A major security vulnerability related to Google Pay was reported in February. If a PayPal account was stored in the app, fraudsters could make unauthorized debits. The vulnerability is said to have been fixed. However, the problems remain.
The unwanted PayPal debits were due to a security hole in the credit cards generated by Google Pay. In order to protect the identity of the user and to make payments at common terminals, Google Pay creates a virtual Mastercard with every purchase. The card number hardly differs from other card numbers. Because features such as the expiration date and security code are not always checked, fraudsters were able to guess many records and use them for their purposes.
After the wave of fraud has subsided, Google is said to have secretly fixed the vulnerability responsible for the problem. The fix has probably been implemented within the past four weeks. The security researchers who discovered the vulnerability at the time could no longer reproduce the fraud scenario.
Other security holes possible
However, the problems are not yet finally eliminated. Just a few days ago there should have been unauthorized debits. It is conceivable that another aspect played a role here. It is striking that the payments went to a Russian network and the probably non-existent email “[email protected]” was used.
Until the problems are clearly resolved and Google has officially commented on them, the Paypal account should remain separate from Google Pay. It is not possible to cancel an executed transaction later. To cancel a payment with Google Pay, the user must first contact the PayPal support and possibly also Google Pay.
Manager at Research Snipers, RS-NEWS, Digital marketing enthusiast and industry professional in Digital technologies, Technology News, Mobile phones, software, gadgets with vast experience in the tech industry, I have a keen interest in technology, News breaking.