Google said it has temporarily disabled the provisioning of its prepaid Google Wallet cards used in some NFC-ready phones.
The move follows last week’s discovery of a vulnerability in Google Wallet described Feb. 8 by security researchers at Zvelo.com.
A second vulnerability for accessing Google Wallet pre-paid card funds was outlined by The Smartphone Champ day a later.
Osama Bedier, vice president of Google Wallet and Payments, posted a blog entry late Saturday saying the step was taken as a “precaution until we issue a permanent fix soon.”
The move was intended to address “unauthorized use of an existing prepaid card balance if someone recovered a lost phone without a screen lock,” the Google blog said.
With Google Wallet, users must load funds from another credit card, which is then the source of the funds for contactless payments made with an NFC (Near-Field Communications)-ready phone. The Google Wallet was launched last September in what was effectively a public beta on the Nexus S 4G smartphone from Sprint with credit-card payments processed by MasterCard. At that time, Google gave users of Google Wallet $10 to load onto what it called the Google Prepaid Card to use in making purchases.
Google did not respond to a query as to whether funds on a Google Wallet Prepaid Card had been lost by any users through the PIN vulnerability. Users of Google Wallet can still use a Citi-issued MasterCard credit card with Google Wallet, according to various reports.
Bedier explained that Google Wallet is protected by its own PIN, as well as the phone’s lock screen, but only if the user sets the lock screen. “But sometimes users choose to disable important security mechanisms in order to gain system-level room access to their phone; we strongly discourage doing so if you plan to use Google Wallet because the product is not supported on rooted phones.”
He said rooting a phone in most cases will cause Google Wallet data to be automatically wiped from the device.
NFC hasn’t grown nearly as fast in the U.S. as in South Korea, Japan and China, partly because surveys indicate Americans are not convinced the technology is secure enough.
Another factor affecting the growth of contactless payments is the shortage of phones supporting NFC. Most analysts expect the next iPhone, perhaps called iPhone 5, will include an NFC chip tied to iTunes or an AppStore account. Apple’s entry into NFC is expected to boost contactless payments.
“People are asking if Google Wallet is safe enough for mobile phone payments,” Bedier said. “The simple answer to this question is yes. In fact, Google Wallet offers advantages over the plastic cards and folded wallets in use today.”
Google included a link in its blog to toll-free phone assistance in case a user loses a phone or someone makes an unauthorized transaction.