Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Wallet Stores Card Data In Plain Text

Posted by samzenpus on from the read-it-and-weep dept.

nut writes "The much-hyped payment application from Google on Android has been examined by viaForensics and appears to store some cardholder data in plaintext. Google wallet is the first real payment system to use NFC on Android. Version 2 of the PCI DSS (the current standard) mandates the encryption of transmitted cardholder data encourages strong encryption for its storage. viaForensics suggest that the data stored in plain text might be sufficient to allow social engineering to obtain a credit card number."

8 of 213 comments (clear)

  1. NFC by anchovy_chekov · · Score: 5, Funny

    No Fucking Clue?

  2. Bitcoin is more secure than ACH by Todamont · · Score: 3, Funny

    Bitcoin uses encrypted wallets which are not linked to your name or address. It is the strongest computer in the world and it supports p2p DNS through namecoin. It is much more secure than online banking with ACH, and much harder to usurp than centralized BIND servers. Plus they won't print 1,000,000,000,000 of them this year.

    --
    Kharma is like a boomerang. Mine is broken.
    1. Re:Bitcoin is more secure than ACH by Anonymous Coward · · Score: 1, Funny

      Bitcoin uses encrypted wallets which are not linked to your name or address. It is the strongest computer in the world and it supports p2p DNS through namecoin. It is much more secure than online banking with ACH, and much harder to usurp than centralized BIND servers. Plus they won't print 1,000,000,000,000 of them this year.

      Thank you for paying with BitCoin now just have a seat over there while we wait for your 6 confirms then we will cook your burger...

  3. Social Engineering by asdbffg · · Score: 5, Funny

    Caller: Hi, I'm calling from... er... Google... and it says here in this text file that you have a credit card number on file with us. Is that right?

    Victim: Yes, that's right.

    Caller: Cool. Would you mind giving me that account number so I can verify your identity?

    Victim: Let me get my card...

  4. It's not plain data! by martin-boundary · · Score: 1, Funny
    It's not plain data!

    It's rot32 encrypted.

    *twice*.

    'Cause it's the only way to be sure...

    1. Re:It's not plain data! by Frankie70 · · Score: 1, Funny

      It's not plain data!

      It's rot32 encrypted.

      rot32 was broken 6 months back. I have moved to rot128 since then. It is 4 times stronger - sure it takes a little more power, but I can sleep well at night now.

  5. Re:No kidding. by JWSmythe · · Score: 5, Funny

    Wouldn't you be kind of suspicious if your phone gets snatched and suddenly someone calls you up

        That'd be a really cool trick.

    --
    Serious? Seriousness is well above my pay grade.
  6. Re:No kidding. by JWSmythe · · Score: 4, Funny

    It all depends on your definition of social engineering. I find the best results come with a $5 wrench and a few minutes in an alley. People become very cooperative to anything you ask for.

    --
    Serious? Seriousness is well above my pay grade.