Google Wallet Stores Card Data In Plain Text

nut writes "The much-hyped payment application from Google on Android has been examined by viaForensics and appears to store some cardholder data in plaintext. Google wallet is the first real payment system to use NFC on Android. Version 2 of the PCI DSS (the current standard) mandates the encryption of transmitted cardholder data encourages strong encryption for its storage. viaForensics suggest that the data stored in plain text might be sufficient to allow social engineering to obtain a credit card number."

NFC

[anchovy_chekov]

No Fucking Clue?

Bitcoin is more secure than ACH

[Todamont]

Bitcoin uses encrypted wallets which are not linked to your name or address. It is the strongest computer in the world and it supports p2p DNS through namecoin. It is much more secure than online banking with ACH, and much harder to usurp than centralized BIND servers. Plus they won't print 1,000,000,000,000 of them this year.

Social Engineering

[asdbffg]

Caller: Hi, I'm calling from... er... Google... and it says here in this text file that you have a credit card number on file with us. Is that right?

Victim: Yes, that's right.

Caller: Cool. Would you mind giving me that account number so I can verify your identity?

Victim: Let me get my card...

It's not plain data!

[martin-boundary]

It's not plain data!

It's rot32 encrypted.

*twice*.

'Cause it's the only way to be sure...

Re:Bitcoin is more secure than ACH

[Anonymous Coward]

Bitcoin uses encrypted wallets which are not linked to your name or address. It is the strongest computer in the world and it supports p2p DNS through namecoin. It is much more secure than online banking with ACH, and much harder to usurp than centralized BIND servers. Plus they won't print 1,000,000,000,000 of them this year.

Thank you for paying with BitCoin now just have a seat over there while we wait for your 6 confirms then we will cook your burger...

Re:It's not plain data!

[Frankie70]

It's not plain data!

It's rot32 encrypted.

rot32 was broken 6 months back. I have moved to rot128 since then. It is 4 times stronger - sure it takes a little more power, but I can sleep well at night now.

Re:No kidding.

[JWSmythe]

Wouldn't you be kind of suspicious if your phone gets snatched and suddenly someone calls you up

    That'd be a really cool trick.

Re:No kidding.

[JWSmythe]

It all depends on your definition of social engineering. I find the best results come with a $5 wrench and a few minutes in an alley. People become very cooperative to anything you ask for.