Why the Windows Phone 8 digi-wallet is different to the others
Plays nicely with others, unlike Apple and Google
Analysis Windows Phone 8 will have an electronic wallet, but one which spans the functionality of Google Wallet and Apple's Passbook, and plays nicely with the network operators too.
Demonstrating the Near Field Communications (NFC) capabilities of Microsoft's new phone OS Joe Belfiore couldn't demonstrate pay-by-bonk, as he didn't have a suitable SIM handy, but that deficiency may be what pushes Windows Phone 8 to the front of the queue when it comes to paying for stuff with a mobile phone.
The good Mr Belfiore did demonstrate NFC-enabled business cards, picking up a URL from an NFC chip embedded in a copy of Wired and setting up a peer-to-peer Wi-Fi link to play a Scrabble derivative, but despite flashing a wallet boasting credit and debit cards from Chase he could only use them online as his SIM didn't have the requisite secure element for paying with a tap of the handset.
As well as a short-range radio connection, paying by bonk needs a secure location in which to store the cryptographic keys (and do the encryption) used to authenticate payments, but where that secure location goes is still the subject of intense, and increasingly political, debate.
Mobile network operators reckon the SIM is the perfect place - it's already secure and if the customer changes handsets then their wallet comes with them - but that puts the payment schemes firmly under the control of the network operator and if customers change networks then they'll have to manually move their wallets.
Google's compromise is to have one secure element in the phone (under the control of Google) but still support a SIM-based secure element if that's what punters want - while reminding them it's not something they need. The Android Wallet application will merge the two so punters shouldn't see the complexity, but when they change handsets (or operators) it might become more obvious.
Microsoft, by contrast, is leaving the pay-by-bonk business to the network operators, and has signed a deal with Orange for the first deployments in France though other operators should be quick to jump as their collaborative efforts to create standard platforms come together.
In the US that's under the ISIS brand, in the UK it's known as Project Oscar and is being challenged by Google and PayPal who've complained that their inability to use the SIM is anti competitive. Both ISIS and Oscar will store coupons as well as credit cards, which is important as the Coupon business is considered hugely important to those who make, or intend to make, money from advertising.
Delivering discounts to mobile phones is big business, with market-leader Groupon floating last year with a value of more than $12bn. Having given up on getting a cut of the transaction fee the mobile operators are now hoping that coupon revenue will fund the deployment of NFC handsets, but that's not going to happen if Google and Apple are in control.
Google and Apple both see the coupons section of their e-wallets as critical revenue streams (Apple's wallet contains only tickets and coupons, for the moment at least) but Microsoft seems happy to let the network operators compete with app providers for that market rather than running their own couponing service.
Windows Phone 8 provides a consistent interface, not a competing service, and that could be as critical as any other feature Windows Phone can boast. ®
Re: not without some justification
It's probably worth adding a bit of information on some of the security measures about contactless payment (or what we expect to be the measures in implementations such as this). For a start, systems like this are in place and in use in places like Japan or China. In some places, people will just walk on and walk off a bus without having to worry about talking to the driver or fiddling with coins. Ditto all sorts of other use-cases. The thing with instances like this is that they are all low-cost items. People are willing to accept the security risk when it might mean they lost £5 or less in exchange for trouble-free experience the rest of the year round. If something tries to charge you £20 or £50, that's not going to go through without you entering a pin or approving it in some way. Similarly, these devices wont allow massive and rapid deduction of small amounts either - so that's not a way round this. If someone follows you round all day and bumps into you every twenty minutes, sure, they might get a larger sum off you. But most people would notice.
So instead, people wanting to exploit this would be trying to skim small amounts off large numbers of people. People are more willing to tolerate this risk than anything that is large scale to themselves. They might rightly point out that they're more likely to lose a physical fiver from their pocket as to get robbed of the same.
The attempt to skim small amounts off large numbers of people is problematic in the first place anyway. For a start, whilst the chance of someone reporting (or noticing) a fiver lost is much lower than them reporting £400 lost, the chance of someone in a hundred victims noticing and reporting is almost a certainty. And once that happens you have a problem. Because this isn't physical money. It is inherently traceable. That loss that someone reported isn't a missing fiver, it's a record of a transaction from them to thee. If you want to steal money this way, you first off have to be able to fool the proximity of the device (possible, but you need to be able to get away with getting your device in a few centimetres of other people's devices repeatedly and potentially triggering whatever security measure they have on that - e.g. a motion-sensor based bump trigger they have to do with their phone by tapping it against the receiver). Even just identifying which users have a suitable and enabled device in their pocket is a technical challenge unless these things become ubiquitous. And once you've done this, you're in a race to get that money out of the receving account and somewhere safe before either someone reports it or (more likely) an automated system notices and raises an alarm.
You need a business account that is approved for receiving funds by some reputable bank. So you're already moving into money laundering to enable you to steal money this way. You need to be able to get the money from that account quickly. And the limits on the amounts people can transfer this way without PIN or similar are low so the quicker you acquire money, the faster you set off alarms, get the account frozen. And then if you want to do it again next month, you'll have to be trying to set up a new approved receiver, etc.
The main scope for abuse of this is a legitimate seller of a service over-charging people and hoping they don't notice. But someone will and at that point it's quite easy to reverse the process and give the money back to everyone who was overcharged. Much more feasible than tracking down a few thousand visitors you had to your bar / shop / train / whatever over the course of the past year and each giving them their £2 back. And thus much more likely to be forced to do it (plus any applicable charges).
And when all that is done and taken account of, banks and credit card companies will want to use this system because it leads people to think less before spending so they will happily absorb these low risks by guaranteeing to cover your losses if there's a problem, just as they do with credit cards and for the same reason. What does MasterCard or Visa care if they have to cover the occasional small loss? If they didn't provide this service, people would move to someone who did. and in the meantime they'll rake it in. And they'll happy crash down from a great height on your behalf upon anyone who uses this system to defraud you.
Although I instinctively distrust this system because it rings all sorts of alarm-bells, on a society-level, it's probably fine and safe and the individual risk is low. It might even be safer if it means a mugger has to be a professional money launderer in order to rob you (or else march you to the shop to buy things for her). I'm more personally concerned about privacy implications than security. Which gives me small relief in seeing that MS are partnering wth your choice of backer rather than, e.g. Google with GoogleCheckout or a proprietary one with Apple. Or (Hell no!) PayPal. It looks like you'll be able to use or not use which you want. And I'd prefer doing business with a company that just wants my money up front, than think they can make money off my data.
WP8 can't be installed on my iPhone4 either, my next phone will be a WP8 phone.
Everyone with an 800 will get WP 7.8, which is the shell and some default applications from 8.0 ported back to the 7.x release. ( http://conversations.nokia.com/2012/06/20/nokia-at-the-windows-phone-8-unveiling/ ).
If you want to try it, then Nokia have stated that you will be able to install 8.0 at your own risk on the 900 models (which is pretty much the same spec as the 800), but performance may suffer and you won't get official support.
Not much different to the situation you'd be in with Android, to be honest.