Google Pay (formerly Android Pay) is a mobile payment service developed by Google to power in-app, online, and in-person contactless purchases on mobile devices, enabling users to make payments with Android phones, tablets, or watches. Users can authenticate via a PIN, passcode, or biometrics such as 3D face scanning or fingerprint recognition.[1]
As of 2024[update], it is available in 85 countries.[2]
When the user makes a payment to a merchant, Google Pay does not send the actual payment card number. Instead, it generates a virtual account number representing the user's account information.[3]
Google Pay requires that a screen lock be set on the phone or watch.[4] An age limit minimum of 13 years is imposed on users seeking to manage the service themselves. However, younger users can still have access to Google Pay if a parent or guardian manages Wallet for them, and utilizes an approved bank (currently only available on the Fitbit Ace.)[5]
Users can add payment cards to the service by taking a photo of the card, or by entering the card information manually. To pay at points of sale, users hold their authenticated device to the point of sale system. The service has smart-authentication, allowing the system to detect when the device is considered secure (for instance, if unlocked in the last five minutes) and challenge if necessary for unlock information.[6]
Technology
Google Pay uses the EMV Payment Tokenization Specification.[7]
The service keeps customer payment information private from the retailer by replacing the customer's credit or debit card Funding Primary Account Number (FPAN) with a tokenized Device Primary Account Number (DPAN) and creates a "dynamic security code [...] generated for each transaction". The "dynamic security code" is the cryptogram in an EMV-mode transaction, and the Dynamic Card Verification Value (dCVV) in a magnetic-stripe-data emulation-mode transaction. Users can also remotely halt the service on a lost phone via Google's Find My Device service.
To pay at points of sale, users hold their authenticated Android device to the point-of-sale system's NFC reader. Android users authenticate unlocking their phone by using biometrics, a pattern, or a passcode, whereas Wear OS and Fitbit OS users authenticate by opening the Google Wallet app prior to payment.[8]
In EMV-mode transactions, Google Pay supports the use of the Consumer Device Cardholder Verification Method (CDCVM) using biometrics, pattern, or the device's passcode. The use of CDCVM allows the device itself to provide verification for the transaction and may not require the cardholder to sign a receipt or enter their PIN.[9][10]
Security
Payments for supported transit networks are available to skip verification, either via a payment card or transit card. Though the phone screen needs to be on and is not available when the battery is low, unlike Apple Pay's Express Mode.
On Wear OS and Fitbit OS, this option is not available. All transactions on wearable devices must be authenticated by opening the Wallet app prior to tapping.[11]
Since 2022, the functionality of adding NFC bank cards in Google Wallet requires devices to pass Play Integrity API checks. This implies having a device with locked bootloader and no rooting. [12]
Availability
Google Pay is available in all the same regions that Google Wallet is.