I've been reading about the cool new thing called AndroidPay and have been wondering about why there has been so much of speculation about what it is. From what I can see and reading between the lines of the official Google posts, its essentially no different from ApplePay - just that its now available on Android.

But the real point here is that is exactly why its a BIG deal. ApplePay & AndroidPay are a convergence of approaches - across plastic cards and mobiles - and for once the payments industry which was held back by fragmented approaches and standards truly has an opportunity to move forward. Let me explain the core tenets of the two systems and some of the minor differences between them.

1) Tokenization

With mobile payments, consumers always are concerned if their primary payment card (credit or debit or prepaid) is being compromised. What happens if the card is stolen? As suchVisa/MasterCard/AMEX/Discover came up with the concept of a token which is an alternate card number that is a proxy to the original card number. This unique card number is ONLY issued to your mobile phone via the ApplePay/AndroidPay app. However think of it as an add-on card to your account. It hits the same balance.

The standard for tokenization is just a Visa/MasterCard/AMEX/Discover standard - has little to do with either Apple or Google.

The token is issued by whoever issued the card to the consumer - i.e. the issuing bank. So when people say its only in the US, it just means that the banks that have started issuing the Tokens are currently only in the US. Over a period of time, banks around the world are expected to implement this standard. (More later on how Visa/MasterCard have made it simple for banks to implement tokenization).

Note that this token itself is STATIC. It isn't transaction specific.

2) NFC-based payments for Face 2 Face - based on the EMV/NFC standard

Both ApplePay & AndroidPay use NFC for face2face transactions using the EMV standard (PayWave for Visa and PayPass for MasterCard). Its therefore no wonder that it automatically works on on all existing EMV/NFC terminals around the world. Neither Apple nor Google is actually involved in the processing of the transaction - which is why they say "we do not know who you are paying and how much". However once a transaction is successful, the response comes back to the user's phone in the ApplePay and AndroidPay apps - so they do know what you spent and where!

The EMV/NFC standard also requires a unique code (called a cryptogram) to be generated for each transaction - the token itself is static but the transaction data is made unique by the addition of this cryptogram.

3) Secure Element

In order to do NFC based payments, two things are needed, a secure element to store the "tokens" and to generate the cryptogram and the NFC Antenna for communication. The secure element is essentially the same as the chip in the chip cards. The secure element is one where the token is stored.

One difference between ApplePay and AndroidPay is that in the former, the phone already has the secure element. Therefore all ApplePay phones can do transactions without any Internet connection.

However, having a phone with NFC doesn't mean that you automatically have a secure element - in fact most Android phones in the market don't. Therefore Google and Visa/MasterCard/AMEX/Discover came up with a standard called Host Card Emulation (HCE) - that allows a secure element in the cloud. In such cases the phone must be connected to the Internet so that the cryptogram can be generated. I also expect that in due course, all Android phones will have a built-in secure element - and HCE will not be required.

4) Fingerprint authentication is a smoke-screen

At the end of the day none of the banks care about fingerprint authentication of Apple or Google or Samsung.The only thing that the banking systems rely on are the Token and the Cryptogram. Even in India, RBI has allowed transactions up to Rs. 2000 without 2nd factor authentication.  

The fact that Apple is doing the FingerPrint authentication is largely irrelevant - its purely for consumer comfort. Technically in India, its likely that transactions more than Rs. 2000 will not work with ApplePay unless a PIN is entered or unless the issuing bank and/or RBI accepts Apple's fingerprint authentication mechanism.

5) Support for Internet payments

Both ApplePay & AndroidPay support the token being used by other applications on the mobile phone - and by extension the desktop Internet for payments. This is also an awesome development for all of us in the industry as there is a convergence of approaches.

Indeed, with ApplePay & AndroidPay we finally have a converged standard, and it will indeed be a good thing for the industry. AndroidPay is a clone of ApplePay with a few OS specific quirks - but its great for the banks that a common implementation has emerged across plastic and operating systems.

As a long-time mobile payments afficionado, I can't wait to see such payments take-off - FINALLY!

Kudos to Visa/MasterCard/AMEX/Discover as well as Apple/Google for making this happen - and I can't wait to see the proliferation around the world. I fully expect and hope that China Union Pay and India's RUPAY will also extend support for EMV/NFC, so that there is one robust and globally accepted standard for the future.

Go Mobile Payments - your time is NOW!

Side note: Regarding the rumors of people being use the AppleWatch payment in Singapore or ApplePay or AndroidPay in other parts of the world - of course they will work, as long as the Token was issued by a US-member bank that is already on ApplePay. The terminal in Singapore is just one that supports EMV/NFC. This isn't magic - its how its supposed to be!

About the Author - 

Sanjay Swamy is an Entrepreneur & Early-Stage Fintech Investor! #DigitalPayments & #Financial Services Fanatic! #IndiaStack_Evangelist!

This article was originally published on Linkedin