Centralization is looming
The European, or traditional smart card, way is to ensure security and privacy by having user-related data stored securely in an object owned by the user. This used to be a smart card, and is now increasingly becoming a handset.
The American, or networked, way is to store user-related data on a server, and make is readily available everywhere thanks to fast and ubiquitous networks.
These different approaches are the original reason why EMV cards developed in Europe, and are still in infancy in the US. It is also the reason why GSM was set up from day one with SIM-based security, and CDMA was relying on a network –centric method. Even in the Identity field, the European view is to build an ID smart card containing data and services for end users, whereas the US view as evidenced by WHTI is to have a central database of identities, and use the card (with long distance RFID) as a means of access for these data.
Now, with the recent NFC announcements, we are witnessing a new occurrence of these divergent views. Google announcement (cf. Focus) positions NFC payment as an extension of their advertising business, which is based on identifying each customer behavior, in all details, including geolocation, in order to deliver one-to-one targeted advertising. Also, Square has a totally centralized vision when it proposes to store cardholder details on a centralized database, and to make them available (including the photo of the user) to merchants at transaction time (cf. Payment section).
The totally centralized vision that consists in storing all data on servers has proved its weaknesses through a recent series of attacks, for instance on Sony Online Entertainment endangering over 24 million accounts. By putting more data on mega servers, application developers are threatening both security and privacy. Moreover, they are going the opposite direction from all the web 2.0 developments, which give power to the users.
We have to come back with a more distributed philosophy that will be safer, ad provide better privacy guarantees.