Google was no doubt excited about its upgrades for the Google Wallet. Up until now, the internet giant turned mobile payment mogul could only allow users with certain cell phone carriers or those with its Google Nexux 7 tablet to incorporate the app. Now, though, Google has made significant changes to its Wallet.
It’s expanded it reach and allowed more ways for consumers to use the program. This change now allows other phones to access the data found in the Google cloud, which will enable purchases in the Google Play store or while shopping in Google Checkout. Not only that, but if a user loses his phone, he can safely and easily disable his account until the phone’s replaced.
As many know, the credit card information was maintained on a chip located in the user’s phone. This resulted in a seemingly overwhelming effort to pull together millions of users, banks that issued the credit cards and cell phone carriers, too. Things were moving along fine. Until a vulnerability was found – and it’s a doozy. The big question many are asking is whether this vulnerability is enough to set the efforts and progress back and it looks as though at a minimum, it’s proved that the technology isn’t as cut and dried as many might think.
The owner of the Smartphone Champ blog discovered the vulnerability and then showed how easy it is for Google Wallet users to have their information compromised. If a thief steals a smartphone – and specifically an Android device – in order to gain access to the credit card information maintained on the chip, all he has to do is go into the phone’s app center, disable the data associated with the Google Wallet and then open up Google Wallet from that phone. By default, the program announces the information’s been altered and as a result, the user must create a new PIN number. Once that’s done, the thief has access to every single credit card within that user’s Google Wallet.
So how can this happen? It’s actually quite simple: the information associated with the user’s credit card isn’t maintained via a specific account, but rather, it’s associated and maintained on the smartphone. It’s sort of like an electronic version of losing your wallet, a stranger finding it and then using the credit cards in that wallet.
Fortunately, the vulnerabilities are limited to certain Android models. With Google’s announcement, though, that it’s just now broadened its services, the big question is whether or not the weakness in the technology will be addressed before other users see their credit card information stolen.
Google Press Release
Google released a presser not long after its expansion efforts were announced that it was working on a fix so that the problems don’t pose a threat. In its presser, it said,
We strongly encourage anyone who loses or wants to sell their phone to call Google Wallet support toll-free at 855-492-5538 to disable the prepaid card. In the meantime, we are currently working on an automated fix as well that will be available soon. We also advise all Wallet users to set up a screen lock as an additional layer of protection for their phone.
This is a pretty big vulnerability with repercussions that no one wants to deal with. Is it big enough to steer users away from Google? Unfortunately, that’s likely. Many have already taken the stance that the damage has been done and they also say Google’s efforts have been annihilated with this one massive misstep.
Millions in Development
There are literally thousands of services and banks – including PayPal, Square, AT&T, Verizon and many more that are developing their own versions of electronic wallets. Some are further along that others – AT&T has its own mobile wallet, Isis, that’s currently in development and soon, your local community bank will also have its own electronic bank. The U.S. is currently behind in these efforts. Other countries – and other companies within those countries – have long since developed their electronic wallets.
Google Wallet uses a technology called near-field communication, or N.F.C., for smartphones and cash registers to communicate wirelessly. This means retailers require point-of-sale systems that include N.F.C. Currently close to a quarter million retailers and service providers offer this technology. Big names include McDonald’s, Macy’s, Walgreens, several national grocery chains and many more. Currently, Google has entered partnerships with less than thirty of these retailers.
The problem now is Google’s misstep has potentially set the progress back of others here in the U.S. looking to offer this convenience to their customers. If customers were looking to see how the challenges would be handled before committing to the mobile payment technology, Google sure missed its mark.
In the United States, mobile payment technology has yet to hit the mainstream. One of the challenges is proving to customers that tapping a smartphone to make a purchase is more convenient and secure than using a credit card. This vulnerability in Google Wallet is a testament to how this technology has yet to prove itself.