Google is suspending the provision of prepaid credit cards to its mobile wallet app after a security flaw was exposed last week. Osama Bedier, Vice President of Google Wallet and Payments said in a post on Google’s commerce blog: “…to address an issue that could have allowed unauthorized use of an existing prepaid card balance if someone recovered a lost phone without a screen lock, tonight we temporarily disabled provisioning of prepaid cards.”

Over the last week two potential vulnerabilities of Google Wallet have been exposed. First, security firm Zvelo found that the PIN for Google Wallet wasn’t stored in the secure element of the phone and thus could be revealed by a brute force attack on phones that are rooted (the user has system-level access). The second security issue is even more serious as it seems to be a flaw in the wallet’s design: after clearing all data and reconfiguring the Google Wallet app a unauthorized user can get access to the previously stored prepaid card balance.

The security flaws have received widespread coverage around the world and will certainly not help to increase the general adoption of NFC-based payment methods. Google addresses both issues, pointing out that “Google Wallet offers advantages over the plastic cards and folded wallets in use today”. Until the issues are fixed, the company discourages its users of rooting their phone and disables provisioning of prepaid cards.