28 September 2016
Business Intelligence: A Tech Revolution for the Evolution in Compliance

Google disables pre-paid card provisioning following Wallet security scares

13 February 2012  |  9982 views  |  0 google wallet

Google has disabled provisioning of pre-paid cards for its mobile wallet scheme after researchers last week found a number of gaping security holes in the application.

The trouble for Google started when security outfit zvelo demonstrated how a brute force attack on a rooted mobile phone could expose a user's PIN. This was followed by a more serious discovery from The Smartphone Champ which revealed that an option to clear data and reset payment options on the phone makes it easy for anyone who finds or steals an Android phone to take over the wallet function.

In a blog post over the weekend, Google Wallet VP Osama Bedier strongly discouraged Wallet users from attempting to gain system-level 'root' access to their phones, as the application is not supported on rooted phones. "In most cases, rooting your phone will cause your Google Wallet data to be automatically wiped from the device," he says.

To address the second issue, Bedier says the firm has taken immediate action to temporarily disable provisioning of pre-paid cards. "We took this step as a precaution until we issue a permanent fix soon," he says.

Bedier accepts that Google is still learning from its experiences in the mobile payments world, but maintains that the phone continues to offer more security than credit cards and leather wallets.

"Mobile payments are going to become more common in the coming years, and we will learn much more as we continue to develop Google Wallet," he says. "In the meantime, you can be confident that the digital wallet you carry provides defences that plastic and leather simply don't."

Update Google issued the following update at 8.30pm on 14 February: "Yesterday afternoon, we restored the ability to issue new prepaid cards to the Wallet. In addition, we issued a fix that prevents an existing prepaid card from being re-provisioned to another user. While we're not aware of any abuse of prepaid cards or the Wallet PIN resulting from these recent reports, we took this step as a precaution to ensure the security of our Wallet customers."

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Google Wallet PIN vulnerability exposed

Google Wallet PIN vulnerability exposed

09 February 2012  |  12159 views  |  0 comments
Google payments exec Gupta quits

Google payments exec Gupta quits

27 January 2012  |  7672 views  |  0 comments
Google Wallet stores unencrypted data - viaForensics

Google Wallet stores unencrypted data - viaForensics

13 December 2011  |  10237 views  |  0 comments
Google Wallet coming to UK ahead of Olympics - report

Google Wallet coming to UK ahead of Olympics - report

12 December 2011  |  13117 views  |  0 comments | 1 tweets
Google checks out of Checkout

Google checks out of Checkout

17 November 2011  |  9135 views  |  0 comments
NJ Transit partners Google on m-payments

NJ Transit partners Google on m-payments

19 October 2011  |  6857 views  |  0 comments
Google Wallet gets SingleTap for coupon redemption

Google Wallet gets SingleTap for coupon redemption

18 October 2011  |  10154 views  |  0 comments
Citi rounds on Isis, urges other banks to join Google Wallet

Citi rounds on Isis, urges other banks to join Google Wallet

12 October 2011  |  18085 views  |  5 comments
Google launches mobile wallet

Google launches mobile wallet

19 September 2011  |  16963 views  |  1 comments
Google to launch credit card; PayPal to move offline

Google to launch credit card; PayPal to move offline

21 July 2011  |  18374 views  |  1 comments
Google makes land-grab in new mobile commerce gold rush

Google makes land-grab in new mobile commerce gold rush

13 July 2011  |  12116 views  |  1 comments
PayPal sues Google and Bedier over m-payment trade secrets

PayPal sues Google and Bedier over m-payment trade secrets

27 May 2011  |  12011 views  |  1 comments
Google takes the wraps off mobile wallet

Google takes the wraps off mobile wallet

26 May 2011  |  15500 views  |  1 comments

Related company news

 

Related blogs

Create a blog about this story (membership required)
Visit capgemini.comVisit contisgroup.comFind out more

Who is commenting?

A Finextra member Finextra Member Commented on: PSD2 - opportunities,...
A Finextra member Finextra Member Commented on: R3 banks use Intel dis...

Top topics

Most viewed Most shared
RBS tests demonstrate ability of Ethereum to support a national domestic payments systemRBS tests demonstrate ability of Ethereum...
13867 views comments | 54 tweets | 47 linkedin
Swift beware: Ripple signs banks to global payments steering groupSwift beware: Ripple signs banks to global...
8673 views comments | 32 tweets | 17 linkedin
Banks clubbing together to tackle KYCBanks clubbing together to tackle KYC
7251 views comments | 3 tweets | 8 linkedin
FCA to kickstart sandbox with 24 applicantsFCA to kickstart sandbox with 24 applicant...
7154 views comments | 33 tweets | 15 linkedin
Brexit offers exciting opportunities for growthBrexit offers exciting opportunities for g...
7132 views comments | 4 tweets | 3 linkedin

Featured job

Find your next job