On the surface, a digital wallet, with all your financial data stored on your smartphone, sounds dangerous, but experts say it might be safer than your real wallet.
Near field communication contactless payment technology has the potential to be more secure than traditional plastic credit cards. This kind of information is good news for Google, as the tech giant begins to roll out its near field communication (NFC)-based cell phone payment platform.
Because you have the ability to analyze what is running on the device and where potential fraud is coming from, rather than just having a credit card floating around in the world, there's an opportunity to increase the security of payments, Lookout Mobile Security chief technology officer and co-founder Kevin Mahaffey said.
There's 16-numbers and a 3-4 digit code that controls your access to money with credit cards, that's kind of crazy. With digital wallets, there's strong cryptograph and a lot of innovation to detect fraud on these devices.
Google touted the security of its new service in the introductory press conference last week in New York City. The company said like a debit card, Google Wallet requires a pin number to be entered before it is used. Furthermore, the financial data related to Google Wallet is stored on a separate chip within the phone called the NXP PN65, also known as The Secure Element.
The separate chip cannot be tampered with, since it will self destruct if removed, and it's only in use when the pin number is unlocked. If a user loses their cell phone, Google says it would still be secure because they would have to crack the pin.
If a user enters the PIN incorrectly too many times, the Secure Element is disabled and cannot be used for payment until it has been reset by a combination of the issuing bank, the Trusted Service Manager, and the user. Resetting the PIN requires the user to reprovision their credit cards to the Wallet, thereby forcing a would-be thief to provision all the card credentials from scratch, said Osama Bedier, vice president of payments at Google.
Google went as far as to say the security element goes beyond what's possible with traditional wallets and cards. Combined with the convenience of having all of your financial data stored on a single device and being able to pay for things with a tap of your phone, Google is betting heavily on digital non-contactless payments.
I hope one day to bring my entire wallet into a phone, Bedier said to the audience.
However, even though it has secure elements, many researchers like Tim Armstrong, a malware researcher at Kaspersky Labs, aren't fully convinced Google Wallet is safe.
No one has seen Google Wallet implemented and we don't expect to see it for months. A cohesive overview of it is not possible. For all of NFC, there hasn't been a lot of use. It's as safe as RFID technology and that's widely implemented. But there are also plenty of researchers out there who have defeated RFID and gotten direct access to a device or an antenna with flickers. Nothing is 100 percent secure, but it's as safe as anything that's out there, Armstrong said.
Despite the uncertainty regarding its safety, Armstrong is convinced the technology is here to stay.
It's unavoidable at this point. It's going to happen with Google, Citibank and a few others behind it. It's not a matter of if, but when, Armstrong said.