Visa has made a number of announcements around mobile payments yesterday. This list is quite impressive, because it spans quite a large number of activities.
Let’s start by the story with Nokia. It is built around the upcoming Nokia 6212 Classic, a device that supports NFC, and on which interesting Java applications could be built using JSR-177 (to access secure elements) and JSR-257 (for NFC communication). I did not find out whether or not it includes an embedded secure element, but previous Nokia models did, so it remains a possibility, especially as Nokia wants to supports its Venyon joint venture. But security is mentioned several times, like in this quote:
Putting Visa payments and exciting new services into the NFC-equipped Nokia 6212 classic adds another layer of convenience and security for Visa account holders and Nokia customers around the world.
So, this is a classical announcement of mobile payment experiment, without anything serious.
Then, there is an Android announcement. This one, of course, is more exciting, especially for the proud owners of G1 phones who happen to have an account at Chase bank. These lucky few will be able to get notified when they make a transaction with their card (or more importantly, when somebody else makes a transaction with their card), to locate Visa ATM’s near them (not very useful in downtown San Francisco, but definitely useful in downtown Tokyo), or even to get location-based advertising with special discounts (this one would scare me, but I may not be representative).
This announcement may actually be reassuring for the security community. These applications are nice, but they remain at a far distance from actual mobile payments. The Android API does not yet support NFC, nor does it support any access to a secure element. So, the applications have nothing to do with security.
Finally, there is the U.S. Bank announcement. Customers of this bank will be able to transfer money directly to another Visa account at the same bank using their mobile phones. In that case, the transfers will be performed through mobile Web browsing. This is a pilot, and it actually involved several banks, but this is hardly new, as fund transfers from Internet are not new, even if Visa defines a more usable mobile interface. For the security community, this is a good reminder that some applications do not require a large array of security features, and that they could nevertheless be very popular.
So, which news is the most exciting here? The two first ones are interesting ideas, but any announcement that requires you to buy a specific phone model or to have an account in a given bank, or to use a given mobile operator, have a very limited impact. These may be interesting pilots, but we will need more interoperability to be major. The last one is much better, because it involves several banks, and uses an interface that works on many phones. But then, what it announces is not new.
In the end, all of this tells us that NFC is still not mature, and that with Android joining the iPhone, we are now getting several exciting mobile application platforms that will compete for the best applications.