Seven Tips to Protect Your Google Wallet
Even with Google Wallet's built-in identity theft protections, you still need to be wary of hackers.
There is a saying that timing is everything and, in this case, my timing was a day off.
Last week, I had a wonderful conversation with a Kaspersky Lab security expert, discussing the future of finance security. He mentioned to me that he had the opportunity to make mobile payments from his phone, and if the financial transactions were under a certain dollar amount, he didn't have to sign anything, essentially, just flash his phone and go. We talked a little about what a scary idea this is in reality - the idea of not having to authorize the small payments. Yes, it is for convenience, but cyber criminals wouldn't hesitate to empty a bank account a little at a time.
On my way home the next day, I got several emails regarding the Google Wallet vulnerabilities. Had I known about it 24 hours earlier, it would have been the focus of our conversation, wondering whether or not mobile payment systems are all that secure.
The study found that almost two thirds of financial services, technology, telecoms and retail businesses are already operating a mobile payments strategy. Around $100 billion worth of mobile payments made in the US alone in 2011. But 92% of information security officers surveyed told KPMG that they believe that 'm-commerce' will drive an increase in online crime. Meanwhile, 90% of consumers are worried about security of personal data on mobile devices.
Not surprisingly, after the news broke that hackers have found two relatively easy ways to crack Google Wallet, Google defended its product, saying that it is more secure than traditional credit cards. One reason is that it is protected by a PIN. But the PIN is one reason why Google Wallet is vulnerable. As Jimmy Shah, mobile security research a McAfee Labs, pointed out in a blog post:
Once attackers get your PIN, they have full access to any credit card information stored in the app and they can use your phone to make purchases. As a user of Google Wallet, the main security you see is the PIN. What makes Wallet easy for you to use now makes it easy for attackers to use; they can now spend your money and credit just as if your phone were an ATM card.
Today, I saw that Google has decided to suspend its new prepaid Google cards, at least temporarily. As PC World noted, the attack against the prepaid cards is even easier than the attack against the PIN authentication hack.
Google is correct in its assessment that mobile payments are the way we are headed with our financial transactions. It's the logical step, as technology is leading us to a single device to handle just about everything we do. Are mobile payments safer than using plastic, as Google says? I personally can't imagine that it is - I would love to hear other opinions on that. What I do predict is the mobile payment structure is going to be the next major security challenge for our mobile devices.