Google clamps down on its prepaid Google Wallet card on smartphones

Move follows two independent hacks described on blogs

Google said it has temporarily disabled the provisioning of its prepaid Google Wallet cards used in some NFC-ready phones.

The move follows last week's discovery of a vulnerability in Google Wallet described Feb. 8 by security researchers at Zvelo.com.

A second vulnerability for accessing Google Wallet prepaid card funds was outlined by The Smartphone Champ day a later.

Osama Bedier, vice president of Google Wallet and Payments, wrote a blog post late Saturday saying the step was taken as a "precaution until we issue a permanent fix soon."

The move was intended to address "unauthorized use of an existing prepaid card balance if someone recovered a lost phone without a screen lock," the Google blog said.

With Google Wallet, users load funds into the system using a credit card, and those funds can then be used in contactless payments made using phones equipped with Near-Field Communications (NFC) technology. Google Wallet was launched last September in what was effectively a public beta on the Nexus S 4G smartphone from Sprint, with credit-card payments processed by MasterCard. At that time, Google gave users of Google Wallet $10 to load onto what it called the Google Prepaid Card.

Google has received no reports of any Google Wallet pre-paid card users losing funds because of the PIN vulnerability, a spokesman said. Google Wallet users can continue to use the Google pre-pay card as well as Citi-issued MasterCard credit cards with Google Wallet. Google is only disabling provisioning of new prepaid Google Wallet cards, the spokesman said.

Bedier explained that Google Wallet is protected by its own PIN, as well as the phone's lock screen, but only if the user sets the lock screen. "But sometimes users choose to disable important security mechanisms in order to gain system-level root access to their phone; we strongly discourage doing so if you plan to use Google Wallet because the product is not supported on rooted phones."

He said "rooting" a phone in most cases will cause Google Wallet data to be automatically wiped from the device.

NFC hasn't grown nearly as fast in the U.S. as it has in countries like South Korea, Japan and China, partly because surveys indicate that Americans are not convinced the technology is secure.

Another factor affecting the adoption of contactless payment technology in the United States is a shortage of phones supporting NFC. Most analysts expect the next iPhone, perhaps called iPhone 5, will include an NFC chip tied to iTunes or an AppStore account. Apple's entry into NFC is expected to boost contactless payments.

"People are asking if Google Wallet is safe enough for mobile phone payments," Bedier said. "The simple answer to this question is yes. In fact, Google Wallet offers advantages over the plastic cards and folded wallets in use today."

Google included a link in its blog to toll-free phone assistance for users who lose their phones or find that someone has made an unauthorized transaction on their account.

Matt Hamblen covers mobile and wireless, smartphones and other handhelds, and wireless networking for Computerworld. Follow Matt on Twitter at @matthamblen, or subscribe to Matt's RSS feed. His email address is mhamblen@computerworld.com.

Copyright © 2012 IDG Communications, Inc.

  
Shop Tech Products at Amazon