Forgot your password?
typodupeerror
Android Google Security Social Networks Technology

Google Wallet Stores Card Data In Plain Text 213

Posted by samzenpus
from the read-it-and-weep dept.
nut writes "The much-hyped payment application from Google on Android has been examined by viaForensics and appears to store some cardholder data in plaintext. Google wallet is the first real payment system to use NFC on Android. Version 2 of the PCI DSS (the current standard) mandates the encryption of transmitted cardholder data encourages strong encryption for its storage. viaForensics suggest that the data stored in plain text might be sufficient to allow social engineering to obtain a credit card number."
This discussion has been archived. No new comments can be posted.

Google Wallet Stores Card Data In Plain Text

Comments Filter:
  • by L4t3r4lu5 (1216702) on Friday December 16, 2011 @08:31AM (#38396096)
    I don't answer the questions. I say "I'll save us both some time. If this is a sales call, I'm not interested, and you should remove my details from your marketing list. If there is an issue with my accounts, I'll call the number on my bank statement, because frankly I don't trust cold callers. Which is it?"

    They seem quite accommodating. They've done their job by contacting me, and I avoid all social engineering attacks.
  • by History's Coming To (1059484) on Friday December 16, 2011 @09:14AM (#38396362) Journal
    My bank stores my password in plain text. It's clearly not even hashed as they only need (eg) the third and fifth characters to give me access. I queried this with them and the person couldn't understand what I meant, and I wasn't allowed to talk to anyone who might understand for "security reasons". Interesting policy.

Slowly and surely the unix crept up on the Nintendo user ...

Working...