Google Wallet suspends prepaid credit cards in wake of security hack reveal

by Phil Hornshaw

Google has addressed a newly aired security hack for its Google Wallet mobile software that disables the use of prepaid credit cards while the company deals with patching the security hole.

The hack was made public last week, showing that a user with access to a rooted smartphone running Google Wallet could bypass the software’s security, pushing past the software’s PIN number to get access to the balance of any prepaid card currently stored there. In response to the issue, Google has shut down the use of prepaid cards with the software and released a statement urging users not to use the Wallet service with rooted devices.

“First, Google Wallet is protected by a PIN — as well as the phone’s lock screen, if a user sets that option,” Google wrote in a blog post about security issues. “But sometimes users choose to disable important security mechanisms in order to gain system-level ‘root’ access to their phone; we strongly discourage doing so if you plan to use Google Wallet because the product is not supported on rooted phones. That’s why in most cases, rooting your phone will cause your Google Wallet data to be automatically wiped from the device.”

Google went on to say it was working to add more security to the service, citing the disabling of prepaid cards as a proactive step. Prepaid cards were disabled “as a precaution until we issue a permanent fix soon,” the company wrote.

The company’s Google Wallet service is a relatively young piece of software for its Android-running smartphones that takes advantage of near-field communication technology, which is available in some newer devices. NFC tech allows the phone to broadcast information over very short ranges; with Wallet, users can input credit card and loyalty card information into the service, then bring their cards into close proximity with special NFC terminals in brick-and-mortar stores. The two devices interact and use the information stored in the smartphone to complete the transaction, paying with the user’s credit card, adding loyalty points to their card and even storing receipts instantly.

Google insisted in their blog post that Google Wallet is a safe means of conducting transactions, and is safer than traditional plastic cards in many respects, including software security measures that obviously aren’t present in a leather wallet.

But the hack last week seems to have shaken some consumer confidence in the service and in NFC payments in general, which are available through other software offered by various other companies. Credit card providers have teamed up to create ISIS, for example, another NFC payment system similar to Google Wallet, and rumor has it Apple is at least looking into including NFC technology in its next iPhone.

In its blog post, Google also provided toll-free support to Wallet users should they experience any problems. Users can access Google’s support system by visiting this link, where they can input a phone number and receive a call from a member of the Google Wallet support team to help deal with their issues.