back to article Farewell, Android Pay. We hardly tapped you

“Android Pay” is no more, as Google attempts to unify its disparate transaction options under one brand. The redesigned, rebranded Google Pay app – which supersedes Android Pay – is already in the Google Play Store. Google has folded some of the functionality from its wallet app (creatively named, er, Google Wallet) into its …

  1. Anonymous Coward
    Anonymous Coward

    Another solution looking for a problem. And given the security on smart-phones I don't think I'll even give it a go as a gimmick.

    1. Anonymous Coward
      Anonymous Coward

      It's not surprising that Samsung Pay hasn't gained traction, given how appalling they are at updating their phones.

    2. low_resolution_foxxes

      lol

      Given that chip and pin has been essentially hacked by at least 2 separate live methods in the field ( https://www.wired.com/2015/10/x-ray-scans-expose-an-ingenious-chip-and-pin-card-hack/ ) I find it amusing when I read that a banks method is more secure than a technology companies.

      In the longterm, people tend to like technology companies and hate banks. Large technology companies should be able to design features that allow basic banking features (direct debit, transfer, etc.) with integrated secure/biomarker security. We'll see how this plays out

      1. F0rdPrefect

        low_resolution_foxxes

        From the article youl ink to

        "The ENS and CEA forensic researchers note that the vulnerabilities used by the French fraud they analyzed have since been fixed"

        And only the one method is mentioned in the article.

        As for "large technology companies" do you trust them more than the banks?

        1. JohnFen

          "As for "large technology companies" do you trust them more than the banks?"

          Personally, I trust them far less than I trust banks. This is for two reasons -- first, large technology companies frequently demonstrate that they aren't very trustworthy, and second -- there is a large body of law and several government agencies that exist to make sure that banks don't get too far out of line and, if they do, will mitigate the damage to people. Technology companies have none of that.

      2. PaymentGuy

        As it says, that's a long-known theoretical vulnerability, and one that

        a) is not possible on certain cards where the result of PIN entry is cryptographically signed

        b) is not applicable to contactless at all, since the card is not asked to verify the PIN

    3. Dr Mantis Toboggan
      FAIL

      Not a gimmick and vastly more secure than that debit/credit card in your wallet.

      Google Pay (Android Pay) uses a generated 1 time card number that is matched to your real card details by the payment processing company (Visa/Mastercard) and then discarded.

      If I lose my phone, I can remote wipe it, Can I do this same thing when I discover my credit/debit card missing? Your plastic card is however ripe for skimming.

      It's therefore no surprise that banks limit card tap and pay transactions to £30, but don't impose that limit for GooglePlay tap and pay transactions (as long as you have some form of password/pin/fingerprint lock screen)... Go figure...

      Good luck Luddite. I wish you all the best,. Don't forget the tinfoil hat.

      1. Cuddles

        "vastly more secure than that debit/credit card in your wallet"

        To an extent. More accurately, payments using phone NFC are vastly more secure than cards during the transaction, mainly due to the use of one-time tokens preventing any possibility of cloning or really copying anything relevant at all. However, it's really quite difficult to hack or install malware on a credit card, so in some ways they're still significantly more secure. Overall, phones probably win; I'm not aware of any malware that actually does steal money by faking phone payment transactions (although it would be foolish to assume such a thing will never happen), while card fraud is all too common.

        "If I lose my phone, I can remote wipe it, Can I do this same thing when I discover my credit/debit card missing?"

        Yes, very easily. Significantly more easily than with many phones - most people probably haven't even set up such a facility on Android (I think it's there by default with Apple). Once you've notified your bank that your card is missing any liability for fraudulent use falls on them, so they're very good at dealing with such reports.

        1. PaymentGuy

          "More accurately, payments using phone NFC are vastly more secure than cards during the transaction, mainly due to the use of one-time tokens preventing any possibility of cloning or really copying anything relevant at all."

          Exactly the same mechanism is used in a card. The difference is that the card number from a plastic card can generally also be used outside the phone (internet, MOTO) whereas that from a phone cannot. But the number itself is the same from transaction to transaction - it's the cryptogram, not the card number, that is tied to an individual transaction.

          "Once you've notified your bank that your card is missing any liability for fraudulent use falls on them, so they're very good at dealing with such reports."

          And the same with the phone, if you tell your bank it's missing.

      2. enormous c word
        Mushroom

        Contactless is the banks solution to fraud and reimbursement to victims of fraud. But not in the way you may think. The banks limit contactless to £30 to encourage you to use your card instead of cash for many-many small payments - each of which they shave off a micro-fee - the number of transactions are far too many for the typical user to be able to identify when they get their statement - so any fraud goes unnoticed or is of too little value to bother pursuing. The bank still gets their micro-fee regardless of whether its legit or fraudulent transaction.

        1. PaymentGuy

          Nonsense! The £30 limit is there because there's no cardholder verification (PIN) below that point; this is why it can go higher than £30 on mobile. It is perfectly possible (and is the case in many places around the world) to do low-value contact transactions without PIN or other verification.

          And if it's a fraudulent transaction, the interchange the issuer gets is by far outweighed by the fees involved in processing chargebacks and refunds.

        2. The Specialist

          >the number of transactions are far too many for the typical user to be able to identify when they get their statement.

          I do not know your definition of "typical user" but I get notifications whenever there is a charge to my card - be it via web, contactless (card / phone) or via entering the pin. I use my card for almost everything.

      3. PaymentGuy

        "Google Pay (Android Pay) uses a generated 1 time card number that is matched to your real card details by the payment processing company (Visa/Mastercard) and then discarded."

        This is incorrect.

  2. Anonymous Coward
    Anonymous Coward

    I used Android Pay when it came out for a bit as a novelty. But it doesn't support my MBNA Amex card - which earns freq flyer miles 3x faster than it's Visa cousin (which does work with Android pay).

    Most shops accept Amex these days, so funnily enough Android Pay doesn't get anywhere near as much use as it would do if it supported my Amex card...

    And as for Samsung Pay, why the hell would I want to use magnetic payment? No thanks... Even most shops in the US now accept either contactless or chip...

    1. wyatt

      Amex is a pain for small businesses. My wife stopped accepting it as they were a month slower to pay than Visa. They also charged more to process payments.

      1. Anonymous Coward
        Anonymous Coward

        "Amex is a pain for small businesses. "

        boo-fucking-hoo

    2. Chloe Cresswell Silver badge

      Weirdly, the cards I have on my android/google pay account are my Amex and MBNA mastercard. Barclays isn't supported, so that's my debit cards out of the window..

    3. Anonymous Coward
      Anonymous Coward

      “I used Android Pay when it came out for a bit as a novelty. But it doesn't support my MBNA Amex card - which earns freq flyer miles 3x faster than it's Visa cousin (which does work with Android pay).”

      Be aware that your MBNA Amex card may not be long for this world. For a change, it is actually something we can honestly blame Europe for (as opposed to the tissue of Brexitard lies).

      “Barclays isn't supported, so that's my debit cards out of the window..”

      Barclays have their own Android payment app. Bloody minded bastards.

      1. Tim99 Silver badge
        Trollface

        Barclays have their own Android payment app. Bloody minded bastards. My Barclays VISA debit card is loaded into my iPhone wallet (ducks). No, that is not an endorsement of them - Generally they are bloody minded bastards.

        1. PaymentGuy

          Yes - it's just that Apple are bloodier-minded and there's currently (if ever) no other way for Barclays to get their cards on Apple devices.

      2. davidp231

        "Barclays have their own Android payment app. Bloody minded bastards."

        And if it detects something like 'su' then it will deem your phone is rooted (even if it isn't - for example the Android layer on Jolla devices). Renaming it persuades it to run fine.

    4. Anonymous Coward
      Anonymous Coward

      Most shops accept Amex these days,

      No they don't.

      1. Lindsay T

        Re: Most shops accept Amex these days,

        Even found a filling station recently in Lockerbie that refused American Express although that is pretty rare. There's a other half way up the A9 though.

    5. Anonymous Coward
      Anonymous Coward

      "Most shops accept Amex these days,"

      "Most large shops accept Amex these days,"

      Processing fees are extortionate for most smaller businesses tat can't afford to take the hit.

    6. Lee Taylor

      The lack of MBNA Amex is an ommision. Poundland and now Aldi take no accept Amex so no excuse to miss out miles even on the smallest transaction.

      1. Jason Hindle

        "The lack of MBNA Amex is an ommision. Poundland and now Aldi take no accept Amex so no excuse to miss out miles even on the smallest transaction."

        Poundland too? That is good news. My Visa card has been seeing a lot less action since Aldi started taking Amex (normal Amex issued charge card, so works perfectly with Android/Google/Whatever Pay).

    7. PaymentGuy

      Rather, it's MBNA who don't support Android Pay. Amex's supports their own cards in Apple, Android, and Samsung - as well as their own Android app (and probably others). You can actually have the same Amex card three times on a Samsung device if you load it in all three apps.

    8. Oh Homer
      Windows

      Re: "Most shops accept Amex these days"

      Not around here. Most places I've encountered shun Amex, due to its extortionate charges. In fact I've seen far more places that take both Apple and Android Pay than Amex.

    9. admiraljkb

      "And as for Samsung Pay, why the hell would I want to use magnetic payment? No thanks... Even most shops in the US now accept either contactless or chip..."

      In the US - Home Depot, Lowes, and most gas stations are still swipe unfortunately along with many others. Lots of shops with chip readers still not enabled even when they have them. In this current interim period - Samsung Pay is a nice way to secure the card from a skimmer since what's transmitted to the magstripe reader isn't usable a second time..

      1. JohnFen

        "Lots of shops with chip readers still not enabled even when they have them."

        And when they do have them enabled, they tend to be very, very slow. Much slower than paying with cash or using the old swipe system.

    10. Anonymous Coward
      Anonymous Coward

      "And as for Samsung Pay, why the hell would I want to use magnetic payment? No thanks... Even most shops in the US now accept either contactless or chip..."

      Quite - it's quite a clever technology, but ultimately useless in the UK, which has so far refused to allow it (as we've moved away from swiping cards - or at least require a signature to go with it)

  3. Pen-y-gors

    What could possibly...?

    I think I prefer to stick to handling my own money, thanks.

    Physical debit card for debits

    Separate credit card with very limited spending limit for online transactions (but prefer Paypal)

    Paypal only from one computer, requires password every time, and uses 2FA

    No other credit cards

    Bank transfers online - one computer only

    Cheques (rarely)

    Cash

    And I'm sure some toerag will still manage to relieve me of my dosh one day - but I'm not going to make it easier for them with Google Pay!

    1. Lee D Silver badge

      Re: What could possibly...?

      Keep your debit card in an RFID blocking wallet or sleeve.

      I like to demo to people the "Credit Card Reader" app which can pull off their card number and expiry date by just tapping an NFC phone against their card (or, in theory, from across the room) without them even knowing.

      Sure, it's not every detail and not the same as performing a proper doink transcation, but it's enough. But put it in a sleeve / wallet with foil insert and you can't read the card at all.

      The other app I like is "Passport Image Decoder". Worrying that such access is available passively without your knowledge, even if the most vital data is encrypted

      1. Test Man

        Re: What could possibly...?

        So... the same detail as what's already embossed on the card then? Similar story with cheques - it's really a non-issue for 99% of user cases.

        1. PaymentGuy

          Re: What could possibly...?

          Less detail, in fact, since the only place the CVV appears is on the back of the card (unless you're Amex of course)

      2. Anonymous Coward
        Anonymous Coward

        Re: What could possibly...?

        The other app I like is "Passport Image Decoder". Worrying that such access is available passively without your knowledge,

        Yes, I keep a paper bag over my head at all times to ensure people can't skim my likeness as they pass.

        1. Wayland

          Re: What could possibly...?

          "Yes, I keep a paper bag over my head at all times to ensure people can't skim my likeness as they pass."

          Which is the problem with biometrics. If your face is your password it's hard to change your password. As for fingerprints, you leave copies of your password on everything you touch.

      3. Mookster

        Re: What could possibly...?

        Mmmm you have to scan the MRZ to read a passport. The, for the UK one, you can read everything (there's no fingerprints). For others, with fingerprints, you need your own keys to get access.

      4. paulf
        Go

        Re: What could possibly...?

        @Lee D, "Keep your debit card in an RFID blocking wallet or sleeve."

        Or just ask your card issuer for a non-contactless card. I'm not a tin foil hat type, but I wanted non-contactless versions of my credit and debit cards. I asked my card issuers and they happily sent out non-contactless replacements for the pay by bonk cards they normally send.

        1. bondyboy

          Re: What could possibly...?

          Depends on the provider, Nationwide told me they didn't have a non contactless version, a snip of the card in the right place breaks the circuit though

          This was after 2 of my cards had been compromised, I usually carry 4 cards in my wallet, 2 contactless and 2 not - the 2 contactless ones were the ones compromised

        2. PaymentGuy

          Re: What could possibly...?

          They're only obliged to do this for debit cards.

        3. JimboSmith Silver badge

          Re: What could possibly...?

          Yes that's what I did too and they were happy to do so. No tinfoil hat here but practicality using an Oyster Travelcard trumped contactless. This morning I watched someone try to pay with contactless on their phone but it wasn't working. They didn't have any other means of payment and that caused problems for them and everyone else waiting to pay. It wouldn't have been so bad but for the refusal to accept their phone wasn't working to pay.

      5. PaymentGuy

        Re: What could possibly...?

        It's enough for what, exactly? What do you think you can *actually* do with those details?

      6. Rolly_Poly

        Re: What could possibly...?

        @Lee D

        https://www.csoonline.com/article/3199009/security/why-you-dont-need-an-rfid-blocking-wallet.html

    2. Blotto Silver badge
      Facepalm

      Re: What could possibly...?

      @ Pen-y-gors

      do you wear your tinfoil hat when doing your transactions from the 1 pc too?

      don't you think your going a little to far with the precautions especially when millions of others are happily doing online transactions without your precautions and aren'y getting done over?

      my debit card got skimmed from a London cashpoint one night, its not stopped me using cashpoints, contactless cards, apple pay and online transactions has stopped me using cashpoints though!!!

      1. sisk

        Re: What could possibly...?

        don't you think your going a little to far with the precautions especially when millions of others are happily doing online transactions without your precautions and aren'y getting done over?

        Given the number of people who are victims of identity theft or have their payment details stolen I'd say Pen-y-gors has a pretty reasonable level of paranoia there. I'm pretty close to the same level myself. I've got one debit card which only has money on it for a few hours after I get paid (and that only because my paycheck gets direct deposited onto it) and just before I buy anything online. And I'm seriously considering getting a different one for online transactions. I use cash for everything I can use cash for and any extra money is sitting in a savings account where I have to walk into a bank and show ID to access it.

        1. Orv Silver badge

          Re: What could possibly...?

          To me identity theft and payment details are very different things.

          Identity theft is serious because they can create new accounts I don't know about, and that's hard to resolve. Account numbers, likewise, I try to guard a bit (because you can do a bank draft with them.)

          But credit card numbers? I long ago stopped freaking out about those. If my number gets stolen I flag the transaction, the bank refunds it, and they send me a new card with a different number. It's a minor hassle. The threat model doesn't usually involve anything PC-related, either; around here it's mostly skimmers on card-enabled gas pumps.

          1. sisk

            Re: What could possibly...?

            But credit card numbers? I long ago stopped freaking out about those. If my number gets stolen I flag the transaction, the bank refunds it, and they send me a new card with a different number. It's a minor hassle.

            It's a much bigger problem for folks who live paycheck to paycheck. I know a guy who's absolutely horrible at managing his money and is generally broke a few days after his payday despite having a decent paying job. Someone got his debit card details and cleaned out his account. As you said, not a big deal because the bank refunded it, but in the meantime he went 2 weeks without money to buy fuel and food. He lost more than a few pounds those couple weeks.

            Also, the last time my credit card details were stolen it was through the Target hack. I always check for skimmers on the gas pumps - in case you haven't figured it out already, I'm a bit on the paranoid side - and I've turned a couple of them over to the police. To my knowledge I've never fallen victim to one, though they've gotten good enough lately that they're net easy to spot even if you know what to look for.

            1. PaymentGuy

              Re: What could possibly...?

              So the sooner we can ditch mag stripe, the better.

            2. Orv Silver badge

              Re: What could possibly...?

              I always check for skimmers on the gas pumps - in case you haven't figured it out already, I'm a bit on the paranoid side - and I've turned a couple of them over to the police.

              In the places I've lived the most common place for a skimmer was *inside* the pump, wired to the pump's own mag stripe reader. Thieves would either get the help of an insider at the station, or have duplicate keys to open the access doors.

            3. JohnFen

              Re: What could possibly...?

              "He lost more than a few pounds those couple weeks."

              What? The guy doesn't have friends who can lend him a few bucks or give him a care package of food to help him out during that time??

          2. Wayland

            Re: What could possibly...?

            Orv, the problem with the bank refund is that it's the sellers money the bank is taking. The crook still got the goods. Crime pays.

            1. Orv Silver badge

              Re: What could possibly...?

              Orv, the problem with the bank refund is that it's the sellers money the bank is taking. The crook still got the goods. Crime pays.

              Their fault for accepting a stolen card number. This is as it should be. There need to be incentives for both banks and merchants to exercise basic care, instead of pushing all the consequences onto the consumer.

      2. JimboSmith Silver badge

        Re: What could possibly...?

        Speaking as someone who has been sent numerous phishing emails for various banks (but weirdly never my own) the other person isn't paranoid. I don't use online banking because:

        I know therefore that anything that asks me to log into my account is bogus.

        I don't need it because I'm lucky enough to have private banking. If I'm transferring money and make a mistake it's my fault. If they do the same it's their fault and they're liable.

        I've never had a problem with Amazon or Ebay via PayPal but that doesn't mean I'm not cautious when shopping online. I try not to do anything on my phone that requires my financial details because I don't 100% trust that the thing hasn't been compromised. The reason I don't have contactless cards is because they interfere with my Oyster card. I have an annual travelcard loaded on the Oyster. It's bloody annoying having to get the card out of the wallet to use the bus/tube/train. I did have a contactless one for about a fortnight but I was forever getting stuck at the barrier. The bank happily changed the card to a non contactless one.

      3. Wayland

        Re: What could possibly...?

        Actually people are getting done over but the card companies refund by stealing from the seller.

    3. LucreLout

      Re: What could possibly...?

      And I'm sure some toerag will still manage to relieve me of my dosh

      Yes, but he would prefer that instead of calling him a toerag you simply referred to him as the tax man.

    4. Mookster
      Facepalm

      Re: What could possibly...?

      you know that you can get virtual credit cards that are only valid for one transaction...

    5. Fruit and Nutcase Silver badge
      Alert

      Re: What could possibly...?

      Don't expect the Bank of England's chief cashier to (pay by) bonk.

      "She does not use contactless payment cards for personal spending – not least because she is yet to trust the technology completely."

      https://www.theguardian.com/money/2018/feb/21/i-dont-use-contactless-the-woman-whose-name-is-on-british-banknotes

      1. Anonymous Coward
        Anonymous Coward

        Re: What could possibly...?

        Yep and AndroidPay isn't a card. It fixes the problem of tap and pay cards, in that they don't have unique single use card numbers that AndroidPay and ApplePay have.

        1. PaymentGuy

          Re: What could possibly...?

          Strictly speaking, neither do Android/Apple Pay. The same number is used for every transaction, but they're only used for Android/Apple Pay transactions; i.e. can't be used for online or MOTO.

    6. Anonymous Coward
      Anonymous Coward

      Re: What could possibly...?

      Good luck with cheques, money and credit/debit cards. All vastly less secure than Google Pay.

    7. Rob Fisher

      Re: What could possibly...?

      Out of interest, why are paranoid people using debit cards instead of credit cards? You're losing protection granted by section 75 of the Consumer Credit Act to get your money back if your stuff doesn't turn up.

      1. JohnFen

        Re: What could possibly...?

        When I'm shopping in a physical store, I use cash most of the time. If I'm forced to use a card, it's going to be a debit card -- specifically because the retailer pays less for me to use a debit card as compared to a credit card, and I see no reason to give the CC companies one penny more than absolutely necessary.

    8. Wayland

      Re: What could possibly...?

      Accepting PayPal payments is risky. If a scammer pays you then PayPal will pull the money back long after the deal is done. Maybe a week, maybe a month, maybe many months.

      1. Captain Obvious
        Thumb Down

        Re: What could possibly...?

        Happening to me right now. They have SIX months to reverse charges with paypal :(

    9. PaymentGuy

      Re: What could possibly...?

      So you're fine with a physical card, where the same card number is used everywhere (in person, online, over the phone, mail order, on the mag stripe) but not with the tokenised payments used in mobile, where that card number can be used only in person, on that device, and only after you've unlocked it for use?

      OK then.

    10. admiraljkb

      Re: What could possibly...?

      "Physical debit card for debits"

      Umm, if you are security minded, ditch the debit cards. Don't use anything directly tied to your bank account. Credit cards are an excellent security buffer zone between crims and your money.

      1. JohnFen

        Re: What could possibly...?

        "if you are security minded, ditch the debit cards"

        That depends on the debit card. Many debit cards allow you to generate one-time-use cards to make purchases with, so you never give out your primary account number.

  4. JimmyPage Silver badge
    Flame

    Seems to be the way things have to be ... in the name of "progress"

    a zillion different systems, none of which can work with the other, and all of which add up to gouge you.

    VHS/Betamax/Philips was bad enough.

    1. PaymentGuy

      Re: Seems to be the way things have to be ... in the name of "progress"

      Not even sure what you mean here. Apple and Android Pay don't work with each other in the same way that any iOS app and Android app don't work with each other. The important thing is that they all work on the same contactless terminals, along with cards, in the same way that any video medium would work on the same TV given a standard common interface (which is what EMV contactless has).

  5. AndyMulhearn

    A convenience

    I use Android pay in preference to contactless card payments now - I've pretty much stopped using cash.

    Android pay works fine and has the added benefit that if your phone is unlocked you can make a contactless payment of up to £100, while the card/phone locked payment is limited to £30. I find that higher limit somewhat more useful. I would to know of some way to remote nuke the phone though, just in case it gets nicked. Hmm, actually since I access company email on it, the remote nuke policy is in place which is about the only benefit doing that brings.

    It's not surprising that Samsung Pay hasn't gained traction, given how appalling they are at updating their phones.

    Now that Touchwiz has less of the "aarrgghh my eyes are bleeding" look about it, for me It's less about updates and more about me too apps. Duplicated mail, browser and all sorts of other stuff including another payment app? But that's another story.

    Samsung pay currently supports my bank and one of my cards but as far as I can see, there's no additional value add so no reason to use it over Google's version...

    1. Microchip

      Limit - or lack thereof

      I paid about £280-odd the other week on my car servicing. Don't think there's a contactless limit nowadays on the Android payments, though you may be limited by the bank or merchant. Phone has to be unlocked for the purpose of payment though, obviously.

    2. Test Man

      Re: A convenience

      There is no limit in Android (well Google) Pay as it supports CDCVM. Banks don't restrict on their accounts either. It's the retailer's equipment that needs to support it. However you do need to unlock the phone.

    3. LochNessMonster

      Re: A convenience

      "I would to know of some way to remote nuke the phone though, just in case it gets nicked."

      Provided that you have signed into a Google account on the phone, go to google.co.uk, sign-in and go to My Account/Sign-In & Security/Find My Phone. One available option is to remotely erase any device using the account.

      1. PaymentGuy

        Re: A convenience

        Or if you call the card issuer, they can block & remove the card.

    4. PaymentGuy

      Re: A convenience

      Android Pay itself (or Apple, Samsung, etc.) has no maximum. If you got a £100 maximum then you're either using Barclays's app, or you came across a retailer who has their own upper limit for contactless or your issuer has put a limit on there.

      Samsung Pay's only benefit, for me, is that it is present on Gear - unlike, for obvious reasons, Android Pay ;-)

  6. BigAndos

    I used Android Pay for a while but gave up as it often lagged when trying to swipe into the tube. I'm more interested in being able to store my umpteen loyalty cards in one place so maybe i should give that a look!

    1. Test Man

      Been fine for me, but maybe it takes a fraction of a second longer than Oyster card. Far more convenient though, because I only need to get the phone out and turn screen on.

  7. sisk

    Maybe I'm just paranoid, but I still don't trust Google Pay. Or any other pay by tap system for that matter. I realize the transactions are encrypted, but I don't think you could make encryption strong enough for me to be comfortable with the idea of my payment details being transmitted via NFC.

    1. Thomas Wolf

      I don't know how secure Google Wallet/Android Pay/Google Pay are, but ApplePay is a heck of a lot more secure than that credit card that you probably have no problem using. For one, your credit card number & such never leave your phone during a transaction - so no need to worry that the store taking your payment stores your CC info and subsequently gets hacked (here in US there have been several such cases in recent past: Target & Home Depot, two huge nationwide retailers).

      Heck, your CC info doesn't even leave a specially designed area on the chip of an iPhone. ApplePay has been around for 3+ years and nobody's been able to break into the phone or do anything with a pilfered transaction. AFAIK, the only time the ApplePay system has ever been compromised is during the registration process: because some banks didn't verify a registration with the owner of a card, criminals were able to register stolen cards with ApplePay and make purchases with it. But that wasn't a problem with ApplePay per se, but with the banks not yet being vigilant enough during registration.

      1. Anonymous Coward
        Anonymous Coward

        Android Pay has all of this too, including this so called apple "specially designed area on the chip". That same feature has been part of standard ARM designs for years.(trustzone), in combination with a secondary hardware trust store, usually NXP PN65 or similar.

        Its the usual apple trick to fool idiots, take something that already exists and give it an apple name. Retina Display horsecrap all over again...

        1. PaymentGuy

          Apple use a Secure Element - a dedicated chip equivalent to the security of a bank card. Android Pay may, at best, use a TEE - an area of the main CPU nowhere near as secure as the SE. But secure enough, with the design of the solution, for this use.

      2. PaymentGuy

        "For one, your credit card number & such never leave your phone during a transaction"

        That's incorrect. The card number *must* leave the phone, otherwise the retailer has no way to charge your account. But it's a device-specific number, not the 'real' card number (which isn't on your phone at all).

      3. JohnFen

        "For one, your credit card number & such never leave your phone during a transaction - so no need to worry that the store taking your payment stores your CC info"

        People seem to be focusing on the security at the moment of the actual transaction here, but that's a misleading view. The concern should be the security of the entire system overall, not just at the point of sale.

        You may need to worry less about skimmers grabbing your details at the store, but in exchange you need to worry more about hackers grabbing the details from your phone, and about the security and trustworthiness of the extra entities (Apple, Google, the payment processor used, etc.) that you're bringing into the transaction.

        In that sense, bonk-to-pay appears to expand the attack surface rather than reduce it.

    2. Anonymous Coward
      Anonymous Coward

      Its not only encrypted, but one time use number. Android payments are far more secure that any other form of tap and pay, far more secure that mag stripe, far more secure than reading out your details over the phone and the CVV, far more secure that cheques and cash.

      Basically if you don't use android pay, but use any of the above, you are far more susceptible to fraud and theft... that's not opinion, its fact.

      1. PaymentGuy

        The card number is neither encrypted, nor one-time use. It is, however, device-specific (tokenised) and tied to *Pay transactions. There is, however, a one-time use transaction-specific cryptogram for any chip transaction (contact or contactless).

    3. PaymentGuy

      Transactions themselves aren't encrypted (between card and reader). But that's not really the point, because each transaction contains a unique cryptogram which can only be generated by the real card for that one transaction. The real benefit of mobile is that the card number cannot, unlike plastic cards, be used for online/MOTO transactions - or put on a mag stripe card to get cash out of an ATM.

  8. Hairy Spod

    Free Greggs

    I like it. I tried it for the first time a few weeks ago and every go gives you a chance to win a prize.

    I won a £5 greggs voucher on my first attempt which I used to futher increase my waistline.

    Its actually less convenient to use and takes longer than opening my wallet to use my contactless card (work phone and forced to unlock via 8 digit code every time finger print fails) but the chance of another freebie keeps my feeble mind motivated enough to use it

    1. Test Man

      Re: Free Greggs

      You don't need to unlock it (for purchases that are under the same limit as for cards) - turning the screen on is good enough.

      1. Hairy Spod

        Re: Free Greggs

        well I live and learn. Thank you.

        1. Anonymous Coward
          Anonymous Coward

          Re: Free Greggs

          Also you fingerprint read failure is your phone hardware and nothing to do with Google pay..

          My pixel 2 fingerprint is really quick and really accurate, never ever has a read failure

  9. tiggity Silver badge

    Cash

    Is king (or queen if you prefer).

    Works for me, almost untraceable (bank may have serial numbers of notes they give me, but once I spend some of that cash in a shop / venue then any notes / coins I get in change are essentially not traced)

    So my random shop purchases are not logged against a card / wallet, so my spending on shoes, booze, auberginess, petrol or whatever remains private

    1. JimboSmith Silver badge

      Re: Cash

      Can't pay my cleaner with anything other than cash. Two days ago I had someone come to the door claiming that they were homeless and selling goods. He told me that he had no money at all and to be able to use a shelter for that night he needed cash. He might have been a bit more believable if he hadn't:

      a) had a colleague doing the other side of the street with similar goods in his holdall.

      b) said that if I didn't have any cash he'd take a cheque.

      Quite how he was going cash that cheque before going to the shelter I don't know given it was six o'clock when he rang my door bell. For the record I do donate to homeless charities and not individuals, after reading up on the subject and some advice.

    2. PaymentGuy

      Re: Cash

      Neither are they for card payments, except possibly by the retailer. But then, unless you tell them, they've no idea who you are in the first place.

      1. JohnFen

        Re: Cash

        "Neither are they for card payments, except possibly by the retailer."

        Serious question: how is that possible? At some point, the token that the pay app transmits to the retailer must be correlated with your bank account. Someone must have the record associating one with the other, therefor the payment is traceable.

  10. Anonymous Coward
    Anonymous Coward

    I remember Android Pay...

    and getting pissed off at the number of adverts of it on YT and apps that have ads embedded. Eventually I went to the adverts YT page and rejoiced at the number of downvotes and comments from people who said they were never going to use it because of seeing the stupid advert again and again everywhere. Fun times.

  11. Zippy's Sausage Factory
    Windows

    I like cash, personally. Even Sweden, which was going to be the first "cashless" country, just started wondering whether it's a good idea.

    Cash isn't traceable.

    Cash doesn't occur a 35 cent fee if I try a buy a 60 cent cup of coffee.

    I can still pay by cash when my phone is out of juice.

    Cash doesn't get erased if I stand too near some big magnets.

    I don't have to remember a pin for every transaction.

    There will always be another tenner - if I lose my debit card I'm screwed for about a week.

    Nobody can steal the contents of my wallet with a sniffer.

    I can't drop a tenner on the floor and break its screen...

    I could go on, but I'm getting bored. I know, you're all going to say I'm "resistant to change" but cash... it's just actually quite convenient thanks. (And yes, quite a few of the above have happened to me...)

    1. Mookster

      Don't kid yourself, banks charge when you deposit cash.

    2. Anonymous Coward
      Anonymous Coward

      Where does coffee cost 60 cents?

      1. Zippy's Sausage Factory

        Where does coffee cost 60 cents?

        Portugal.

    3. Anonymous Coward
      Anonymous Coward

      Cash isn't traceable

      Oh yes it is, but not trivially so. Every note has a unique serial number...

      Whenever a money forging operation gets going, the authorities have some pretty clever tricks to start homing in on where the duds are coming from.

      1. JohnFen

        That's a different kind of traceability. In terms of purchases, unless someone made a record of the serial numbers on the bills when they were given to you, and also makes a record of the serial numbers of the bills when you spend them, then it's not possible to trace that bill's use in a single given transaction.

    4. OldSoCalCoder

      Ya, but it looks really cool to walk up to the Starbucks teller and tap your iWatch. Until it doesn't work, which happen in front of me at a Starbucks a few months back. Note to all you cutting edge/young ultra uber cool people - it really looks good when it works. Until it doesn't, and then you look like a fool. And you're in my way.

      I had the Starbucks Pay app years ago and it kept falling asleep while I was in line. Screw that.

      If I can walk by your phone sitting on a table and tap it with my hidden Square tap-to-pay credit card reader and it doesn't wake up or send any kind of 'are you sure?' message please, please let me know where you hang out.

    5. LucreLout

      The main benefit of keeping cash as a thing within the economy is that it prevents the imposition by government/quango of negative interest rates. The ability to impose such would allow them to tax the principal sum in a bank rather than only the interest.

      Whatever your thoughts on wealth distribution, even a cursory glance as cold war inflation in Russia or present day Zimbabwe should illuminate why having people rush out to convert any income into none currency assets leads to a self reinforcing hyper inflationary death spiral.

      I like pay wave etc and I'm comforatble with tap n pay from a mobile, but I wouldn't want to lose cash, because you never know what the next government will do, and they may not be as benign as the last.

  12. Warm Braw

    Phone support?

    The last time I looked only a very small number of Android phones (certainly at the cheaper end fo the market) supported NFC to the extent required for payments because adding the extra "secure element" adds to the BoM without, apparently, making the phones more attractive.

    1. Anonymous Coward
      Anonymous Coward

      Re: Phone support?

      Then you may need to flip your calendar over a few years and check again. Even Android phones at the £150 end of the market have NFC suitable for payments.

      1. Warm Braw

        Re: Phone support?

        The G5 doesn't, for one, and that's pretty much the definition of the mid-market Android phone. And there are phones that have NFC (for pairing) but aren't capable of payments and you have to dig deep into the careless use of words on specsheets to know what you might be getting in something labelled "NFC capable". Google isn't going to have a ubiquitous payment system unless the technology is equally ubiquitous and unambiguous.

    2. PaymentGuy

      Re: Phone support?

      Android Pay does not use a Secure Element.

  13. mark l 2 Silver badge

    If buying from a local shop or small business I always try to pay in cash, as it maybe more convenient to the customer to use contactless but the business owner has to pay merchant fees to Mastercard, Visa and Amex for the privilege of taking card payments. Which if you have just popped in and bought a can of pop and some crisps can be a big chunk of any profit the shop would make on the sale. Especially now they are legally no longer allowed to charge extra for card payments.

    1. Orv Silver badge

      I have the circular problem of always only having $20s, because I rarely pay cash for things, and I feel like it's rude to make the cashier make change for a $20 when I'm buying something small...

    2. Anonymous Coward
      Anonymous Coward

      Conversely, every time I buy something from McDonalds (hey, their coffee is actually pretty reasonable) I make sure I pay by card.

    3. hollymcr

      Free cash?

      On the other hand, handling cash isn't without a cost either. Your insurance will be affected by how mush cash you have on the premises, and you need to pay someone (staff, Securicor, whatever) to take it to the bank. At which point any fake coins will get removed from your total. The reason that supermarkets started offering "free cashback" was because it was a convenient way to get cash off their premises and reduce their costs.

      Yes, credit and debit cards come at a cost to merchants, but they do also bring monetary benefits. Fees, even for small shops, aren't that high these days (unless you just walk into your local bank branch and take whatever they offer you).

    4. drdr6

      And therein lies the crime: If you don't have a credit history because you don't earn enough to be interesting to the card companies, or if you've fallen foul of the criminal interest rates they change when you can't work because you're sick, or for any other reason you want or have to pay by cash, you are now subsidising people getting their "card benefits" (cashback, free balance transfer and the like), and the costs of allowing people to use these new "convenient" payment methods as retailers pass on the cost of each merchant transaction and the capital costs of the new card readers, the extra phone lines and so on to you the buyer in the ticket price.

      If credit cards / contactless / Apple/Android/Google pay had nothing to hide in terms of cost, why did the government feel it necessary to pass a law stoppping people passing those costs on?

      1. Orv Silver badge

        A few states have laws banning credit card surcharges, but in most places it was the merchant agreement, not the law, that forbid surcharges. In 2012 Visa lost a major court case and lost the ability to enforce that clause.

        In my experience it's very common for gas stations to surcharge credit card users, although they describe it as a cash discount. (The discounted price is usually the one they display on the sign, however.)

  14. IGnatius T Foobar
    Meh

    We want PayPal

    All we really want is for PayPal to be accepted at every single payment point. Two-factor authentication through our smartphones will be nice, but we certainly don't want the phone to be the payment token.

    1. PaymentGuy

      Re: We want PayPal

      And how do you propose identifying your PayPal account? Log into the merchant's terminal for every transaction? Or perhaps use some sort of payment token - such as a phone - to identify the account?

  15. IGnatius T Foobar
    Big Brother

    Big Google Knows What You Bought

    And I'm sure the Google Overlords would *love* to customize your advertising to what you actually bought, rather than what you merely looked at on the web.

    1. Mr Flibble

      Re: Big Google Knows What You Bought

      Maybe, but mostly they're not going to know what; just where, when and how much it cost. (Where they would definitely know? Google Play, mainly.) And I expect that the same restrictions which apply to banks or card issuers (as appropriate) will apply…

  16. TheGreatCabbage

    Android Pay is great. I'm looking forward to not having to type my card details into websites, if it gets working in Chrome... Hopefully it will bring added security like PayPal does.

  17. Orv Silver badge

    I tried Android Pay three or four years ago. It worked but it really confused cashiers, and it was awkward and embarrassing to hold up the line while I explained, so I went back to just using my cards.

    1. Anonymous Coward
      Anonymous Coward

      Four years, wow. Things may have changed?

      I can walk in to my local off-licence which is about the same size as a small living room. Five people and it's full. Yet they'll still take phone payments like it's absolutely normal.

      Yeah, I tried Google Wallet when it first came out 7 years ago. I'm in the UK but I fudged my Google account with a US address to get the app - they loaded $10 on it as a beta tester and I used it in McDonalds, one of the few places taking contactless. Yes, they were confused. Actually had to call the manager out as they thought I'd hacked their reader with my phone - but he was happy the till said it was paid, and I showed him the "receipt" on the phone (a Nexus S). Sadly there was no reloading mechanism outside the US so I bought two meals and it expired.

      Most places now take contactless - and actually the clever ones prefer it. I was about to stick my card in a reader in a cafe and the guy noticed the logo and asked me to tap it instead. I asked him why - apparently they get charged 40p for a Chip and Pin transaction, but only 7p for a contactless one. No idea why, but he saved 33p by looking out for the logo.

      1. Orv Silver badge

        Huh. I've rarely used contactless payments, because the contactless receivers always seem to be broken or not supported by the merchant's software. Also, when AmEx issued me a card with a chip a couple years ago, they removed the contactless feature. Since it was a transparent card I could see pretty clearly that this was a physical interference issue, i.e. the contact chip went in the same place that the contactless one used to. From that I got the impression it was a dying technology, but maybe that's only true in the US.

  18. Anonymous Coward
    Anonymous Coward

    I'm all in. All my cards work on both Android and Samsung Pay. Samsung pay is a bit more of a pain in the ass to use but then thats the securty trade off isnt it. Android pay is really rather straight forward and does the job nicely. Not sure how bulletproof tokenisation is as a security tool, but either way, its a nice feature and another reason why i basically need my phone grafted on as a limb.

    I'm worse than the kids ffs.

  19. JohnFen

    I still don't understand

    I still don't understand what the value proposition of these things actually is. In exchange for decreasing my security and further exposing my buying habits to yet more entities, what do I get out of the deal? Just not having to pull a card out of my wallet? That seems like a rather small benefit compared to the increase in risk and exposure.

    1. Thomas Wolf

      Re: I still don't understand

      ...because with *some* of the payment platforms, security is actually increased and no fewer buying habits are exposed relative to CC purchases (where stores can easily tie your CC # to your purchases). The fact that your CC # isn't part of the transaction helps you not having to file disputes when that CC# makes into criminal's hands (because the store where you used it got hacked).

      1. JohnFen

        Re: I still don't understand

        I understand that -- I'm not saying there's zero benefit. I'm just not seeing how the benefit outweighs the drawbacks. Security is a broad topic -- the sort you're talking about is one thing, but there are other aspects that we have to trade off for that. For example, to get that, it appears that we need to expose ourselves to new entities such as Google.

        This is a classic cost/benefit calculation, of course, and people's personal calculations may differ. I'm just saying that personally, this doesn't even begin to pencil out in a positive way for me. Unless, of course, I misunderstand and Google (or Apple, or whoever) really can't see what I'm buying and from where, using what card. If the only party to the transaction is the processor who would be handling the card anyway, then I can see the benefit -- but I'm not so sure that's the case.

        1. PaymentGuy

          Re: I still don't understand

          When paying at a physical terminal (i.e. contactless) the only entities that know *what* you've bought are the retailer and yourself - and whoever the retailer or yourself decide to tell.

          Even your bank doesn't know what you bought - only where you bought it from (including the type of retailer it is) and how much it cost.

          There is nothing of interest in the transaction data from the terminal to the card (or mobile) other than the amount and date of the transaction. So it's not possible for the card/mobile to know *what* you bought or who you bought it from.

          Now - a mobile may infer the retailer based on your location, but it's unlikely. The *Pays will receive information from the card network (not the mobile) in order to provide you with notifications, which is where the retailer name & location in the wallet's transaction history comes from. So they will be building up a picture of where you shop - but not what you buy.

          On the web/app, it's another matter. Retailers may directly integrate with *Pays and therefore more data may be directly available from the retailer.

          1. JohnFen

            Re: I still don't understand

            "So they will be building up a picture of where you shop - but not what you buy."

            Thanks for the correction. This doesn't actually make the scheme any more attractive to me -- it's still leaking more information than I want to parties that, in my opinion, shouldn't have any information about my transactions.

  20. Anonymous Coward
    Anonymous Coward

    Google pay is secure

    I am a very satisfied user of the old Google wallet, android pay/Google wallet and now Google pay. I have been using nfc transactions for more than 5 years without any side effects. Your card number is never used. There is a pseudo number used in place of the real card number. It works amazingly well. I have used the wallet app to securely send money to friends and family very often and they get payment at the speed of light and can convert to cash with little trouble. All of this when Apple pay was not even thought of yet. I have used for credit, debit and loyalty cards. My bank was an early pioneer in nfc transactions. I can assure you that it is secure,encrypted, and password protected.

    1. Anonymous Coward
      Anonymous Coward

      Re: can assure you that it is secure,encrypted, and password protected.

      I do not wish to cause offense, but what value to me is an assurance by someone utterly anonymous? I can't tell whether your advice is authoritative if I don't know who you are (and hence what your background is). You provide no links to back up your assertions. I can't even check any other posts you might have made on these forums to see whether or not you seem sensible on other topics. Lastly, your post seems perhaps a little too enthusiastic, which makes some corroboration all the more important when judging its usefulness.

      Not that you are the only masked enthusiast in these threads, mind.

      1. JohnFen

        Re: can assure you that it is secure,encrypted, and password protected.

        "what value to me is an assurance by someone utterly anonymous?"

        Hopefully, the exact same value as it would have if they were fully identified. A statement shouldn't be accepted because of who stated it, it should be accepted because it's supported by evidence and makes logical sense.

  21. JeffyPoooh
    Pint

    Simpler solution for Phone Bonk to Pay

    Slip your bonk-debit card into your phone's case. Done.

    Nobody will know.

    1. PaymentGuy

      Re: Simpler solution for Phone Bonk to Pay

      Until you try to pay over the applicable limit (e.g. £30 in UK).

  22. Anonymous Coward
    Anonymous Coward

    I pay for almost everything nowadays using Android Pay. More secure than my contactless bank card, as the phone has to be unlocked to use it. Phone auto-locks after 20 sec (and is unlocked via fingerprint), so if phone is lost of stolen there's little chance of Android Pay being used; unlike losing the bank card where anybody could use it.

    1. PaymentGuy

      And with Apple & Samsung, annoying as it may be, you have to authenticate every transaction with PIN/fingerprint whether or not the phone's unlocked. So more secure, if less convenient.

  23. Anonymous Coward
    Anonymous Coward

    Ahhh technology...

    ...you know the person paying by phone....it's the one taking 10x longer than the person with a card.

    C'mon, read my bloody finger print, c'mon...grrr hold on, try it at another angle, oh crap, now it's crashed, one minute.

    1. James 29

      Re: Ahhh technology...

      I pay with my Google Pixel all the time and Android Pay has never crashed or had an issue. Sounds more like a dodgy phone.

      The only time i've had issues is when the card reader itsself was broken and wouldn't accept my phone or contactless cards and I had to do the old fashoned chip and pin to pay.

    2. PaymentGuy

      Re: Ahhh technology...

      Ah - an Apple Pay user :-)

    3. Anonymous Coward
      Anonymous Coward

      Re: Ahhh technology...

      Then they're incompetent, and this isn't the fault of the phone. If you're going to pay by phone, you should have your phone unlocked and ready to use when you get to the front of the queue.

      This is no different than people who wait for the cashier to ask for the payment, and THEN start hunting through their bag looking for their wallet.

      Technology can't enforce common courtesy.

      1. Joe Harrison

        Re: Ahhh technology...

        Too difficult to have your phone pre-unlocked ready for your unpredictable arrival at the front of the queue. Too early and it relocks itself, too late and as you point out everyone else has to wait until you've done the business. All the while in the queue you are nervously poking it to keep it awake, which is unhelpful to your battery life as well.

        This is why I stopped having my airline boarding pass on my phone after the novelty wore off.

        1. Anonymous Coward
          Anonymous Coward

          Re: Ahhh technology...

          If you're worried about your battery running flat whilst you're in a supermarket queue...it might be time to get a new battery.

      2. Anonymous Coward
        Anonymous Coward

        Re: Ahhh technology...

        I was going to add a bit about people who pay by cheque without filling in the date and name of the shop in advance...

        ...but then again, if you're paying by cheque now then you obviously have no consideration for other people's time...

    4. davidp231

      Re: Ahhh technology...

      "C'mon, read my bloody finger print, c'mon...grrr hold on, try it at another angle, oh crap, now it's crashed, one minute."

      Shit.. it's crashed the terminal. sorry guys!

  24. Chands

    Its called progress. Who writes cheques these days ? Soon it will be, who carries cash around ? followed by who carries cards around ?

    There will always be criminals, ergo there will always be someone after your money whatever mechanism you use. Soon you will be wearing under skin implants and bringing them in close proximity to someone else's to transfer money (yes, i've been reading Iain M Banks (rip) culture book, but find the future tech he describes very plausible).

    New technologies will always attract criminals, but that's inevitable. I find all this tech adversity very Victorian.

    1. hplasm
      Holmes

      I find all this tech adversity very Victorian.

      I find it New Elizabethan . The Victorians were very into technological advances.

  25. Anonymous Coward
    Anonymous Coward

    Hold on... a lot of the comments above are stressing about how insecure Contactless CARDS are. And yes, someone could tap against your pocket with a lashed-together reader and do a transaction.

    It would be short lived, as they'd need all the associated trader accounts so it would take approximately 15 minutes (including a coffee break) to work out that one trader has had a 10,000% increase in fraudulent payments.

    But Android/Google Pay? It uses generated card numbers that are only good once. If you were to steal the data by the same method it could only be used that one time, and then the legitimate owner would see a notification that their phone has just done a transaction. And even then, you could only steal that information if the phone was screen-on or unlocked in the victim's pocket.

    Phone payments are MORE secure than contactless cards. Pick up a card you find in the street and you can spend £29.99 a pop before it's reported lost. Pick up a phone and assuming the owner isn't a passwordless cretin (actually, doesn't Google Pay enforce at least a PIN code?) it can't be used for transactions.

    1. PaymentGuy

      "But Android/Google Pay? It uses generated card numbers that are only good once."

      Where on earth does this misconception come from? It's just not true!

  26. James 29

    I have all my cards on Android pay. Its the contactless cards I dont want. Too insecure and after handing them over too many assistants have dinked them on the reader without even letting me check first.

    Least Android Pay uses a pseudo card number and requires the phone to be on or unlocked

    Oh yes and Paypal are the biggest load of shysters in the world with their fees and habbit of charging back your account. They are unaccountable and the quicker they die the better.

  27. PaymentGuy

    So much wrongness in one sentence!

    “Samsung Pay, which uses technology developed by its LoopPlay, has a feature neither of its main rivals can boast, as it can act as a passive magnetic reader. This means it can act as an Oyster card without being woken up”

    LoopPay, not LoopPlay.

    MST *sends* data to a mag stripe reader. Rather than being a passive reader, it's the complete opposite.

    Oyster does not use mag stripe at all - it's Mifare/DESFire-based. In fact, none of the *Pays can emulate Oyster.

    MST requires the phone to be woken, and Samsung Pay activated, since it's then actively broadcasting card data to whoever's listening.

  28. JeffyPoooh
    Pint

    A modular solution...

    Put your phone into a nice case. Slip your bonk-compatible debit card in-between the phone and its case. Now your phone seems to allow bonk payments, like magic. When things are updated, remove your phone form the case, replace the bank card with the new one, and reinsert the phone back into its case. Resume your apparently "phone based" bonk payments.

    You're welcome.

  29. Quotes

    RFID Blocking

    "Keep your debit card in an RFID blocking wallet or sleeve"

    Some blocking wallets and sleeves can be bypassed with a stronger signal. To get round this a new generation of blocker cards are available which use the energy from the scanner to generate a blocking signal. Early models used to set off store door security scanners. New ones are okay. Just slip the card into the wallet and you are covered.

    New RFID Blocking cards include Blockr Ultimate, and Savisto. Prices are usually around £8 per card but at the moment you can get a twin pack of Savisto from Amazon for £5.95 with free delivery. Orders limited to one per customer but you can re-order. https://amzn.to/2RMpdO9

  30. Matt 75

    paying with your data....

    from the TOS for Google Pay: "Information Google May Share. In order for Google to provide Google Pay services, you permit Google to disclose to apps and websites that you have set up Google Pay, and to share your device, payment, location, and account information with your payment method's issuer and network. Where necessary to process your transactions, you also permit Google to share your personal information with merchants, payment processors, and other third parties."

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like