Mobile Tech Today HOME LATEST NEWS NEWSLETTERS SEARCH Search
  LATEST NEWS FOR TUESDAY JANUARY 24

Close Search Box
Mobile Tech Today
CUSTOMER SERVICE
Security Flaws Move Google To Suspend Prepaid Credit Cards
Posted February 13, 2012
Security Flaws Move Google To Suspend Prepaid Credit Cards
Next Story
EARLIER
Unlocking Customer Satisfaction: Top 5 Key Indicators
THIS STORY
Security Flaws Move Google To Suspend Prepaid Credit Cards
Next Story
LATER
SpeechCycle Announces SmartCare Mobile 2.0
YOU ARE HERE:   HOME arrow CUSTOMER SERVICE arrow THIS STORY
NEWS OPS

By Barry Levine. Updated February 13, 2012 10:17AM

SHARE

ALSO SEE

Are credit cards in smartphone-based wallets safe? Google has insisted they are, but the company is now suspending prepaid credit cards in its mobile wallet because of some security issues.

The move on Saturday by the technology giant follows a report that someone other than a smartphone owner could use the balance on a prepaid card by adjusting the wallet's settings. In a posting Saturday on the official Google Commerce blog, Vice President of Google Wallet and Payments Osama Bedier wrote that the company has "temporarily disabled provisioning of prepaid cards," as a precaution while Google works out a fix.

Two Flaws

The fix, he noted, is needed because of the possibility of "unauthorized use of an existing prepaid card balance if someone recovered a lost phone without a screen lock." Bedier noted that Google Wallet is protected by a PIN, as well as the phone's lock screen. However, many users do not utilize the screen lock, since doing so would require entering a password whenever someone returns to the phone after a break.

Google's action followed a security flaw that began circulating Friday. Since the credit card belongs to the phone and not to a Google account, someone in possession of a smartphone can go to the application settings, erase the data associated with Google Wallet, and change the Wallet's PIN. The funds on a prepaid card can thus become available -- such as to someone who finds a lost phone.

Last week, security firm Zuelo noted another security flaw. Using a rooted smartphone with Google Wallet, someone other than the owner can get access to the Wallet's PIN via a brute force attack on the database storing the PIN, and thus make illegal credit card charges.

Google has noted that the Wallet is not designed for smartphones that have been rooted, which is usually by the owner. Bedier wrote that sometimes "users choose to disable important security mechanisms in order to gain system-level 'root' access to their phone," a practice which Google strongly discourages.

'Paradigm Shift'

Neither of the recently exposed security flaws can be conducted remotely, but require physical access to the device. Google and others have argued that, in theory, smartphone-based credit cards can be more secure than the plastic kind.

Michael Gartenberg, research director at Gartner, said smartphone-based credit cards and virtual wallets are a "paradigm shift, involving a lot of chickens and eggs coming into play."

The plastic-based credit card industry took "a long time to ease people's fears," Gartenberg said, and a "sea change" like credit cards on phones will similarly happen "a lot slower than people think."

Google is "wise to take a step back and make sure things are resolved," he said, adding that the company still needs to educate users as to why virtual credit cards have advantages over the plastic cards they have in their actual wallet.

Tell Us What You Think
Comment:

Name:

MORE IN CUSTOMER SERVICE

Next Article >

NETWORK SECURITY SPOTLIGHT
This Spotlight
Is Brought to You By:

INSIDE MOBILE TECH TODAY NETWORK SITES SERVICES BENEFITS