Firm questions Google wallet data security

Firm questions Google wallet data security

Google's new wallet could be of great use someday, but security firm viaForensics said the Google Wallet has failed due to a large amount of unencrypted data on the consumer's device. If true, IT security should be shored up to avoid a big fraud incident on this app.

"While Google Wallet does a decent job securing your full credit cards numbers (it is not insecurely stored and a PIN is needed to access the cards to authorize payments), the amount of data that Google Wallet stores unencrypted on the device is significant (pretty much everything except the first 12 digits of your credit card)," the firm said on its website. "Many consumers would not find it acceptable if people knew their credit card balance or limits."

The firm said even when the wallet is reset, data can still be recovered, as well as the name of the cardholder, the expiration date and the last four digits of the card. User's email addresses are also recoverable, but the full credit card number is not stored, the firm said.

Toms Guide said the Google Wallet is a new service that allows customers to use their Android mobile device to perform "contact-less" payments to eCommerce companies and retail shops. The device currently only supports one credit card, as well as gift and loyalty cards, but the data security may need to be tightened.