Mobile Wallet Security Concerns – Is Google Wallet secure enough?
For those who did not have experience with Android mobile wallet app, let me explain how it works. In order to use Google Wallet, you must first set up a PIN. The PIN is required before you can access the app or make a payment transaction. The PIN has a timeout feature in order to ensure you are always in control of the mobile wallet application’s usage. Android phones also support a phone lock screen which is separate from mobile wallet application. It is highly recommended that Android users enable this security feature supported by the operating system.
In addition, users’ payment credentials are stored in a secure microchip within their Android phone called the Secure Element. This electronic chip is completely isolated from the phone’s main operating system and hardware and only trusted programs like Google Wallet can access the Secure Element to initiate a transaction.
Google is continuously working to improve and evolve the security features of the Google Wallet. The company has been actively working to make PIN enforcement part of the Secure Element feature set in order to make the entire system even more secure. In addition, Google has issued a fix that prevents an existing prepaid card from being re-provisioned to another user. This step was necessary as a precaution measure to ensure additional security of current mobile Wallet customers.
Google has recently released a completely new, cloud-based version of the Google Wallet app that now supports various credit & debit cards from Visa, MasterCard, American Express and Discover.
Google Wallet users can now utilize nearly any card when they shop in-store or online with Google Wallet. With the new version, users can remotely disable or block their mobile wallet app from their Google Wallet account on the web. This change makes Google Wallet more secure and more useful for users and is expected to increase usage across a wider base of customers.
Even in the unlikely case that a thief has the ability to root a stolen phone, Google Wallet is still far more secure than a standard credit or debit card, as the Secure Element would protect a user’s payment information.
Security companies who are reporting that Google Wallet “hack” is possible, claim that a Google Wallet PIN is susceptible to a brute force attack – trying all possible key combinations until the PIN is discovered – that can make it possible for thieves to make purchases with a Google Wallet-enabled phone. In any case, this kind of hack has not been confirmed yet and there are no official reports claiming abuse of prepaid cards or the Wallet PIN resulting from these recent reports.