How Secure Is Your Google Wallet?
"The largest security risk from apps using NFC [does] not stem from the core NFC technology but instead the apps that use the technology," wrote Andrew Hoog, chief investigative officer for viaForensic. "In this case, the amount of unencrypted data store by Google Wallet surpasses what we believe most consumers find acceptable."
Android has others layers of security in place, including a required PIN, but the perception of insecurity could be almost as damaging as an actual shortcoming. Android's open ecosystem has already been subject to a number of malware attacks, and consumers will be much less forgiving if a future attack compromises their credit card information. If they have any reason to believe a new app isn't entirely safe, they'll likely never use it. (See LR Mobile's 2011 Wireless Turkeys.)
From that perspective, Verizon Wireless opting to exclude Google Wallet from the Nexus S makes a good deal more sense. If there's a security breach, the carrier would undoubtedly bare the brunt of the blame. (See Verizon Blocking Google Wallet? Poor Decision and Isis Taps Gemalto to Secure Tap-to-Pay .)
Especially with an open ecosystem, Google is wise not to dismiss any security concerns -- even if it doesn't agree they are an issue. It is up to the company to ensure apps that use its Wallet are entirely secure. And, it's up to both Google and any wireless operator that lets an NFC app use its secure element to convince consumers the apps are actually up to snuff.
Bottom line is, consumers must be confident that what's in their mobile wallet stays there and can't be found out over the air.
— Sarah Reedy, Senior Reporter, Light Reading Mobile