Google Checkout API
by Hari K. Gottipati
Google Inc. revealed the launch of Google Checkout, a checkout process that makes online shopping faster, more convenient and more secure for Google users. It offers an easy and trusted checkout option that enables shoppers to purchase from participating stores with a single Google login. Bypassing their traditional beta releases(years in beta stage) this time Google came up with fully functional and tested version because consumers would be unwilling to trust their bank accounts and credit cards to a beta version. It will serve as a centralized authorization service for customer purchases, promising the transaction security with industry-standard SSL technology.
I checked out "Google-checkout".
The overall process seems to be very easy but exactly that makes this solution very vulnerable. During checkout there was no security question to make sure that I'm indeed the owner of the Google account or the associated Credit Cards in that account. Of course I used my username and password but because there are so many Google sites, using the same username and password, it is very easy to loose your login information on a hijacking page as you might not check the url for Ad-Words or Gmail every time you log on as those services never had the possibility to shop with your Credit Card.
Now because you have one account and login information for all it is quite possible that hackers will try to get your login information from any Google service out there! Even worth is the fact that the hacker can change the password without any problem. The owner of the account might not even get any information about the password change as the e-mail is sent to the according and hijacked Gmail account.
Because of this HUGE security risk I would not recommend using Google checkout!
Please checkout the http://www.thebilliondollarpatent.com as s-registration solution that Google should have implemented in their service to make it solid and secure. This solution is requiring a third credential called TAN to make sure that ONLY the owner of that account is able to shop online even in case the account is hijacked.
I hope that everybody is aware of the security issue with Google checkout and will inform Google of a better solution!
Thanks and be safe;-)))!!