I’ve been dropping a lot of hints about my journey to rid myself of Google’s Android on my Pixel 8 Pro lately, a quest which grew in scope until it covered everything from moving to GrapheneOS to dropping Gmail, from moving to open source “stock” Android application replacements to reconsidering my use of Google Photos, from dropping my dependency on Google Keep to setting up Home Assistant, and much, much more. You get the idea: this has turned into a very complex process where I evaluated my every remaining use of big tech, replacing them with alternatives where possible, leaving only a few cases where I’m sticking with what I was using.
And yes, this whole process will turn into an article detailing my quest, because I think recent events have made remocing big tech from your life a lot more important than it already was.
Anyway, one of the few things I couldn’t find an alternative for was Google Pay’s tap-to-pay functionality in stores. I don’t like using cash – I haven’t held paper money in my hands in like 15 years – and I’d rather keep my bank cards, credit card, and other important documents at home instead of carrying them around and losing them (or worse). As such, I had completely embraced the tap-to-pay lifestyle, with my phone and my Pixel Watch II. Sadly, Google Pay tap-to-pay NFC payments are simply not possible on GrapheneOS (or other de-Googled ROMS, for that matter), because of Google’s stringent certification requirements. Some banks do offer NFC payments through their own applications, but mine does not.
I thought this is where the story ended, but as it turns out, there is actually a way to get tap-to-pay NFC payments in stores back: Garmin Pay. Garmin offers this functionality on a number of its watches, and it pretty much works wherever Google Pay or Apple Pay is accepted, too. And best of all: it works just fine on de-Googled Android ROMs. Peope have been asking me to check this out and make it part of my quest, and ever the people-pleaser, I would love to oblige.
Sadly, it does require owning a supported Garmin watch, which I don’t have. To guage interest in me testing this, I’ve set up a Ko-Fi goal of €400 you can contribute to. Obviously, this is by no means a must, but if you’re interested in finding out if you can ditch big tech, but keep enjoying the convenience of tap-to-pay NFC payments – this is your chance.
It’s not that I love cash, it’s that I hate using something as in-appropriate as a cell phone as a payment method…. It makes me feel like walking into stores with my laptop and trying to rub it against the counter and looking confused. Credit cards are in fact perfect for people who want to subject themselves to not being able to pay for gas in a power outage. We don’t need to complicate that further.
How often are you in situations without power? Also there are battery powered CC acceptors out there that work on ipads & the like. Google/Apple Pay make the transaction safer as the payment information is not usable by anyone else who captures it. Its locked to that device, and by a Pin/face/fingerprint.
I’ve also run into more than one… server down situation, Chinese restaurant that does not take anything but cash, or just a random person on the street I want to buy something from, discount for cash gash station, to always carry cash too.
Bill Shooter of Bul,
I consider this a huge failure of MC and Visa to secure payments. The cryptography required to solve all of these problems evolved decades ago and yet we’re still so vulnerable to skimmers and merchant database leaks. It’s totally insane that the credit card industry works this way and requires so many entities to be trustworthy.
There are good solutions to this that can be implemented in a genuinely vendor neutral manor with cryptographic guaranties. But instead we’ve got credit card and tech companies who are only out for themselves and don’t want interoperability or even security…it’s so frustrating to know there are good solutions and yet be continually held back by selfish business interests.
What really gets me about this is the strict requirements the credit card companies place on retailers via PCI compliance (which I’m not complaining about, retailers do need to be proactive about security), yet their own systems are outdated, flawed, and highly vulnerable, at least here in the US. Every time I use one of my cards at a contactless or chip reader and either it goes through right away or else gives me an option to “bypass PIN”, I roll my eyes. The PIN exists for a reason, why on earth would I want my card to be able to work without a PIN if it’s stolen? It’s not even an inconvenience, it’s a four digit code! It’s no wonder us Americans are stereotyped as lazy and stupid.
I have never seen this in Europe (well for the last 10 years). My understanding is that in the USA many retailers actively block upgrading to PIN and/or extra checks because (and this is only something I read online somewhere, I could be wrong) in the current unsafe situation, when you have the signed payment slip, if any fraud occurs, the retailer still gets the money from the card vendor, it’s garanteed.
Apparently there is resistance because in the electronic safer situation there is no hancock, the retailer wouldn’t be refunded by the card vendor. Or so is the fear. Hence the slow adoption.
> if any fraud occurs, the retailer still gets the money from the card vendor, it’s garanteed.
As far as I remember in Europe it was the other way – if fraud occurs with Chip-and-PIN, then merchant is refunded, otherwise ancient magnetic stripe transactions frauds are on merchant. This caused magnetic stripe payments to die quickly. Hard copy of credit card and chequebooks (whatever that was) were never a thing in Poland.
When “amazing” Apple Pay was introduced, in Poland nobody cared, as it was nothing new. PayPass (contactless payment) was already widely used and accepted. Currently banks start accepting 2FA devices such as YubiKey as option to protect your account – you need HW key to access your account website from a web browser. All banks support BLIK and contactless payment via phones, as it pretty much requirement from customers.
Morgan,
Yeah, I don’t mind “PCI compliance” in principal, but the problem is that it puts the onus of security on merchants who have no power to fix the brokenness of the system. They are forced to use a system that is inherently broken. This aspect of credit cards has always rubbed me the wrong way. It’s the credit card companies themselves who are at fault and merchants have no power to fix it at all. If the CC companies who built these systems were held legally responsible then suddenly all the security issues would get fixed. PCI compliance is about shifting responsibility to others without fixing the system.
I was looking up if there were differences between the US and other European countries and I didn’t realize that we pay credit companies so much more than in the rest of the world…
https://merchantspaymentscoalition.com/wp-content/uploads/2022/09/MPC-CompanyLetterInSupportOfS4674-House.pdf
@Alfman
I don’t think many people in Europe use credit cards anymore. There’s almost no benefit to using one and consumers know that it’s more expensive for retailers than debit cards. If credit card companies wouldn’t offer free insurance or airmiles I think nobody would use them. I still have a credit card (30 euro tax fee per year!) but want to get rid of it but the bloody car rental companies insist that I need one to rent a car!
Wondercool2,
That makes sense. But to understand the US market you need to know that the CC terms prohibit our merchants from charging different prices for customers using credit cards. This means you can’t save money by paying using cards (or cash) that charge fewer fees. This means that customers would pay the exact same price at the register regardless of the fees tacked on for credit cards. Even in the US many consumers don’t realize this is going on behind the scenes, but it has a drastic impact on consumers willingness to use credit cards with high fees in general.
I’d love for there to be open federated standards that eliminate middle men altogether, but if we’re going to be forced to live with these middlemen, then at the very least regulators should be putting a stop to the anticompetitive practices so we can get some damn competition. It’s incredible how little our government has done for so long. Their de-regulatory positions have resulted in widespread abuse by financial cartels holding everyone hostage.
These anti-competitive terms are finally starting to be fought in some states and more merchants have started to charge different prices to account for the CC overhead. I guess europeans might take this for granted, but these developments are important for us in the US in at least two ways: 1) spread awareness of how much CC companies have been ripping us off, and 2) give consumers choices that reflect this overhead.
In my country (in Europe) when a company webshop allows payment by CC, they usually just defer to a specialize company who handles the CC part (just like oAuth2, OpenID Connection, etc.) also do logins.
Are you saying this is not common in the US ?
I guess because a limited number of people have CC here, the overhead of such a company isn’t a problem
Lennie,
The normal practice is for merchants to take credit cards directly on their website. They take the CC typically using a plugin for the ecommerce software but I’ve also written custom websites using a backend API for merchant services. If it redirected to a 3rd party website, some customers might find that fishy. I don’t come across it often.
not to mention that they won’t share your real CC number but create a random one on the fly for that transaction, that’s also another layer of security
lucac81,
Therein lies the problem. There should not be a “real CC number” at all. There should a cryptographic transaction that records the fact that there was a transaction between yourself and the merchant. But even if the merchant’s data is 100% leaked that would not lead to others being able to draw on your account because in a good system merchants
can never sign for you even with all your details on record. This flaw could have and should have been removed decades ago.
Signing requires cryptographic keys and 2fa authentication access that merchants would never posses at all. The computer science cryptography required for this to work securely is well established and it would not take much effort to create a secure system for transactions….but our credit card companies have been complicit in keeping things broken and insecure. I believe this is partly due to their maligned incentives; their terms and conditions with merchants reward themselves for fraud – fraud is actually profitable for them because they get fees whether a transaction is fraudulent or not (IMHO this is a big part of the problem, not sure if EU is different on this).
Its a worthy goal, There is one snag I see … Garmin Pay like Google and Apple pay requires the participation of the issuing bank. So the challenge is not finding a store that accepts it, but a Card that does. I’m not sure how many banks have signed on to allow for Garmin Pay. Is Garmin a popular watch choice in Europe?
Their list of supported banks and cards seems quite extensive.
https://www.garmin.com/en-US/garminpay/banks/
They have the large ones, which is nice. Some of my banks are there, some aren’t. If yours are, go for it.
Neat that there’s a different company offering a tap-to-pay wallet…but it requires a Garmin smartwatch device. And only those. So doesn’t seem like your _phone_ will work. You almost will still need to carry your credit cards around (which all have a NFC tap to pay now?) anyways, because if you forget to charge your watch or something, you’ll be screwed and unable to pay anything if your watch dies or something.
The other side needs to support it as well. I use fitbit pay for example – it finally supports my card. But it fails at almost every vendor…
Depends where you live now, but in Sweden most banks have their own apps which work with NFC and you can pay without google or apple services.
When Wal-Mart first launched Wal-Mart Pay I assumed this is what they would do. Instead their app allowed registering a credit card. So I can’t imagine they’re realizing any less interchange or other fees than if customers simply paid via card directly. They and other companies (or banks as you stated) should do like Sweden and skip interchange and/or NACHA fees.
Donated, I’m looking forward to the results! I have a semi-smart watch, it’s the Amazfit T-Rex 2, it’s pretty good for what is essentially a fitness watch, but I’d love to find a good replacement that is closer to what you get with the Apple Watch or Pixel Watch without Apple’s or Google’s shenanigans attached to it. The Garmin watches are fairly expensive but sometimes you just have to pay more for a better experience.
I admire the dedication, but not for me personally. I’d love a de-Googled world but the problem is there are no controls. If you buy it and it works now, there’s every chance it’ll require Google services in the future. Just like your ‘support robot’ article from the other day, they can shift the goalposts any time they want.
Hey Thom,
I have more than enough loyalty points to donate a supported watch.
Just a matter of shipping it from Canada.
This is what is available to me.
https://rewards.airmiles.ca/merchandise/search?q=garmin
what puzzles me is that you basically just move the problem into another tech giant.
This is really something that should be delivered by CC companies and be platform agnostic
lucac81,
Indeed. This problem stems across a lot of technology. We have all these middle men not because they are important or necessary, but because of network effects that keep everyone trapped. The ideal situation would be a 100% open, secure, and agnostic standard using a federated network that does NOT go through 3rd party transaction processors. There’s no reason for them to exist. They exist today in order to tax your transactions, which is their whole business model, but such middle men are not really justified in an ideal system based on necessity.
We could build a federated network without these middle men, but unfortunately the companies with the reach to do this, like apple and google, aren’t interested in open standards and networks….they want to become middle men too.
In short, this is the reason why technology is the way it is. Open standards and federated networks can solve these problems, but powerful & influential companies would rather continue the problem and generate profits than solve the problem.
CC companies are also a tech giant. Money should be issued and controlled by governments and government banks. Better even, if those governments are actually democratic.
Apple and Apple-centric news likes to refer to an EMV payment terminal which supports RFID and NFC communications as an “ApplePay Terminal”. The terminal just carries out a conversation via NFC frequencies and protocols. I believe the terminal can’t even tell the OS of the phone or other device which transmitted a virtual PAN to it via NFC.
I never got the concept behind NFC tap-to-pay via smartphone or smartwatch. If my smartphone and smartwatch battery dies (realistically first the smartwatch then the smartphone), I’m supposed to stay without money too? At least a contactless card is something that works without a battery, so you can always take a taxi and return home.
I can’t wait for the NFC tap-to-unlock-home-door feature.
There is one standardized way to use NFC and that’s a bank card. Every variant of a virtual bank card that relies on particular technology that is tied to a single company is nothing more than an experiment. I wouldn’t consider using it as long as there is no generic mechanism to implement this.
Garmin being less big than Apple or Google doesn’t really technically change that there’s still a lack of a generic standard. I hope you are careful to avoid having a new dependency by leaving an prior one.
You don’t need to spend money on a Garmin anything. Check out Curve. International payments is really their thing, but it also works fine and fee-free domestically. Curve acts as middleware between any Visa/MasterCard card and a ton of NFC payment rings, watches, and other devices.
1. Buy a phone case
2. Put contactless debit/credit card in the back of the phone case
3. Tap your phone against the card reader
Now you paid with your degoogled smartphone.
Simple as.
Genius. And if your phone is dead, it still works!