Tag: Google Pay

Are Apple Pay and Google Pay secure?

Post author By Mobile Syrup
Post date 28 April 2023

How do you pay for things?

Do you insert a physical debit or credit card or tap that card against a payment terminal? Perhaps you’re among the average 30 percent of Canadians who reported using mobile payments in 2020. Without a doubt, that number has only gone up since.

I’ve been in love with the concept of mobile payments and digital wallets since Apple Pay first came to Canada in 2015. During Apple Pay’s early days in Canada, I encountered many situations where I was the first person to pay with my Apple Watch in a store. Of course, those stories are far less common seven years since launch.

My goal to someday replace my keys and wallet with my phone is well on track. I no longer need house keys, car keys, or my physical bank cards. My phone covers everything, minus my mailbox key and driver’s license. In a previous article I wrote, you can learn how I started to replace my physical wallet by learning about all the different items you can add to the Apple Wallet app.

Even though Apple Pay has been available in Canada since 2015, Samsung Pay since 2016 and Google Pay (formerly Android Pay) since 2017, there is still a lot of hesitation with using smartphones and smartwatches to pay for things in place of our traditional credit and debit cards.

Let’s explore what payment option is the most secure and if mobile wallets should be the future of payments.

What is a Mobile Wallet?

If you use Samsung Pay, Google Pay or Apple Pay, you have a mobile wallet. In their most common form, mobile wallets are digital versions of our debit and credit cards on our mobile devices like smartphones and smartwatches. All mobile wallets are also digital wallets, with the difference being that digital wallets aren’t exclusive to mobile devices. Digital wallets can also support cryptocurrencies and digital cash. Still, for this article, we’re focusing on how secure a digital debit or credit card is compared to tapping or inserting a physical card.

How secure is tapping my bank card?

Functionally, tapping your debit or credit can is very secure. “Tap” or contactless payment, as the feature is officially called, uses a technology called NFC which stands for near-field communication. NFC is a wireless communication protocol which can transmit data between two devices that are very close together.

The primary risk with tapping your debit or credit card is there is no form of authentication; anyone with the card can make a payment. To mitigate this risk, most cards have a limit of $100 to $250. In my experience, banks will let you disable contactless payments on debit cards but not credit cards. This is because credit cards offer fraud protection, unlike debit cards.

A lesser secondary risk is contactless skimming. You may have heard stories where people use a device to wirelessly capture card details from your debit or credit card. This is incredibly rare for two reasons. First, the scammer would have to be physically very close to you. Second, NFC generates a random transaction ID every time it communicates with a device, meaning the scammer can only complete one transaction at most with the captured details.

How secure is inserting my bank card?

In general, inserting your physical debit or credit card is very secure. In Canada, we have a reasonably modern financial system, at least compared to our neighbours south of the border. Canadians just about never have to swipe their payment cards, which is excellent because, unsurprisingly, swiping your card is far less secure than inserting it or using a mobile wallet.

When inserting a chip-enabled debit or credit card, you enter a pin to verify the transaction is authorized. Then your transaction is securely transmitted to the bank. However, there are two situations where chip-inserted cards are not ideal.

The first is related to security. Skimming is where an unauthorized device is used in place of the legitimate payment terminal, and it captures your card number and sends it to the scammer. Skimmer attacks aren’t common but are most often used at bank machines and self-served gas pumps because they aren’t attended by staff.

The second is related to privacy. When swiping a card using its magnetic stripe, the merchant can see the card number, expiration date, and CVV number. In contrast, when using a chip-enabled card, the merchant doesn’t get the card number and instead receives a random transaction ID. However, they can still possibly get the transaction amount, date and time, your name, address, and phone number.

How secure is Samsung Pay, Google Pay, or Apple Pay?

All three mobile wallets function similarly on the surface, with a few differences underneath. While inserting your card is reasonably more secure than tapping, it’s less convenient. All three mobile wallet platforms improve on the weaknesses of using tap while providing similar convenience. Smartphones and smartwatches use an NFC chip, like your debit or credit card, to conduct contactless payments.

The primary difference is that your mobile device leverages different technologies to prevent fraud. First, passcodes and biometrics like facial recognition or fingerprint sensors prevent unauthorized payments. It’s pretty slick to pull out your smartphone, verify with a biometric and wave your device to pay. Additionally, as far as I know, banks still maintain the $100 to $250 contactless payment limit. Although I’d argue that should be removed for mobile wallets since they have some form of authentication. Not to mention, leveraging biometrics is far more secure than the four to six-digit pin you’d use on your physical card that someone could shoulder surf.

In terms of skimming, mobile wallets win here too. Since you don’t insert your phone, skimming isn’t possible. Regarding wireless skimming, our smart devices are intelligent enough to know whether a payment is legitimate, unlike your regular card.

The main difference between these three mobile wallets is how they operate behind the scenes. Samsung Pay and Google Pay securely store payment details on a company server instead of a device. There isn’t anything necessarily insecure about this since the data is encrypted. However, the server-based approach could, in theory, be compromised. However, this would be to an incredibly sophisticated attacker. Ultimately, Samsung and Google likely took the server-based approach to collect data.

Apple being Apple opted for the privacy-first approach and stores all card details on a device instead of a server. Apple devices supporting Apple Pay have a special chip called a Secure Enclave. The Secure Enclave is encrypted and physically separate from the main processor, leveraging its own memory and storage. This means that even if someone does compromise the processor or other parts of the system or even physically gets a hold of the device, they can’t access your card details. Your health data and other sensitive information are also stored on the Secure Enclave.

Samsung Pay, Google Pay, and Apple Pay all provide the same service. All three also do it more securely than by using a physical card. The primary difference is that Apple takes a more privacy-focused approach by completing processes on-device instead of on a server like its Android counterparts.

Are Mobile Wallets the future of payments?

Personally, I firmly believe mobile wallets are the future of payments. Ideally, they’ll be the future of our house keys, car keys, and IDs too. When we migrate systems onto our heavily connected devices, there will undoubtedly be risks. However, when done right, leveraging the computer in your pocket or wrist is a better option than a physical card because it can provide additional security and privacy benefits. Ultimately, if you prefer a physical card, that’s fine, our payment networks are very secure, and the risk is low.

But if you’re currently on edge about using your mobile device to pay for things, do it. Paying with your smartphone or smartwatch is easy, convenient, and secure.

Tags apple, Google Pay, mobile wallet, pay, samsung pay

Mobile Syrup

Apple Pay and Credit Card Tap Payments now available on Go Transit and more

Post author By Mobile Syrup
Post date 11 August 2022

Metrolinx has finally expanded its contactless payment to support additional platforms, including Apple Pay and contactless credit card payments

Starting August 11th, Go Transit, Brampton Transit MiWay and Oakville transit support the above platforms when tapping at a Presto payment device.

This means that Presto readers now work with the iPhone or Apple Watch with Apple Pay tied to a credit card. Similar to a Presto Card, you still need to tap off when getting off at a station, so you aren’t charged twice.

Through a pilot program, contactless payments first made their way to Metrolinx transit network on the Union-Pearson Up Express line last year. The transit agency says that there have been over 28,500 credit fare payments since March 2021 and over 6,000 debit fare payments since October 2021 using contactless payment options.

“We’ve’ heard customers when they’ve asked for more flexible and convenient ways to pay their fare, and Presto contactless payment is just the latest customer improvement to deliver this – We will continue to offer new options that bring the very best experience and value to our customers and transit agency partners with Presto,” writes Metrolinx in a recent press release.

Metrolinx says it has plans to add debit payments soon alongside other transit agencies.

The transit agency added the ability to top-up Presto cards with Apple Pay back in 2015. Then in 2019, Metrolinx launched a dedicated mobile app for Android and iOS, followed by contactless reloading on iPhones in 2020.

At the time, Metrolinx senior manager of media Ann Marie Aikins said that NFC payments with the iPhone through Apple Pay would eventually arrive but didn’t offer a specific timeline.

It’s unclear why it’s taken so long for Metrolinx to introduce this feature, but it’s likely tied to upgrading its Presto payment stations and Apple being notorious for keeping the iPhone’s NFC functionality locked down.

Image credit: Metrolinx

Source: Metrolinx

Tags Apple Pay, credit card, Google Pay, Metrolinx, public transit

Mobile Syrup

New Google Wallet app now available for download in Canada

Post author By Mobile Syrup
Post date 21 July 2022

After starting the Google Wallet rollout earlier this week, it looks like Google’s revamped payments app is now available to all (assuming you live in one of the 39 supported countries, like Canada).

The update showed up for me last night, but some received the new Wallet app as far back as Monday. Google first announced Wallet at I/O 2022 — the new app replaces Google Pay in many countries (including Canada) while offering most of the same functionality. That is, Canadians can still use Wallet to stare payment cards (like credit and debit), gift cards, digital identification, vaccination status, and more.

Google Wallet is now available to download! Tap to pay everywhere Google Pay is accepted, board a flight, go to a movie and more, with your Android device. And with security and privacy controls, Google Wallet is safer than a physical wallet. https://t.co/AOsZuznBgC pic.twitter.com/FUAHlRhYHN

— Android (@Android) July 20, 2022

Moreover, Wallet includes a small visual refresh that brings the app’s design in line with Android 12 and Material You. Those already using Google Pay should see Wallet arrive via an update to the Pay update. If not, you can download Wallet from the Google Play Store here.

Beyond the name and design changes, most Canadians likely won’t notice any significant differences between Pay and Wallet. The app can still be used to pay for things at retailers that support Google Pay. You can still store various items in it. Some might even wonder why bother switching back to Wallet given that Google originally launched Wallet in 2011 and then combined Wallet with Android Pay to create Google Pay in 2018, only to turn around and go back to Wallet in 2022.

For the countries that will continue to have access to Google Pay (so far, the U.S., Singapore, and India), Pay will serve as a tool to handle peer-to-peer payments.

Image credit: Google

Source: @Android

Tags canada, Google, Google Pay, google wallet

Mobile Syrup

Google now rolling out updated Wallet app to replace Google Pay

Post author By Mobile Syrup
Post date 19 July 2022

Google’s revamped Wallet app, set to replace Google Pay in several countries (except the U.S., Singapore, and India, where Pay will continue to exist as a separate app called GPay alongside Wallet), started rolling out to some users.

A Google spokesperson, Chaiti Sen, confirmed to The Verge that the company “started rolling out the Wallet to Android users in 39 countries” and that it’ll be available “to all users over the next few days.” Canada is among the 39 countries set to get Google Wallet, although it hasn’t arrived on any of my devices yet.

9to5Google reports that Wallet is coming as an update to the Google Pay app, so if you’re waiting for Wallet to arrive, check the Play Store for Pay updates.

Google announced Wallet back at its annual I/O developer conference, framing it as the go-to tool for storing digital cards — including payment cards like debit and credit, as well as other items like identification, vaccination status, tickets, keys, and more.

The Verge notes that Google’s payment app has undergone several changes throughout the years. Back in 2011, Wallet was an NFC payment app and over time gained new features like peer-to-peer money transfers and even a physical Google Wallet debit card. In 2018, Google combined Wallet with Android Pay to create Google Pay. Now the app is headed back to Wallet in most regions, with Google Pay sticking around in some countries as a peer-to-peer payment system.

While a convoluted history, hopefully, the end result is the new Google Wallet app offers a better experience for users.

Source: The Verge

Tags canada, Google Pay, google wallet, update