HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED 10 MINUTES AGO.
You are here: Home / Mobile Tech / Google Suspends Prepaid Credit Cards
Build Apps 5x Faster
For Half the Cost Enterprise Cloud Computing
On Force.com
Security Flaws Move Google To Suspend Prepaid Credit Cards
Security Flaws Move Google To Suspend Prepaid Credit Cards
By Barry Levine / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
FEBRUARY
13
2012
Are credit cards in smartphone-based wallets safe? Google has insisted they are, but the company is now suspending prepaid credit cards in its mobile wallet because of some security issues.

The move on Saturday by the technology giant follows a report that someone other than a smartphone owner could use the balance on a prepaid card by adjusting the wallet's settings. In a posting Saturday on the official Google Commerce blog, Vice President of Google Wallet and Payments Osama Bedier wrote that the company has "temporarily disabled provisioning of prepaid cards," as a precaution while Google works out a fix.

Two Flaws

The fix, he noted, is needed because of the possibility of "unauthorized use of an existing prepaid card balance if someone recovered a lost phone without a screen lock." Bedier noted that Google Wallet is protected by a PIN, as well as the phone's lock screen. However, many users do not utilize the screen lock, since doing so would require entering a password whenever someone returns to the phone after a break.

Google's action followed a security flaw that began circulating Friday. Since the credit card belongs to the phone and not to a Google account, someone in possession of a smartphone can go to the application settings, erase the data associated with Google Wallet, and change the Wallet's PIN. The funds on a prepaid card can thus become available -- such as to someone who finds a lost phone.

Last week, security firm Zuelo noted another security flaw. Using a rooted smartphone with Google Wallet, someone other than the owner can get access to the Wallet's PIN via a brute force attack on the database storing the PIN, and thus make illegal credit card charges.

Google has noted that the Wallet is not designed for smartphones that have been rooted, which is usually by the owner. Bedier wrote that sometimes "users choose to disable important security mechanisms in order to gain system-level 'root' access to their phone," a practice which Google strongly discourages.

'Paradigm Shift'

Neither of the recently exposed security flaws can be conducted remotely, but require physical access to the device. Google and others have argued that, in theory, smartphone-based credit cards can be more secure than the plastic kind.

Michael Gartenberg, research director at Gartner, said smartphone-based credit cards and virtual wallets are a "paradigm shift, involving a lot of chickens and eggs coming into play."

The plastic-based credit card industry took "a long time to ease people's fears," Gartenberg said, and a "sea change" like credit cards on phones will similarly happen "a lot slower than people think."

Google is "wise to take a step back and make sure things are resolved," he said, adding that the company still needs to educate users as to why virtual credit cards have advantages over the plastic cards they have in their actual wallet.

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
Salesforce.com is the market and technology leader in Software-as-a-Service. Its award-winning CRM solution helps 82,400 customers worldwide manage and share business information over the Internet. Experience CRM success. Click here for a FREE 30-day trial.
MORE IN MOBILE TECH
Product Information and Resources for Technology You Can Use To Boost Your Business
© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.