square’s Card Case, providing your indie coffee guy has signed up for that. At Home Depot, you’ll want to use PayPal, at Macy’s you can tap-and-pay with Google Wallet, and you might need to pay with American Express to get the Foursquare deal that your local eatery is offering.
Mobile payment is exhausting in its current, fragmented state, but it will be interesting to see which systems gain critical mass. Recent web history offers some clues. It was not too long ago that a half dozen search engines, including AltaVista, Yahoo and AskJeeves competed for your searches until one company offered a simpler way with more effective results. And five years ago there were a handful of social network sites competing for our profiles, including MySpace, Orkut, and Friendster, until Facebook rose on a platform of sharing photos, social games, and an easy interface. So which mobile-payments option will find the right combination of security, usability and adoption first?
Adele scorns freemium model
Freemium may be the up-and-coming dominant model in mobile apps — particularly in games — but not everyone is in love with the concept. Adele, who just took home six Grammy awards, declined Spotify’s request to stream her award-winning album “21″ on its service. According to Austin Carr on Fast Company, the reason is that Spotify offers two tiers of service: a free ad-supported service and a premium one without ads. Adele was willing to let “21″ stream to Spotify’s paying customers, but not to those riding for free. Spotify, which doesn’t offer different libraries for its two tiers, couldn’t accommodate the request. So while you could buy “21″ on iTunes or hear it on Rhapsody (where everyone pays to stream), you can’t hear it on Spotify. But, as Carr points out, with a 20% conversion rate of free subscribers to paying ones, who can second-guess Spotify?
News tips and suggestions are always welcome, so please send them along.
If you’re interested in learning more about the commerce space, check out DevZone on x.com, a collaboration between O’Reilly and X.commerce.