Thanks to Google Pay and Apple Pay, you can now pay at retailers using your smartphone or smartwatch instead of a physical credit card. This may seem appealing, if only because it allows you to leave your bulky wallet at home. On top of that, many cities around the world have also adopted these apps for transport payments. But does this convenience come at the expense of security? And should you be cautious about relying on these apps for everyday payments? Here’s everything you need to know about the security of tap payments on apps like Google Pay and Apple Pay.
Are Google Wallet and Apple Pay safe to use?
Edgar Cervantes / Android Authority
Apps like Google Pay, Samsung Wallet, and Apple Pay are more secure than actual credit cards because they use a process called tokenization, which provides added security over physical cards.
When you add your card to a payment app, the app doesn’t copy any details like the 16-digit number or expiry date. Instead, the app contacts your bank or card issuer and requests a token. Think of this token as a long, random number that’s stored only on your phone. Your bank or card issuer will only issue such tokens to apps it trusts, like Google Pay or Apple Pay. To receive the token, you’ll need to verify your identity, usually by entering your card details and receiving a one-time password via SMS.
Payment apps use tokenization instead of storing card numbers, making them more secure.
The token is stored in a secure part of the phone’s SoC, just like biometric data such as a fingerprint. However, even if someone hacks into your phone and gains access to this token, it won’t work on another device. Tokens are typically tied to individual devices. Part of the token changes with each use, depending on factors such as the date and time, so it can’t be intercepted and reused.
Another benefit of using a token is that a malicious payment terminal cannot steal your card details by tapping your smartphone: any intercepted data would look like a bunch of random numbers, which would be pretty useless to say the least. In fact, with a tokenized card, merchants cannot identify any of your personal information.
How do payment apps like Google Pay and Apple Pay work?
Payment apps use your phone’s Near Field Communication (NFC) antenna. NFC is a wireless technology that you may already be familiar with if you’ve ever used a hotel or office key card. NFC allows two devices to communicate over short distances, such as holding your phone within a few inches of a payment terminal.
Modern credit cards have built-in NFC tags that allow you to complete a purchase by simply tapping them over a terminal, but these physical cards can’t be reprogrammed to use as different cards. Your phone, on the other hand, acts as a programmable NFC tag, which means you can store multiple cards (even across different apps) and switch between them at will.
If I lose my phone, can anyone use the cards stored in Apple Pay and Google Pay?
Rita El Khoury / Android Authority
No, cards stored in Apple Pay and Google Wallet are always locked with a lock screen password or biometrics like a fingerprint. Wearable devices like the Apple Watch also force you to use a PIN when you enable digital payment methods. While this may seem inconvenient, it prevents phone thieves from accessing and using your stored cards.
For this reason, using a payment app on your phone is safer than carrying a wallet full of credit cards. If you lose your wallet, someone could tap your card or use the chip to make expensive purchases without your knowledge. Most countries do not require a PIN or signature to authenticate credit card transactions.
Using Google Pay or Apple Pay is safer than carrying a physical card.
Apps like Google Pay can also protect you from other types of credit card fraud, like skimming, where fraudsters use malicious payment terminals or ATMs to clone your card when you swipe it, so make sure you only tap to pay or use the chip on your card, which is much more secure than the magnetic stripe.
One thing to note, though: both Android and iPhone support contactless payments even when locked. This is especially useful for transit payments, which are usually small amounts. For example, when I was in Japan, my Pixel’s battery completely died on the subway, but I was still able to tap my phone at the ticket barrier when I was exiting. You can disable this behavior in Android’s “Require device to be unlocked to use NFC” setting and Apple Pay’s “Express transit payments” setting.
How secure is Apple Pay for online purchases?
Apple Pay is just as secure for online and App Store purchases as it is for in-store purchases because it uses the same tokenization mechanism. This is one of those rare cases where the more convenient option is also the more secure option. When you use Apple Pay or Google Pay for online purchases, you don’t have to enter your details, such as your 16-digit card number, and websites can never steal or reveal it.
FAQ
Which is more secure: cards, Google Pay, or Apple Pay?
Google Wallet and Apple Pay are much more secure than transacting with a physical card, since your phone or watch needs to be unlocked to complete the payment, whereas cards can be used without authentication.
Is Google Pay safe from hackers?
Yes, Google Wallet is safe from hackers: your card details are stored in a different format so they cannot be read or reused even if a hacker gets hold of your device.
Do Google Pay and Apple Pay thwart skimmers?
Yes, both Google Wallet and Apple Pay do not store copies of your credit card information. Instead, they communicate a device-specific token to your payment terminal that cannot be replicated or copied by skimmers.
Is it safe to have my card in Apple Pay, Samsung Wallet, or Google Pay?
Yes, there’s no downside to adding your card to a payment app on your phone, but you’ll need to set up a secure lock screen password or PIN, as your unlocked device can be used to make payments instead of your card.
comment
Source link
