13 February 2016

Google disables pre-paid card provisioning following Wallet security scares

13 February 2012  |  9700 views  |  0 google wallet

Google has disabled provisioning of pre-paid cards for its mobile wallet scheme after researchers last week found a number of gaping security holes in the application.

The trouble for Google started when security outfit zvelo demonstrated how a brute force attack on a rooted mobile phone could expose a user's PIN. This was followed by a more serious discovery from The Smartphone Champ which revealed that an option to clear data and reset payment options on the phone makes it easy for anyone who finds or steals an Android phone to take over the wallet function.

In a blog post over the weekend, Google Wallet VP Osama Bedier strongly discouraged Wallet users from attempting to gain system-level 'root' access to their phones, as the application is not supported on rooted phones. "In most cases, rooting your phone will cause your Google Wallet data to be automatically wiped from the device," he says.

To address the second issue, Bedier says the firm has taken immediate action to temporarily disable provisioning of pre-paid cards. "We took this step as a precaution until we issue a permanent fix soon," he says.

Bedier accepts that Google is still learning from its experiences in the mobile payments world, but maintains that the phone continues to offer more security than credit cards and leather wallets.

"Mobile payments are going to become more common in the coming years, and we will learn much more as we continue to develop Google Wallet," he says. "In the meantime, you can be confident that the digital wallet you carry provides defences that plastic and leather simply don't."

Update Google issued the following update at 8.30pm on 14 February: "Yesterday afternoon, we restored the ability to issue new prepaid cards to the Wallet. In addition, we issued a fix that prevents an existing prepaid card from being re-provisioned to another user. While we're not aware of any abuse of prepaid cards or the Wallet PIN resulting from these recent reports, we took this step as a precaution to ensure the security of our Wallet customers."

Comments: (0)

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board, sign up now.

Related blogs

Create a blog about this story (membership required)

Related stories

09 February, 2012
27 January, 2012
15 December, 2011
13 December, 2011
12 December, 2011
08 December, 2011
17 November, 2011
19 October, 2011
18 October, 2011
12 October, 2011
19 September, 2011
21 July, 2011
13 July, 2011
23 June, 2011
27 May, 2011
26 May, 2011

Related company news


Top topics

Most viewed Most shared
UK sets out open banking API frameworkUK sets out open banking API framework
15666 views comments | 100 tweets | 89 linkedin
Deutsche Bank calls for co-operation with fintech firms on B2B servicesDeutsche Bank calls for co-operation with...
8614 views comments | 29 tweets | 30 linkedin
How to accelerate your fintech startupHow to accelerate your fintech startup
8134 views comments | 34 tweets | 9 linkedin
Is Paym a failure?Is Paym a failure?
6924 views 16 comments | 23 tweets | 16 linkedin
Visa issues API to offer consumer control over card transactionsVisa issues API to offer consumer control...
6366 views comments | 17 tweets | 28 linkedin

Featured job

£100,000 basic, £180,000 OTE + Benefits

Find your next job