Credit Card News
Advertising Disclosure
Credit-Land.com is an independent, advertising-supported web site. Credit-Land.com receives compensation from many credit card issuers whose offers appear on our site. Compensation from our advertising partners impacts how and where their products appear on our site, including, for example, the order in which they may appear within review lists. Credit-Land.com has not reviewed all available credit card offers in the marketplace.
Credit Card Applications » News » Other » Google Wallet Makes Certain User Information An Easy Target For Hackers

Google Wallet Makes Certain User Information An Easy Target For Hackers

By
Add to Favorites:
Google Wallet Makes Certain User Information An Easy Target For Hackers

Experts at forensic security company viaForensics made a startling discovery about Google Wallet recently. The revolutionary mobile app that allows users to store credit card information and make payment transactions simply by tapping their mobile phone at the point of sale stores a vast amount of the cardholder`s personal information in an unsecure format. With the exception of the actual credit card number and the CVV number – the 3 or 4 digit number found on the front or back of a card that proves to merchants during CNP sales that the buyer actually has the card in his or her possession – all other data stored is unencrypted. The “other data” in question includes names, addresses, credit card limits, transaction times, PIN numbers, etc. This makes an alarming amount of information available for hackers to help themselves to with relative ease. 


The chief investigative officer at viaForensics responsible for the discovery is Andrew Hoog. He performed two very basic tests on Google wallet using a rooted Sprint Nexus S mobile device to try out its security and the app failed on both counts.


Firstly, the app caches data directly on the user`s phone. If the user were to lose the phone or have it stolen, whoever were to retrieve it would be able to access the data. Secondly, the majority of the data that is stored is not encrypted. While Google Wallet keeps credit card account numbers along with the corresponding CVV codes on an encrypted portion of the NFC chip, the rest of the information is left unencrypted. Some of the information is even recoverable upon deletion of the transaction, such as the last four digits of the account number, the card`s expiration date and the name imprinted upon the card.


Fixes suggested by Hoog are to either encrypt all the data or else not to cache data on the mobile device. Upon his alarming security discoveries he spent a week with Google discussing his concerns regarding Google Wallet`s vulnerabilities.


“While it`s nearly impossible to provide 100 percent secure systems, it`s pretty attainable to developed reasonably secure systems,” said Hoog, according to PCMag.

Add to Favorites:

Related News:

Global Fraud On Hackers To-Do List This Season

By Dar Dowling, Posted: December 2, 2016

With the holiday shopping season upon us, retailers around the world can expect a 12% bump in online fraud when compared with data from the holiday season last year. Continue reading
Chase Pay Launched

By Dar Dowling, Posted: December 1, 2016

Chase Pay, the new digital payment system from Chase, is now open for business. Chase Pay lets people pay for purchases with their credit cards. Continue reading
Blowing The Holiday Budget is a Holiday Tradition

By Dar Dowling, Posted: November 30, 2016

If year after year you find your self overspending at holiday time you are not alone, with eight out of 10 consumers (78%) indicating that they are in the same boat. Continue reading
Get the latest news, articles and expert advice delivered to your inbox. It's FREE.
Get 0% Intro APR on Balance Transfers and Purchases for 21 months. After that, the APR will be 12.24%-22.24% based upon your creditworthiness.
For Excellent/Good Credit
Earn 1% cash back on gas and grocery purchases. Terms apply.
For Fair Credit
Guaranteed $500 Unsecured Credit Limit
For Bad Credit