Google's decision last week to put its Google Wallet e-wallet system into the cloud is not sitting comfortably with security experts.
Though the service's move from physical handsets to the cloud has expanded its credit card compatibility beyond Mastercard - to the inclusion of Visa, American Express and Discover - Google's judgement in the decision is being called into question in light of a continuing trend of high profile security breaches.
Further reading
Analysis: Whose e-wallet is right on the money? Play.com plans to ‘compete directly’ in e-wallet sector with Sony-powered chip tech Google faces record fine over Safari privacy breach Google 'one of the most evil companies in the industry' claims Virgin Atlantic IT Director
"That's the great security conundrum, right? You can put up a brick wall and be really secure, but ultimately nothing would get done," David Mahdi, senior manager of product marketing at security and encryption firm Entrust, told Computing.
"Or you could take the wall down and it's complete chaos, but you can do what you want. So Google was definitely saying "Let's open it up so we can be more compatible, we can play with more people"."
"But there has to be a balance," warned Mahdi. "I'd expect Google to put in fairly rigorous security measures, but these haven't always worked so far with companies like RSA and Storm being breached. It happens to almost everybody, RSA being one of the top security companies in the world."
There has "been a target on Google's back" in particular for some time, said Mahdi, the addition of critical financial information such as transactions, bank details, vouchers and tickets "raising the stakes considerably" in terms of Google Wallet's attractiveness to hackers.
Google's only stated offering so far in terms of extra security for its cloud e-wallet is a remote locking facility for lost handsets.
Mahdi also cast doubts upon the exact nature of Google's ambitions in taking customers' personal financial and transaction information to its own servers.
"Google know what your behaviour is, and that's the thing many people are saying Google really wants with mobile payment," said Mahdi.
"They're not taking a percentage of the transaction, like the credit card company and the banks. What they [may be] doing instead is looking at the data, and using it for themselves."
Mahdi added that, while he has "total, total respect" for Google, he views the rising trend for customers to willingly surrender their personal details online as "a very slippery slope."
For [Google], it's got to be like the wild west," said Mahdi, "and they're storing all this information that's free to them, but turning that into something valuable with their advertising. Because at the end of the day, they're an advertising company."
"Maybe they'll only see transaction data, but if you think about it, if they had that in their cloud, why wouldn't they use it? Based on what they've done in the past, why not?"
