Simply Security - News, Views, and Opinions from Trend Micro

Posted on August 10th, 2012 in Cloud Security by Simply Security | Be the first to comment | Tags: Cloud Security

Google is looking to bolster mobile payment security by remotely storing credit card data.

Google began the month by announcing two notable improvements that could fuel further interest in its mobile payment application, Google Wallet. The latest iteration of Google Wallet will be a cloud-based version with expanded support for all major credit and debit cards from Visa, Discover, MasterCard and American Express.

The multifaceted strategy is intended to address the primary concerns holding back Wallet adoption: security and functionality. In February, vulnerabilities were discovered in the app's PIN code system that would allow hackers to access personal information and payment history to leverage in social engineering attacks. What's more, researchers from zvelo discovered that a device did not even need to be "rooted" to open the door to such dangers.

Although Google was able to resolve these issues in time, both banks and consumers have been understandably slow to embrace the mobile platform in the interim. To alleviate anxieties and bolster data security, the company has now decided to take payment card information off the individual device and store it in the cloud instead.

"The Google Wallet app now stores your payment cards on highly secure Google servers, instead of in the secure storage area on your phone," head of product management Robin Dua posted on the company blog.

By hosting the data externally, developers are hoping to eliminate the dangers associated with lost or stolen devices. When a customer's smartphone or tablet goes missing, he or she can now access an online portal to remotely disable the mobile wallet. After this request goes through, Google will no longer authorize any payments attempted from the device.

"If the Google Wallet online service can establish a connection to your device, it will remotely reset your mobile wallet, clearing it of card and transaction data," Dua added. "There is no way you can do that with your leather wallet."

With updated data protection features and Visa, Discover and MasterCard now on board, customers could start flocking to the free mobile app in greater numbers. But interestingly enough, American Express seems to be hedging its bets on Google Wallet.

In an interview with TechCrunch, American Express social media vice president Bradley Minor insisted that, while cardholders are free to upload their information and execute in-store purchases, the company never officially signed off on any agreement with Google.

As InformationWeek's Dino Londis noted, the credit card company could be looking for some plausible deniability if cloud security issues emerge down the line to once again call the reliability of Wallet into question. However, if the execution is flawless, the credit card company could claim it was on board all along.

Data Security News from SimplySecurity.com by Trend Micro