The headline is a catcher: A Visa spokeswoman said her company does not see phones replacing cards for in-person purchases; instead, Visa thinks that mobile payment “will be mostly a value-added channel to provide information about a payment instead of replacing the payment itself,” at least in the United States. Now, that explains a lot of things about their recent announcements, which were all on that line of thinking. Another very interesting thing is the reason for the U.S. problem. Visa blames it on the fragmentation of software among carriers (it is not clear whether this targets their network software for deploying the applications, or the handset software for running them. Nevertheless, this is spot on.

This bold statement is softened a bit by stating that other situations may prevail elsewhere. In particular, Africa has more phones than bank accounts, and mobile payments could work very well there. Similarly, in Japan, it has already started, and this could spread to other Asian companies that have widely deployed contactless payment. Europe is not mentioned, so the question is to know whether it is close to the U.S. (an existing payment infrastructure that needs to be replaced, in particular the readers), or like Asia (a country with significant smart card deployment and an infrastructure that can be easily upgraded).

Well, I don’t know. But among all the hype about mobile payment, it is refreshing to see somebody take a position that is not entirely consensual among the lines “it will work, it will work” where all indicator show that there is at least a significant delay before that actually happens.

One last thing, which reminds us that this is corporate communication, and that Visa is working with Google. It seems that they are presenting Android as a way to address the fragmentation problem. Like, I introduce yet another system, and fragmentation goes? That’s an interesting view, but it looks a bit biased to me. I would rather say that fragmentation is here to stay, at least for a while.

Let’s start by the story with Nokia. It is built around the upcoming Nokia 6212 Classic, a device that supports NFC, and on which interesting Java applications could be built using JSR-177 (to access secure elements) and JSR-257 (for NFC communication). I did not find out whether or not it includes an embedded secure element, but previous Nokia models did, so it remains a possibility, especially as Nokia wants to supports its Venyon joint venture. But security is mentioned several times, like in this quote:

Putting Visa payments and exciting new services into the NFC-equipped Nokia 6212 classic adds another layer of convenience and security for Visa account holders and Nokia customers around the world.

So, this is a classical announcement of mobile payment experiment, without anything serious.

Then, there is an Android announcement. This one, of course, is more exciting, especially for the proud owners of G1 phones who happen to have an account at Chase bank. These lucky few will be able to get notified when they make a transaction with their card (or more importantly, when somebody else makes a transaction with their card), to locate Visa ATM’s near them (not very useful in downtown San Francisco, but definitely useful in downtown Tokyo), or even to get location-based advertising with special discounts (this one would scare me, but I may not be representative).

This announcement may actually be reassuring for the security community. These applications are nice, but they remain at a far distance from actual mobile payments. The Android API does not yet support NFC, nor does it support any access to a secure element. So, the applications have nothing to do with security.

Finally, there is the U.S. Bank announcement. Customers of this bank will be able to transfer money directly to another Visa account at the same bank using their mobile phones. In that case, the transfers will be performed through mobile Web browsing. This is a pilot, and it actually involved several banks, but this is hardly new, as fund transfers from Internet are not new, even if Visa defines a more usable mobile interface. For the security community, this is a good reminder that some applications do not require a large array of security features, and that they could nevertheless be very popular.

So, which news is the most exciting here? The two first ones are interesting ideas, but any announcement that requires you to buy a specific phone model or to have an account in a given bank, or to use a given mobile operator, have a very limited impact. These may be interesting pilots, but we will need more interoperability to be major. The last one is much better, because it involves several banks, and uses an interface that works on many phones. But then, what it announces is not new.

In the end, all of this tells us that NFC is still not mature, and that with Android joining the iPhone, we are now getting several exciting mobile application platforms that will compete for the best applications.