Slashdot Mirror


Google Wallet Stores Card Data In Plain Text

nut writes "The much-hyped payment application from Google on Android has been examined by viaForensics and appears to store some cardholder data in plaintext. Google wallet is the first real payment system to use NFC on Android. Version 2 of the PCI DSS (the current standard) mandates the encryption of transmitted cardholder data encourages strong encryption for its storage. viaForensics suggest that the data stored in plain text might be sufficient to allow social engineering to obtain a credit card number."

4 of 213 comments (clear)

  1. Wow by Anonymous Coward · · Score: -1, Flamebait

    I had no idea they were such stupid niggers!

  2. Re:Not tooo worried about this one by bonch · · Score: -1, Flamebait

    Geez, way to spin it.

  3. Re:NFC by peragrin · · Score: -1, Flamebait

    except NFC payments aren't faster than say swiping a credit card.

    on the phone the payment will need to be authorized so you have to enter a pin there, and then you will still have to sign the store copy as well. I have used pay pass, and it is seldom faster than actually swiping or using cash.

    Not to mention most phones aren't in your hands but in a pock or purse and just as hard to get out as a wallet.

    Finally I picked the iphone 4S because it was smaller, it fits into my pants pocket, and I don't need a purse to carry it. Unless your a sized 40+ waist your pants just aren't big enough for most android phones. hmmm no wonder why android is popular on slashdot.

    --
    i thought once I was found, but it was only a dream.
  4. Re:NFC by peragrin · · Score: -1, Flamebait

    I didn't say NFC was slower than cash but it isn't any faster than swiping a card through and in many cases is slower.

    I have to timed credit card transactions both ways with pay pass or by swiping it. The limiting factor is the authorization between the vendor and processor.

    On many NFC devices you will have to manually authorize the transaction anyways increasing the time. Ultimately wireless transactions like NFC will fail just like Iran stolen a drone. Wireless signals can be captured and duplicated if one has a reason to do so. 2cm RFID has successly be read at 30 feet.

    --
    i thought once I was found, but it was only a dream.