Google announced its long-awaited mobile payments platform, Google
Wallet, in New York City on Thursday. The company claims it will
revolutionize commerce. But with stories about massive data breaches and
hacks an almost daily occurance, consumers are most concerned about
whether Google Wallet is secure. Hereâs what you need to know.
+ Google Wallet â sounds cool! What is it?
+ So I can hook all my credit cards up to it? Cool!
+ How will Google Wallet be secured?
+ What, a couple PINs to protect all my credit cards? That sounds scarily insecure!
**+ OK, So you mentioned that thing about a hacker stealing all my credit
card information. Googleâs going to make sure that wonât happen, right?
**
+ Uh huh⊠So you mentioned that thing about a hacker stealing all my
credit card informationâŠ
+ OK. Thatâs all scary and depressing. Tell me something else cool that you can do with Google Wallet!**
+ Are there any other ways that Googleâs Wallet kicks my walletâs butt? **
Google Wallet â sounds cool! What is it?
Google Wallet is a mobile payments application that leverages Googleâs Android mobile operating system and runs (for now) on the Samsung Nexus S 4G phone, available from U.S. carrier Sprint. According to Google, the e-wallet (our term, not theirs) was designed to be used to pay for items using your mobile phones both at brick and mortar establishments and for online payments. Google says the Wallet will store multiple credit cards, offers, loyalty cards and gift cards, all without the âCostanza walletâ effect. Eventually, Google Wallet will work with a wider range of phones and credit cards. Just not yet.
[Back]
So I can hook all my credit cards up to it? Cool!
Not so fast. At this point, Google Wallet only accepts the Citi Mastercard and a Google Prepaid Card (did these exist before today?!). Citi was Googleâs date to the unveiling, along with First Data and Sprint. At some point in the future, Google and Citi will stop dating exclusively and Google will start playing the field and accepting other credit and debit cards, but for now youâre out of luck if you donât have a Citi Mastercard or a Google Prepaid card â whatever that is.
[Back]
How will Google Wallet be secured?
For the most part, Google Wallet will have the same security as your other mobile banking apps. Hopefully youâll have your Android phone protected with a password thatâs not toally obvious and that locks your screen when youâre not using the phone. Beyond that, there will be a separate PIN you will need to actually carry out a transaction.
[Back]
What, a couple PINs to protect all my credit cards? That sounds scarily insecure!
Yeah, but â get this â you already keep all your credit cards and debit cards in your wallet, and Iâll be that doesnât have a password on it, does it? DOES IT?!?!?! Anyway â thatâs Googleâs point: âa locked wallet is safer.â That is, until somebody figures out how to hack said wallet account and go on an online shopping binge while you sleep. But, again, people lose wallets and have credit cards stolen from them all the time. And human tellers have already proven a hopeless security screen for stolen cards (or havenât you noticed?) So, long and short: weâre already living with an insecure âarchitecture.â
[Back]
OK, So you mentioned that thing about a hacker stealing all my credit card information. Googleâs going to make sure that wonât happen, right?
Thatâs what Google says, yeah. The company went to great pains in their announcement to reassure everyone that security was part of the Walletâs core design, not bolted on after some 17 year old at DEFCON digitally pants-ed the company. So, beyond the access controls around the Wallet app, there are layers of transaction security that should make it difficult to either hijack accounts or sniff out sensitive account or financial information from transactions. Google Wallet is compliant with existing smartcard based payment systems like PayPass (MasterCard) and SecurePay. Sprint Nexus S phones come with a tamper resistant chip by NXP Semiconductor, dubbed the âSecure Elementâ that stores the encrypted payment credentials and manages the wireless Near Field Communication (NFC) technology that allows the phone to interact with contactless card readers securely. MasterCard PayPass protects the payment card credentials as they are transferred from the phone to the contactless reader.
[Back]
Uh huh⊠So you mentioned that thing about a hacker stealing all my credit card information. Googleâs going to make sure that wonât happen, right?
Right. Who cares what Google says? The truth is that, while Google has clearly constructed a payments system with security in mind, nobody knows exactly how well it will stand up to attacks or attempts to compromise the security of Google Wallet, because â in the U.S., anyway â mobile payments are in their infancy. But if you talk to security experts, theyâll say that there are reasons to be concerned. Karsten Nohl, an expert on contactless payment security, said that NFC â the contactless technology that is the basis for Google Wallet â âconnects phones to a whole new world of insecurities.â âContact-less payment and identification technology is a diverse field with a few secure choices and plenty of broken, old technology,â he told Threatpost. âWhile RFID/NFC can certainly provide bulletproof cryptographic protection, most deployments still choose proprietary technology instead. The NFC chips in upcoming phones support both the old and the new standards.â To prove that point, in 2008, Nohl and his colleagues demonstrated that the encryption used to protect data in common smart cards is breakable, even using commodity hardware.
As with many new technologies, the marketplace is setting the terms for NFC deployments and for âacceptableâ levels of transaction security, Nohl argues. And thatâs bound to lead to lapses. Kevin Fu, a researcher at the University of Massachusetts, also sees problems with the mobile payments ecosystem, which is made up of numerous players â platform developers, credit card companies, issuing banks, application developers, merchants and consumers â but no central authority. âLike most complex systems, thereâs a diffusion of responsibility and a need for security at every level, but Iâm not aware of any single authority.â** **
[Back]** **
**OK. Thatâs all scary and depressing. Tell me something else cool that you can do with Google Wallet! **You can use it with Googleâs (beta) Offers feature â this is what Google created after Groupon told the company to go screw. Its not in Boston yet, but where it is available, you get Groupon-type coupons that you can automatically redeem when you use Google Wallet. Kind of like automated coupon clipping. Thatâs cool.
[Back]
**That is tremendous. Are there any other ways that Googleâs Wallet kicks my walletâs butt? **Your wallet is probably made of leather or some other animal byproduct. No animals had to die to make Google wallet.
[Back]
#CreditCard
#Hacker1
#Hacker2
#Hacker2
#HowSecure
#KickButt
#Offers
#PINS
#SoundsCool
#top
#top
#top
#top
#top
#top
#top
#top
vimeo.com/15719304
www.businesswire.com/news/home/20110526006211/en/Google-Citi-MasterCard-Data-Sprint-Team-Phone
www.cs.umass.edu/%7Ekevinfu/
www.cs.virginia.edu/%7Ekn5f/
www.google.com/wallet/how-it-works-security.html
www.urbandictionary.com/define.php?term=george+costanza%27s+wallet
www.virginia.edu/uvatoday/newsRelease.php?id=4321
threatpost.com/google-wallet-secure-what-you-need-know-052611/