Do recent security holes in Google Wallet make you skeptical of NFC payments?

Taylor Martin
 from  Concord, NC
| February 15, 2012

The current drive for many wireless providers, cell phone makers and software providers is to make NFC a valid payment option in the States. Although there is a great divide between Google Wallet and the carriers who formed Isis, NFC has a long way to go before it is a viable option. Few retail locations are equipped with NFC-capable POS systems; many mobile devices are devoid of NFC chips; and there are still quite a few logistical hurdles to overcome.

More importantly, however, there is a much more ominous cloud growing and looming over NFC payments: security.

Last week, the Web blew up over the second Google Wallet vulnerability. The first security flaw we learned of required the target device to have root access while the one discovered last week affected all users – root or no root. Despite Google Wallet being protected by a user-defined PIN, anyone could pick up the device, navigate to the Apps page in Settings, locate Google Wallet and clear the application's cache. This would clear the PIN and allow the "hacker" to setup Google Wallet again, creating a new PIN and accessing the victim's prepaid cards. In essence, it was only a problem for people who would have lost their phone or had it stolen.

Nonetheless, it revealed a pretty daunting fact about how easily NFC payments can be cracked. As for Google Wallet, the user's PIN is the key to everything. Lose that to a simple "hack" that Google just happened to overlook and a simple "Sorry" from Google isn't going to fix matters. There is more than just confidence and user information beyond the gate; there is cold hard cash – cash that somebody worked hard for. And if there is one way to lose a user's confidence and support forever, it's by helping them lose money.

In short, as small of a workaround (or "hack") this vulnerability is, it's something that should never have happen and may leave the large majority of future and existing users skeptical of Google Wallet and NFC payments as a whole.

Just like they were when people started swiping plastic cards for goods instead of writing checks or exchanging cash, the general populace will naturally be wary of a new payment method. But there is something particularly alienating and scary about simply waving your phone and entering a PIN to pay for something.

And with a new payment method on the horizon, you better believe that hackers and thieves will be all over a new technology, looking for any little nook and cranny. Unlike a physical piece of plastic that contains vital information in a magnetic strip (also in raised numbers on the front of the card), NFC payments will be handled entirely by software – that can and will be targeted from any and all directions.

That's not to say that NFC technology itself isn't secure. With a range of only about 10 centimeters and various levels of security, NFC can be as secure as any other payment method. What all of this is hinging on, however, is how prepared and seriously providers of NFC payments make the software. If they lock it down like Fort Knox, there is little to worry about. But with easy exploits such as the most recent Google Wallet bug, no matter how big or small, people will and should remain wary of NFC.

In my area, there are still very few places that accept Google Wallet payments. Plus, none of the cards I use are accepted by Wallet and I don't care to fill a prepaid card regularly just so I can look awkward waving my phone to pay for a cup of coffee. That said, I'm generally an early adopter of everything. When NFC payments are more widely accepted and available to use, I will have no problem not having to carry a physical, leather wallet everywhere I go. That is, if Google can get their act together or Isis pays a little extra attention to security.

Tell me, readers. Have you used NFC or Google Wallet to pay for things before? How was it? Do recent security holes with Google Wallet make you skeptical of Google's service? NFC as a whole?