Google Wallet: Please Tell Me They’re Joking...

Saturday, September 08, 2012

Joel Harding

94ae16c30d35ee7345f3235dfb11113c

Oh goodness, gracious. I am not dreaming, I am not making this up, I am not kidding you. 

I BS thee not...

Recently I received a notification:

"Please visit your Google Wallet account settings page and update your information to ensure continued access to all the features of your Google Wallet account."

I clicked on the link, just to see what information Google has on me.  Thank goodness it only showed my Gmail address, I still had to log on with my password.

Then I went to ‘Google Wallet’ by typing it into the Google Search engine, I did not want to share any information with an online app with which I am not familiar.  I found that basically Google Wallet bundles all my credit card and debit card information online. 

Probably my home address, a telephone number, my PIN, my three-digit security code on the card, perhaps the routing number to my checking account and then it would, of course, have my account number.

"Carry them with you on your phone or on your computer"

Please, please, please.  Let me cogitate this information for a second.  Using that amazing logic test, the Duck Test: If it smells like a duck, walks like a duck and quacks like a duck, then it probably is a duck.

I’m here to tell you almost no computer in the world is safe from a determined hacker. I’m here to tell you most of us will lose our phone. I’m here to tell you that most of us don’t properly secure our computer, our smart phone, or even our wallets.  So how in the heck does storing your credit and debit card information “in the cloud” help you secure your already vulnerable information? 

Oh, there’s a function that allows you to close down your account if your phone is lost or stolen?  If you can’t even secure your phone with a password, what are the chances you’re going to remember how to shut down your account when you lose your phone?

With all the security breaches we’ve seen from every corner of the internet, what are the chances that Google Wallet will be secure – on your phone?

Like any good security professional, I’m going to wait a little while before I trust my precious hard-earned money to a brand new application.  Maybe I’ll trust it on version 2 or, perhaps, version 3, but I have this sinking feeling it will take a long time for me to trust this one.  Prove me wrong, Google, please?

Cross-posted from To Inform is to Influence

Possibly Related Articles:
10957
Webappsec->General
Banking
Passwords Cloud Security Mobile Devices Managed Services ecommerce Mobile Payments online safety Google Wallet
Post Rating I Like this!
94ae16c30d35ee7345f3235dfb11113c
Joel Harding One thing I need to add to this blog piece, which I now realize I "assumed" when I wrote this: I have never opened up a Google Wallet account. All the information stored in my Google Wallet account was information Google had borrowed from other sources... I looked at most of what they had and I didn't feel it was too invasive.
1347284462
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.