Credit Cards Blog

Finance Blogs » Credit Cards » Security holes in Google Wallet

Security holes in Google Wallet

By Janna Herron ·
Thursday, December 15, 2011
Posted: 2 pm ET

There are many benefits Google Wallet provides: convenience, a lighter back pocket and better security. Wait. The jury is still out on that last one.

ViaForensics, a digital forensics and security firm, on Monday released results of its security testing on the search engine giant's virtual wallet. The results are little scary regarding credit card info security.

The testing found that a "fair amount of data" including email addresses, the last four digits of a credit card number, credit card balances, limits, expiration dates, name on the card, transaction date and location are all stored with no encryption on Google Wallet.

Practically the only piece of information that is encrypted is the first 12 digits of your credit card number. Thankfully, that 12-digit gold mine isn't stored insecurely as it requires a personal identification number to retrieve it, according to the tester's analysis.

Still, who wants the rest of that information floating around for anyone to capture? Especially in this day and age of phishing scams and hacking attacks, it could be pretty easy for someone to pose as your issuer in an email to you if that person could provide such pertinent facts as your last purchase, card balance and last four digits of the account number.

Imagine receiving an email that has some pretty private information about you saying there has been a security breach and you need to follow a link to verify your account. All the while, you're actually supplying critical data to a thief. (For future reference, always contact your issuer yourself by phone to validate such emails.)

That's where the danger lies.

The good news is the Google Wallet is constantly being updated. In fact, viaForensics said as it was testing the initial release of Google Wallet, one update came out that addressed one of the security concerns. The test cited here was conducted on the 1.0-R33v6 version of Google Wallet.

So maybe Google and its partners still need a little time to work all the bugs out. After all, it rolled out in May.

The idea is seductive, though, considering how much time Americans spend staring at their mobile phones.

Are you ready for the virtual wallet on your mobile device?

Follow me on Twitter: @JannaHerron

Bankrate wants to hear from you and encourages comments. We ask that you stay on topic, respect other people's opinions, and avoid profanity, offensive statements, and illegal content. Please keep in mind that we reserve the right to (but are not obligated to) edit or delete your comments. Please avoid posting private or confidential information, and also keep in mind that anything you post may be disclosed, published, transmitted or reused.

By submitting a post, you agree to be bound by Bankrate's terms of use. Please refer to Bankrate's privacy policy for more information regarding Bankrate's privacy practices.
1 Comment