Google Wallet Vulnerabilities Highlight Mobile Payment Security Concerns

Sue Marquette Poremba
Slide Show

Seven Tips to Protect Your Google Wallet

Even with Google Wallet's built-in identity theft protections, you still need to be wary of hackers.

There is a saying that timing is everything and, in this case, my timing was a day off.


Last week, I had a wonderful conversation with a Kaspersky Lab security expert, discussing the future of finance security. He mentioned to me that he had the opportunity to make mobile payments from his phone, and if the financial transactions were under a certain dollar amount, he didn't have to sign anything, essentially, just flash his phone and go. We talked a little about what a scary idea this is in reality - the idea of not having to authorize the small payments. Yes, it is for convenience, but cyber criminals wouldn't hesitate to empty a bank account a little at a time.


On my way home the next day, I got several emails regarding the Google Wallet vulnerabilities. Had I known about it 24 hours earlier, it would have been the focus of our conversation, wondering whether or not mobile payment systems are all that secure.


Secure or not, it doesn't look like mobile payments are trusted by the security industry. According to a study by KPMG, an overwhelming number of information security experts believe we will see an increase in cyber crime as more of us move to mobile payments. According to Information Age:

The study found that almost two thirds of financial services, technology, telecoms and retail businesses are already operating a mobile payments strategy. Around $100 billion worth of mobile payments made in the US alone in 2011. But 92% of information security officers surveyed told KPMG that they believe that 'm-commerce' will drive an increase in online crime. Meanwhile, 90% of consumers are worried about security of personal data on mobile devices.

Not surprisingly, after the news broke that hackers have found two relatively easy ways to crack Google Wallet, Google defended its product, saying that it is more secure than traditional credit cards. One reason is that it is protected by a PIN. But the PIN is one reason why Google Wallet is vulnerable. As Jimmy Shah, mobile security research a McAfee Labs, pointed out in a blog post:

Once attackers get your PIN, they have full access to any credit card information stored in the app and they can use your phone to make purchases. As a user of Google Wallet, the main security you see is the PIN. What makes Wallet easy for you to use now makes it easy for attackers to use; they can now spend your money and credit just as if your phone were an ATM card.

Today, I saw that Google has decided to suspend its new prepaid Google cards, at least temporarily. As PC World noted, the attack against the prepaid cards is even easier than the attack against the PIN authentication hack.

Google is correct in its assessment that mobile payments are the way we are headed with our financial transactions. It's the logical step, as technology is leading us to a single device to handle just about everything we do. Are mobile payments safer than using plastic, as Google says? I personally can't imagine that it is - I would love to hear other opinions on that. What I do predict is the mobile payment structure is going to be the next major security challenge for our mobile devices.

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


Add Comment      Leave a comment on this blog post
Feb 13, 2012 2:52 PM Jay Jay  says:

I love the concept behind Google Wallet (http://www.google.com/wallet), because I believe that digital wallets, just like their physical equivalents, should allow their users to store in them all of the payment instruments they may want, including credit and debit cards issued by different banks and displaying different brand logos. And Google is doing precisely that. However, data security is much more important than either user-friendliness or convenience. In fact, your service should not be offered to consumers until you can guarantee that your system can protect their personal information. And that is clearly not the case with Google. Moreover, hacking Google Wallet is reported to be a "trivial" exercise, which makes me wonder whether Google even cares all that much about protecting its customers' information. I can only hope they will prove that they do. http://blog.unibulmerchantservices.com/app-cracks-your-google-wallet-pin-in-seconds


Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.

Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.