Is Google Wallet secure, and should you trust it with your financial data?
FeaturePosted by Seth Planck
May 26th, 2011 at 10:44 PM Filed Under Featured
Is Google Wallet secure, and should you trust it with your financial data?
Okay, so the fever pitch has lowered from Google Wallet announcements earlier. A few hours on, our endorphins are returning to normal levels and only one nerd in the corner is still dizzy and giddy. You know the guy, the one who had the QR code tattooed on his hand. Well, the rest of us can now start assessing some of the important issues a brand new technology will bring along for the ride. With our pragmatic heads on, we should look at one of the most important issues a new payment method like Google Wallet needs to tackle – and that issue is security. So to answer the question posed above, “Is Google Wallet secure, and should you trust it with your financial data?” The answer is yes and no. Thank you and goodnight!
Oh, you want more details? Oh, alright then.
We will start with the, yes, Google Wallet is secure. Let’s start with a couple of lessons.
Lesson one: Nothing is completely secure. Where there is a will, there is a way. (Never underestimate a so-inclined hacker. If someone in Google can make it, someone outside can break it. They are innovative and will use as much energy to devise a work around as Google did to secure your phone in the first place.)
Lesson two: What is security? Well, in this case security is making getting to your financial information more trouble than it’s worth, or simply making it as difficult as possible.
Google says, “Google Wallet is designed and engineered to enable safe, secure payments. In fact, Google Wallet’s security features go beyond what’s possible with traditional wallets and cards.”But what does that mean? The good news is that Google seems to have really given this a lot of thought and implemented some really good security features in order to keep your data safe. For example, the maker of the NFC chip inside a Nexus S is called NXP. They make a chip called the PN65 which Google is terming as a “secure element” and that means it’s tamper-proof. The chip is segregated from the core of the Android OS which would make a remote hack very difficult, and this would help make sure only authorized apps are allowed access to your data. We don’t know what constitutes an authorized app yet, but we hope Google’s process for gaining access will be stringent and at this moment we have nothing to suggest it will be anything less.
Google has also added up to a three pin number system on your phone for Google Wallet use. One to unlock your screen, one on the Google Wallet application and a last pin number to make a transaction. If users use all three pin numbers, this again makes Google Wallet more secure than your humble credit card. Apart from that, the financial information on your NFC enabled Android phone is also encrypted. So, is Google Wallet secure? Sure, at face value, which is all we have to go on at the moment.
Should you trust Google Wallet with your information? Good god no.
Trust is a big word and it suggests you feel you do not need to be vigilant. Complacency is what will give a spotty 13-year-old access to all you do or don’t have. Up until now, your phone and credit cards have been separate and that has served you well, whether you realize it or not. I’ll explain why. Do you use Facebook on your phone? Yeah, most of us do. If anyone gets hold of your phone, they can boot up Facebook’s app and get your birthday. Do you pick up email on your phone? Again, we all do. Odds are you have emails from your family, which a thief now can extrapolate more details about you, including your email address, family’s names. Well, now your credit card details live inside a device that holds more information about you through the use of Google Wallet. A thief doesn’t need to take your wallet and your phone, just your phone will do if you are using Google Wallet.
Not to doubt Google, but do you remember when all kinds of apps were found collecting information they weren’t supposed to? Hmm, yeah. Nuff said. On another level, whereas the secure element appears to have great security on Google Wallet, what about the apps that have access to your information? I’m not suggesting these app makers would intentionally expose your data, but look at the Sony PSN network last month. All apps have weaknesses and it only takes one loose end to create a vulnerability that could be used by an outside third party to execute code with access granted to the secure element. Stranger things have happened at sea, or so we are told.
Aside from that, be honest – how many of you out there will use the very same pin number to access all three levels? The key-lock screen, pin number will be far easier to get than the others. If they are all the same, you have just handed over access to your precious data. How many of you won’t even use the lock screen pin as it’s not convenient? Yeah, we thought so.
So all in all, no – don’t just trust Google Wallet with your security, as with your current credit card. It is up to you to ensure you keep your phone and thus financial data safe. Google Wallet has some advantages over your current credit card for sure. It will also have some inherent vulnerabilities when it comes to security. In fairness to Google though, they have also announced the GCard which is a card you can transfer smaller amounts of money to which lessens your risk even more. I’ll close by putting your mind at rest and saying that over the course of the day most security experts have said they feel your data is safe, so give Google Wallet whirl with a GCard if you are unsure. Also feel free to head over to our post on biometric security to see what could be done to make Google Wallet more secure.
Although we don’t know why you are fretting about whether Google Wallet is secure, you have used that Bank of America app for months, get drunk on a Friday night and leave your phone in a cab you can’t remember climbing into, or out of!