Google Wallet boss: No more prepaid cards until we’ve dealt with hack

“To address an issue that could have allowed unauthorized use of an existing prepaid card balance if someone recovered a lost phone without a screen lock, tonight we temporarily disabled provisioning of prepaid cards,” says Google Wallet VP Osama Bedier.

Google's Osama Bedier
BEDIER: "Tonight we temporarily disabled provisioning of prepaid cards"

Google has responded to the latest hack on its Google Wallet service by suspending the provisioning of Google Prepaid Card to the mobile wallet app. Writing on the Google Commerce blog, Osama Bedier, VP of Google Wallet and payments, explains:

Over the last few days we’ve received questions and concerns about issues related to the security of Google Wallet. People are asking if Google Wallet is safe enough for mobile phone payments. The simple answer to this question is yes. In fact, Google Wallet offers advantages over the plastic cards and folded wallets in use today.

First, Google Wallet is protected by a PIN — as well as the phone’s lock screen, if a user sets that option. But sometimes users choose to disable important security mechanisms in order to gain system-level “root” access to their phone; we strongly discourage doing so if you plan to use Google Wallet because the product is not supported on rooted phones. That’s why in most cases, rooting your phone will cause your Google Wallet data to be automatically wiped from the device.

Second, we also take concrete actions to help protect our users. For example, to address an issue that could have allowed unauthorized use of an existing prepaid card balance if someone recovered a lost phone without a screen lock, tonight we temporarily disabled provisioning of prepaid cards. We took this step as a precaution until we issue a permanent fix soon.

And just like with any other credit card, you can get support when you need it. We provide toll-free assistance in case you lose your phone or someone manages to make an unauthorized transaction.

Mobile payments are going to become more common in the coming years, and we will learn much more as we continue to develop Google Wallet. In the meantime, you can be confident that the digital wallet you carry provides defenses that plastic and leather simply don’t.

It’s not clear from the post, however, whether this move will eliminate risk for existing Google Wallet users. The term “provisioning” used by Bedier would usually apply only when a trusted service manager (TSM), a role performed by First Data in the case of Google Wallet, adds a new card to a wallet, and personalizes it with the individual cardholders’ details where applicable.

The latest exploit allows access to the existing card balance by simply wiping Google Wallet’s data and then re-enabling the app and re-adding the card. There are two ways this might be done:

  • The prepaid card already stored in the secure element is being re-used, or ‘woken up’. In this case, provisioning would not take place and Google’s temporary solution would not work for existing users.
  • The card and its balance are being re-provisioned over-the-air to the secure element. In this instance, Google’s solution would work for all users.

NFC World has asked both Google and First Data to clarify the situation and we’ll update this article as soon as we receive a response.

UPDATE: The fix will work for existing users of Google Wallet who lose or pass on their phone, too, Google spokesperson Nate Tyler has told NFC World. “The ‘hack’ as you describe it works like this: I clear the data on my Wallet. I give you my phone. You set up Wallet for yourself and provision your own prepaid card. You find that my prepaid card balance is there available for you to spend,” says Tyler. “By stopping provisioning of pre-paid cards we stop this workaround.”

NFC World’s take:

The move could have serious implications for the NFC industry as a whole. The Google Wallet hack has received widespread, but frequently inaccurate, coverage from technology media around the world and many have leaped to the conclusion that the hack means that NFC isn’t safe — potentially damaging the adoption of NFC as a whole rather than Google Wallet in particular.

As we explained in yesterday’s article however:

All the vulnerabilities reported so far are specifically related to the way in which Google Wallet is implemented. None involve the NFC aspect of the product or have compromised in any way the security of the core NFC secure element chip which is used to store users’ personal data.

The Google Wallet story, with its repeated exploits, is beginning to look like a tale of “let’s ship and we’ll fix it later” — an attitude which generally works well in Silicon Valley. It’s not, though, a route to success for financial products.

Google’s involvement in NFC has done much to push forward adoption of the technology and we’re hoping that the search and advertising giant can get its NFC offering quickly back on the rails. But it’s also a warning that, where money is involved, things can go badly and very publicly wrong.

Google’s secrecy regarding how Google Wallet works is also an issue — and one that NFC World has been trying to address since the first hack, which allowed a $10 free credit to be received by users of unsupported phones anywhere in the world, appeared in October last year. Unlike the NFC services being introduced by mobile network operators, which are based on internationally recognized and publicly available standards, information on how Google Wallet works is heavily restricted.

Indeed, an interview with Google was cut off short when we began to ask too many technical questions about exactly how the app functions. We were left with the distinct impression that Google felt we were exaggerating the importance of the hack — despite the fact that it effectively enabled the printing of free money — and that the company had not grasped how fundamentally important it is for electronic money products to not only be secure but also be demonstrably secure and perceived as secure by regulators and the general public.

NFC World also specifically raised issues relating to this latest hack in October. We asked Google:

  • If the original owner of a legitimate Sprint Nexus S 4G passes the phone on to a family member, how does ownership of the Google Wallet and Prepaid Card get passed over to the new user? ie do the app and prepaid card (and any other secure services) get wiped and a new wallet downloaded with a new prepaid card and new $10 credit? Or would the original user erase their personal secure services and then hand over the phone with the original wallet (and prepaid card?) still in place?
  • If someone downloads Google Wallet and the Google Prepaid Card onto a modded Nexus S using the XDA program and then spends the $10, can they then use the program a second time to re-install Google Wallet and a new Google Prepaid Card? Or is there a mechanism in place that means the Google Prepaid Card and the $10 credit can only ever be provisioned to the secure element once?

We did not, however, receive a response to our questions.

What do readers think of this situation? Will the hack, and Google’s response, cause a loss of confidence in NFC as a whole? How can the message that NFC itself is still as secure as ever be communicated to the mass market? And who is in a position to take on the role of advocate for NFC as a whole? Let us know by email or in the comment section below…

Next: Visit the NFCW Expo to find new suppliers and solutions