Google Pay

[Donut417]

I see my bank and credit card provider both support Google Pay. So how secure is it? Only reason I ask, I have had my debit card info stolen twice. Lucky TCF was able to recover the money, but we have issues with card skimmers in the Metro Detroit area. As a result you always have risks of getting data stolen, even with the chip. I wont use any 3rd party ATM's because of this issue. So is Google Pay more secure than just using the card? Is Android secure enough to keep the credit card creds safe? 

[Darkseth]

https://support.google.com/pay/merchants/answer/6345242?hl=en

 

Quote

Security benefits 

Google Pay’s tokenization process offers notable security benefits to both merchants and customers:

• Device lock screens, remote device wiping, and tokenized card numbers: Customers enjoy protections from loss or theft of devices containing token information.
• Easy integrations: TSPs and Google Pay do the heavy lifting when it comes to tokenization, making the integration with Google Pay simple for merchants.
• Reduced merchant risk: The tokenization process means less sensitive customer information for merchants to have to store, reducing your exposure and worries about data breaches.   

Quote

1. A Google Pay user adds a credit or debit card to their Google Pay app. Google Pay requests a token to represent the card they’re trying to add from the bank that issued that card. Once the token is issued, this card is now “tokenized,” meaning it has a unique identification number associated with it. Google Pay encrypts the newly tokenized card and it is ready to be used for payments. 
    
2. To make a purchase, a customer taps their mobile device on a point-of-sale terminal or chooses to pay in your mobile app. Google Pay responds with the customer's tokenized card and a cryptogram which acts as a one-time-use password. The card network validates the cryptogram and matches the token with the customer’s actual card number. 
3. Your acquiring bank and your customer's card issuing bank use existing customer information and decrypted customer billing information to complete the transaction. 

 

[Donut417]

2 minutes ago, Darkseth said:

https://support.google.com/pay/merchants/answer/6345242?hl=en

 

 

So what your saying is the card data is turned in to a token that represents the card. The cards info is not actually stored on the phone. I just want to make sure if my phone where to become comprised by a virus or something the data is not easy to get. 

[Oshino Shinobu]

6 minutes ago, Donut417 said:

So what your saying is the card data is turned in to a token that represents the card. The cards info is not actually stored on the phone. I just want to make sure if my phone where to become comprised by a virus or something the data is not easy to get. 

The data is encrypted and the actual account details the phoned provides when processing transactions is basically bogus. It's not actually your card's information, so even if they can get hold of the information, nothing can be done with it. 

 

My understanding is that the phone takes the card details once, then creates a virtual account and details for the card, then basically gets rid of the full card details. When you put a payment through on Google Pay, the card number (well, the last 4 digits that are displayed) are different to the actual card's number. 

 

AFAIK, the data isn't hard to get, it's impossible to get for cards that have already been added.