Is Google Pay Safe? What to Know About This Contactless Payment App

Google Pay offers speed and convenience, but before you sign up, find out just how secure this contactless payment app really is.

The Google-verse, like the natural universe, is ever expanding. Not only can you use Google products to search for information, get directions, and manage your email and photos, but you can also now pay for almost anything (as long as it’s legal) using a mobile app called Google Pay. Google Pay is aimed primarily at Android phone users, but it’s available for iPhones and iPads, too. But is Google Pay safe and what exactly is a digital wallet?

It’s natural to be concerned about new technology like this…but it’s actually not all that new. Google previously had two separate apps, Google Wallet and Android Pay, but both were discontinued in 2018, and their functions were combined into Google Pay. Now, the app has more than 100 million users worldwide—up from 39 million just two years ago—and is accepted at countless merchants, from Aeropostale and Burger King to Trader Joe’s and Walgreens.

What is Google Pay?

Google Pay is a type of digital wallet. Like its predecessor, Android Pay, it can store credit cards, gift cards, loyalty cards, airline and subway passes, concert tickets, and more in your smartphone or tablet. Then, you only need to tap your device to make contactless purchases in physical stores, online, and within apps. You can also order food from restaurants, buy gas, and pay for parking using Google Pay. There’s really nothing you can’t buy with it, as long as your bank signs up to use it, says Rahul Telang, professor of information systems at Carnegie Mellon University’s Heinz College. But that’s hardly an issue, as more than 3,000 financial institutions, including most of the largest ones, now partner with Google Pay.

Google Pay also incorporates the functions of the now-defunct Google Wallet, so you can send money to friends and family and make group payments and split bills. Here are a few other ways to get money to someone quickly.

How does Google Pay work?

Like many other types of virtual wallets, Google Pay relies on tokenization, a technology that assigns a new virtual account number to your card with each transaction. Your actual credit card number is never shared with any merchant. It’s not even stored on your phone. Instead, every time you tap your phone to use an in-store card reader or authorize an online transaction, the payment system generates a random string of numbers and letters (a “token”) to replace your card’s account number, expiration date, and security code. That token is what is sent between the merchant and your card issuer, and it can never be used again in any other transaction. Because of this, people tend to trust it, unlike these 8 apps security experts would never have on their phone.

How do I use Google Pay?

Once you’ve downloaded the app to your phone or tablet, you can begin adding cards. To add a card or ticket to Google Pay, open the app and follow the prompts to either scan your card using your phone’s camera or add the details manually. It’s a good idea to start with the card that you plan to use for most purchases—your default payment method. Your bank or card issuer will electronically verify the card, and then you’ll be able to begin using it from your phone.

When you’re in a store, restaurant, or other place of business that accepts Google Pay (you should see the app’s logo or a sideways Wi-Fi symbol at the payment terminal), just unlock your phone and hold it near the card reader. Your phone will display an image of your default card; you can tap it or select a different card. Then, within a couple of seconds, you’ll see a blue check mark on your phone confirming the purchase.

Likewise, when making a purchase online, simply look for the Google Pay logo at checkout and click it. Your app should open automatically, and then, just like in a store, you select the card you want to use and click “Buy.” That’s it.

What else can I do with Google Pay?

In November 2020, Google redesigned and updated the Google Pay app, offering users access to a whole suite of financial services. One of the biggest new features is the ability to connect all your bank accounts and credit cards to Google Pay. Google Pay can then organize your spending into categories so you can get a clearer idea of when, where, and how you’re using your money; this can help you identify and cut down on the spending habits that sabotage your finances. Google Pay also clarifies your financial picture by showing you the merchants and people you do business with most frequently; it will even warn you if you’re about to pay a stranger by mistake. And the biggest announcement with the latest update is that in 2021, Google Pay will be offering its own checking and savings accounts, which users will be able to access directly through the app. “It is becoming a one-stop pay [service],” Telang says.

How safe is Google Pay?

Using Google Pay—or another brand of digital wallet—is actually safer than swiping your card in a terminal at a store or typing in the card details on your phone or computer during online purchases. That’s because Google Pay and other digital wallets don’t store or transmit your actual credit card numbers. “Your financial information cannot be misused,” Telang says.

In addition, Google Pay relies on near-field communication, or NFC, rather than Wi-Fi to transmit the token information. Unless someone is standing within a few centimeters of the card reader, they would not be able to intercept the information, says Hsin-Wei Luang, a digital payments analyst at Merchant Maverick. And even if they somehow could steal the virtual credit card number, the credit card company could immediately invalidate the token and assign a new one.

Besides these technological safeguards, at least one other feature of digital payments makes them safer than traditional credit cards. In order to even use Google Pay or another digital wallet, you must first unlock your phone using biometrics (a fingerprint or facial ID scan) or a passcode.

Telang says it’s basically unhackable. “Other than some anecdotal incidents, nothing significant has come to light.” Still, he says, it’s a good idea to enable two-factor authorization and to be cautious about which apps you download and authorize for payment. Apple Pay is similarly safe for iPhone users.

Are there any other risks?

Even though the Google Pay app itself may be virtually hack-proof, there are still bad actors out there who will try to separate you from your money, and Google Pay is another avenue through which they may try to do that. Typically, these criminals conduct “payment transfer scams,” in which they post an advertisement online for a product or service, like concert tickets, tech support, or even a puppy. When you respond to the ad, the scammer may ask you to transfer money to them through Google Pay, and then they make off with your money without ever delivering on their promise.

To protect yourself, never transfer money to someone you don’t know, Telang says. In addition, Google recommends never divulging financial information or other sensitive personal details on Google Pay. Google will never ask for passwords or PINs, bank information, credit card numbers, Social Security numbers, or other personally identifying information. Google will also never ask you to download a third-party app to support payment.

If you do fall victim to a scam, you can report it to authorities like the Federal Trade Commission or the FBI’s Internet Crime Complaint Center. You can also report it to Google. If the fault is on their end, Telang says, they may investigate it, but they have no obligation to refund your money. Instead, you can follow up with your credit card company. Most credit card companies will waive customer loss, so it is no different than if you suffered a loss or theft with a more traditional method of using a credit card. On the whole, Telang says, as long as you use common sense, “mobile payment is going to be just fine.”

What about privacy?

Consumers and privacy experts sometimes express concern about potential overreach by Google, such as connecting an individual’s payment history with the rest of their Google profile. “Google denies it, and it probably won’t happen,” Telang says, noting that the risk to Google’s reputation would be too great. And consumers, of course, aren’t required to use any features they don’t want and can choose what cards and services they connect with the app.

Are there any other benefits to using Google Pay?

If enhanced transaction security isn’t enough of a reason to use Google Pay or another digital wallet, consider the convenience factor. You no longer have to lug around an overstuffed leather wallet. In addition, you no longer need to save cash-register receipts, since the app holds digital records of your transactions. Checking out is a lot faster, too; it takes mere seconds to tap your phone over the card reader and receive confirmation of your purchase. Plus, Google Pay is safe in another way: In our post-COVID world, contactless payments eliminate the need to handle germy money or even to touch a keypad or stylus at checkout. The only thing you touch is your own phone.

Also, even though you’re never sharing your actual credit card information when you use Google Pay, you’ll still get any mileage points, cash-back rewards, or other bonuses associated with your card, as if you had swiped the physical card. FYI, these are the best credit cards for every type of purchase.

Sources:

  • 9to5Google: “New Google Pay app is now available with redesign, rewards, more”
  • Market Realist: “Apple Pay Will Likely Stay Ahead of Google and Samsung”
  • CNET: “6 things you should know about the new Google Pay app”
  • Rahul Telang, professor of information systems at Carnegie Mellon University’s Heinz College
  • NerdWallet: “Credit Card Tokenization: What It Is, How It Works”
  • Hsin-Wei Luang, a digital payments analyst at Merchant Maverick
  • USA Today: “Google Pay: What opting into personalized offers can really mean for your privacy and finances”

Laurie Budgar
Laurie Budgar is a certified speech-language pathologist (MS, CCC/SLP) who spent over a decade helping people with brain trauma, stroke, MS and Alzheimer’s regain language, speech, swallowing and cognitive skills. She contributes regularly to RD.com, where she writes about health, pets and travel. Previously, she was the editor at Momentum, the magazine of the National Multiple Sclerosis Society. Under her direction, the magazine won its first-ever Folio awards for best complete issue and best article. She has covered health, nutrition and lifestyle topics for Healthline, Parenting, LIVESTRONG.com, Delicious Living, Natural Solutions and more. She has written about travel destinations and profiled small businesses for AAA Colorado, American Way, the University of Denver and Fortune Small Business.