Successful hacking attempts against smartphones running Google Wallet software have caused the software company to suspend access to customers' prepaid debit cards, according to news reports. In recent weeks, numerous software engineers and security researchers have called attention to vulnerabilities in the Android operating system that could leave Google Wallet accounts open to outside attack.
The "wave and pay" functionality developed in conjunction with MasterCard remains intact. However, researchers found that attacking a phone's software base could enable a criminal to reset the personal identification number on a lost or stolen Android smartphone. Advanced versions of the attack eliminate the need for a user to gain root access to the phone's core operating system. Thieves can use the method to access funds on stolen devices, but not to access payment information stored on Google's servers.
Google partnered with Citibank to make its mobile payment technology available to owners of compatible Android smartphones who did not already have qualifying, linked Citibank MasterCard credit cards. In a statement to reporters, Google officials urged customers with lost or stolen phones to call 855-492-5538 so their prepaid debit cards can be remotely disabled. The company also recommends that smartphone users activate screen locks whenever storing any kind of financial information on their mobile devices.
PayPal expanding NFC alternatives
As Google presses "pause" on its NFC payment experiment, another Silicon Valley giant gears up to take its virtual wallet into physical stores. 2,000 Home Depot stores will install new point-of-sale equipment this March that will enable PayPal users to authorize payments from their linked smartphones. Unlike Google's solution, PayPal's approach gives shoppers multiple ways to access funds from their accounts. Buyers can initiate a payment from a mobile phone application, or tap their phone number and PIN directly into a traditional payment keypad. PayPal keeps linked checking account and credit card details on file, eliminating the need for shoppers to carry that account information into a participating retailer.