Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Digital Life / Google Suspends Prepaid Credit Cards
Security Flaws Move Google To Suspend Prepaid Credit Cards
Security Flaws Move Google To Suspend Prepaid Credit Cards
By Barry Levine / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
Are credit cards in smartphone-based wallets safe? Google has insisted they are, but the company is now suspending prepaid credit cards in its mobile wallet because of some security issues.

The move on Saturday by the technology giant follows a report that someone other than a smartphone owner could use the balance on a prepaid card by adjusting the wallet's settings. In a posting Saturday on the official Google Commerce blog, Vice President of Google Wallet and Payments Osama Bedier wrote that the company has "temporarily disabled provisioning of prepaid cards," as a precaution while Google works out a fix.

Two Flaws

The fix, he noted, is needed because of the possibility of "unauthorized use of an existing prepaid card balance if someone recovered a lost phone without a screen lock." Bedier noted that Google Wallet is protected by a PIN, as well as the phone's lock screen. However, many users do not utilize the screen lock, since doing so would require entering a password whenever someone returns to the phone after a break.

Google's action followed a security flaw that began circulating Friday. Since the credit card belongs to the phone and not to a Google account, someone in possession of a smartphone can go to the application settings, erase the data associated with Google Wallet, and change the Wallet's PIN. The funds on a prepaid card can thus become available -- such as to someone who finds a lost phone.

Last week, security firm Zuelo noted another security flaw. Using a rooted smartphone with Google Wallet, someone other than the owner can get access to the Wallet's PIN via a brute force attack on the database storing the PIN, and thus make illegal credit card charges.

Google has noted that the Wallet is not designed for smartphones that have been rooted, which is usually by the owner. Bedier wrote that sometimes "users choose to disable important security mechanisms in order to gain system-level 'root' access to their phone," a practice which Google strongly discourages.

'Paradigm Shift'

Neither of the recently exposed security flaws can be conducted remotely, but require physical access to the device. Google and others have argued that, in theory, smartphone-based credit cards can be more secure than the plastic kind.

Michael Gartenberg, research director at Gartner, said smartphone-based credit cards and virtual wallets are a "paradigm shift, involving a lot of chickens and eggs coming into play."

The plastic-based credit card industry took "a long time to ease people's fears," Gartenberg said, and a "sea change" like credit cards on phones will similarly happen "a lot slower than people think."

Google is "wise to take a step back and make sure things are resolved," he said, adding that the company still needs to educate users as to why virtual credit cards have advantages over the plastic cards they have in their actual wallet.

Tell Us What You Think


Like Us on FacebookFollow Us on Twitter
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.