Google Wallet has suspended use of prepaid cards after two hacks that exploit them were identified. The episode is not just an embarrassment for Google Wallet, it is also a setback to industry efforts to establish mobile phones as a device for consumer payments. The specific hacks involved will doubtless be overcome. The larger and subtler challenge is building a technology that combines convenience and security.

Cyber Pickpockets

As reported by Lance Whitney at CNET, the two hacks forced Google to temporarily disable the use of prepaid cards to add funds to Google Wallet accounts. An alternate means of adding money by using Master Cards issued by Citi remains available.

The hacks, both revealed last week, allow the hacker to obtain a user's PIN, especially if a smartphone is stolen or lost. One hack, identified by researchers at Zvelo, a security firm, requires "rooting" the mobile device, a rather demanding and sophisticated operation. But the other hack, reported on the blog The Smartphone Champ merely requires resetting the Google Wallet app. After entering a new PIN, the prepaid card can be used to drain the user's account.

Google defended the safety of Google Wallet as a payment system. As compared to conventional payment cards, argued company vice president Osama Bedier, the smartphone payment system is protected by both a PIN and the phone's lock screen option.

Convenience Versus Security?

But the hacks, and the protective response of disabling prepaid cards, come at a difficult time for the mobile device payment technology. Consumers are not yet accustomed to the practice and must be assured that it is safe. Negative press does not help.

Although it is not mentioned in the CNET article, a similar challenge must exist on the other side: Convincing retail businesses to install the near-field communications (NFC) technology needed to enable payments by smartphones.

But the hacks also shed light on a broader IT issue that impacts midsize and other firms, whether or not they are involved in consumer retail payments. Every time information must pass outside the confines of the IT offices, it passes into the hands of users who are not versed in security best practices, and who value convenience more than often-cumbersome security precautions. (The latter of these is widely true within IT, as well.)

This challenge is hardly new. But mobile technology, in its various applications, is making cyber technology far more pervasive in daily life than in the desktop age. There are more chances for security breaches, and mobile devices put even more of a premium on convenience, which means that the conflict between security and convenience can only continue to grow.

This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet.