Google Pay is a way to make contactless payments with Android devices. The pandemic has accelerated this trend towards contactless payment solutions (mobile with smartphone). Can you entrust your sensitive financial data to the advertising group Google or Alphabet? What about data protection with Google Pay? Convenience for the “transparent citizen”?
What Is Google Pay?
The payment service Google Pay is an offer from the company Alphabet. 2018 the Google Pay brand was launched with the merger of Android Pay (2015) and Google Wallet. With an Android device and a payment card stored in the Google Pay app, contactless payments can be made in shops using Near Field Communication (NFC). Unlike Apple Pay, there are no exact user numbers for Google Pay.
With 2.7 billion Android users worldwide and availability in 30 countries, the service will be used millions of times worldwide. The Mart was entered on June 26, 2018 (before Apple Pay)—Google benefits from the “trend” away from cash towards cashless payments. The pandemic is an ideal catalyst for “brave new money.”. There are concerns about data protection with Google Pay.
What Is Required For Use?
To use Google Pay, you first need an Android device running Android 5.0 (Lollipop) with a built-in NFC chip. A Google account is required to use Google Pay, which is stored with the actual name and correct billing address. Anyone previously using a “fake account” must do without this service or disclose their data transparently. Remember that, as a US company, Alphabet is subject to local laws and is part of the global oversight structure. Each user must decide for himself whether he wants to entrust his data to this company or not.
In addition, a payment card is required, which can be stored in Google Pay. These are usually credit cards. Whether or not a card-issuing institution enables registration with Google Pay is the responsibility of the respective card issuer. In the future, more and more banks and financial service providers will have to activate Google Pay. Alternatively, you can deposit money into a PayPal account. Then a virtual debit card (Mastercard) is created.
How Do I Set Up Google Pay?
To set up Google Pay, visit the Google Play app, click the “Payment” button, and add a credit or debit card or PayPal account via “+Payment Method”. A video on YouTube shows exactly how this works. Additional verification information may be required. Now the Google Pay service is set up. A fingerprint, face, or PIN code is stored for “security”. Biometric data is perfect for mass surveillance (e.g., fingerprints on ID cards).
What Data Do Banks Receive?
When a payment card is added, much data and information are collected, stored, and shared. Google provides the card-issuing institute with a large amount of information that the company was able to find out about its customers. Any fraud at the expense of banks and payment service providers should be prevented. The Google Pay Institute should not be used for criminal activities (e.g., credit card misuse, fraud, money laundering, etc.) for regulatory reasons alone.
Apart from these interests worthy of protection, the banks are giving up a large part of their sovereignty over the payment market to digital groups by activating Google Pay for demanding users. This market liberalization was the driving motive behind the second Payment Services Directive (PSD2). Financial service providers get involved in this deal in the fight for market share, especially since the Google Payment Corporation does not claim a percentage of the fee cake. The price: In the future, the data cake in the globalized payment market will be eaten by IT companies.
How Does Google Pay Work?
After the user has set up Google Pay, he holds his NFC-enabled Android device to the payment terminal and confirms the payment (over €50?) using Touch ID (fingerprint), Face ID (face scan), or a numeric code (PIN). The payment is validated. Ping already paid.
What Purchasing Data Do Retailers Receive?
The retailer knows what was swiped on the register’s barcode. Suppose someone pays in cash and deliberately avoids using customer loyalty programs (e.g., Payback, DeutschlandCard). In that case, payment can be made anonymously and in a data protection-friendly manner (apart from the identification via video cameras and the location of his mobile phone). The merchant will find your credit card number if you use a credit card.
This is different if PayPal, a debit, or a credit card is stored with Google Pay and paid with it. In this case, the merchant does not know the credit card number. A token, i.e., a virtual card number, is created for each card stored. Google Pay uses smartphone manufacturers, payment terminal providers, payment networks, token providers, and card-issuing banks to convert credit or debit card numbers into tokens. The token is transmitted in stationary trade via near-field communication (NFC) with a reader and online business via the Internet.
If you hold your Android device to the payment terminal, the merchant transfers the token to the associated banking network, which can assign the ticket to the stored credit card data. The merchant is then sent approval for the transaction. After receiving the support, the merchant transmits the contribution to be paid and its ID to the buyer’s device. The customer must confirm the marketing (for amounts over €50).
A one-time Card Validation Code (CVC), the piece, the seller, and the Google Pay user’s authentication are then forwarded to the bank network via the merchant, and the payment is made. As a result, the merchant never receives the customer’s actual credit card details, only the virtual card number (token) and confirmation that it is linked to a valid card. However, you are not anonymous to the dealer, at best, pseudonymously. This constant sequence of numbers also has a recognition value and is evaluated.
How Does Google Use Payment Data?
Google’s privacy policy applies to the Google Pay service. Since the service is operated by a wholly owned subsidiary of Google LLC called Google Payment Cooperation, special data protection notices for Google Payments also apply.
Third-Party Information
Google obtains information from third parties. For this purpose, data from banks and financial service providers, mobile phone providers, consumer credit reports (USA), and credit bureaus or credit reporting agencies are used. In addition, Google also bought bulk credit card transaction data from Mastercard (Bloomberg) in 2018 to link it to the data that Google already stored about the respective account holders.
This practice aims to provide “Google Payments services and to protect the rights, property, and safety of Google, our users, and the public.” It is constantly being evaluated whether further Google Payments transactions can be made. If there are problems with transactions that are not the user’s fault, the question arises as to who Google trusts more: the user or the retailer. What if you get disfellowshipped? How can you defend yourself against an unjustified exclusion?
Third-Party Data Sharing
Participating financial companies or third-party providers are trusted. You share data with them.
Data Sharing With Google LLC Affiliates
Even scarier: Google Pay data is shared with all Google LLC subsidiaries.
Google Becomes A “Super Credit Authority”
Alphabet, or Google, does not directly earn money from payments made with Google Pay. No fees are charged either by users or by merchants. At the same time, the company receives detailed insight into its customers’ payment behavior and consumption habits. This reminds me of the Chinese social credit system.
In turn, the subsidiary Google Capital (CapitalG) invests in promising IPO candidates, also from the financial sector. For example, Credit Karma is in the inventory. The wholly acquired company offers free credit reports. Google is working on a global SCHUFA and is one step closer to being a “super credit authority” with every Google Pay transaction.
Conclusion Google Pay Privacy
In summary, Google Pay is a privacy nightmare. The second Payment Services Directive (PSD2), pushed by lobbying, broke the banks’ ex-monopoly on financial data and opened the payment market for data-invasive fintech and IT companies. Google Pay is positioned in this market as a free service that grants various usage rights to the financial data, uses them commercially within the framework of the Google LLC company structure, and shares them with cooperating third parties.
I can very well imagine that Google will soon also have its free current account. While classic banks and online account models are turning the screw on costs, IT companies will establish themselves as the only ones offering free offers. You will pay the price with your data, which will become part of a global credit and financial database. Cash continues to impress here as an anonymous payment method, supplemented by payments with EC cards. Any involvement of another third party details a risk for data protection.
Also Read: Discover The Applications Of Artificial Intelligence In Photography