Keep your payment info safe
Here’s where you can find information on what Google Pay does to keep your payment info safe and what to do about lost or stolen phones and unauthorized charges.
Google Pay & merchants
Participating merchants accept Google Pay for purchases of goods and services on websites and in apps. Google discloses to participating sites and apps whether or not you have Google Pay set up on your device so that merchants know whether to offer you Google Pay as a payment option. You can opt out of Google making this disclosure in Google Pay privacy settings. Opting out could affect your ability to use Google Pay to transact with certain merchants.
Google Pay & your transaction data
Google may use data from Google Pay transactions you make in stores or on third-party apps and websites to:
- Facilitate your Google Pay transactions.
- Show you your transaction details and transaction history.
- Resolve a problem you're having with Google Pay.
- Provide you with other Google Pay features.
Automatic security features
Here are a few ways Google Pay works to keep your information safe.
Your payment information is encrypted and stored on secure servers.
Virtual Account Number is a type of temporary alias for your actual account number. A virtual account number is created when you add a card using the Google Pay app or your banking app. When you pay in stores, for example, your virtual account number is shared with the merchant instead of your actual account number. This helps to keep your account information safe.
In order to locate the Virtual Account Number follow the below steps:
- Open the Google Pay app.
- Tap Payment.
- Choose a Payment card.
- Scroll down to the bottom to find the Virtual Account Number (only last 4 digits are visible).
Note: If you don't see "Virtual Account Number," you will need to set up the payment card for in-store payments.
You'll need to set up a screen lock on your device before you add cards to the Google Pay app or for in-store payments. If you turn screen lock off, Google Pay removes your virtual account number from your device for your protection.
To make most purchases, you need to unlock your phone. You won't need to unlock your phone for certain small payments.
Find and secure a lost phone
Note: This info isn't relevant for customers in Japan. Learn more about protecting a lost device if you're in Japan.
Whenever your phone is unlocked, it can be used to make purchases in stores. If your phone is lost or stolen, you can find, lock, or erase it using Find My Device.
If you lock your device, Google Pay can't be used. If your device can't be contacted, your payment information might be removed so no one can access it. If you find your device, unlock it and add your payment information again to use Google Pay.
Since Google Pay doesn't store your card details on your phone, anyone who finds or steals your phone won't be able to access that information, even if it's unlocked.
Help protect your payment info
Here are three ways you can keep your payment info safer.
Sending money on Google Pay is for friends and family and for small business transactions, between people who know each other. After you successfully authorize sending money to someone, Google isn’t responsible for disputes between you and the recipient.
Be aware scammers sometimes use online forums like Craigslist to accept money for goods (like iPhones, shoes, and concert tickets) and services.
Avoid buying online especially if the seller shows these suspicious behaviors:
- Refuses to meet in person
- Asks for payment before sending the goods
- Sells digital goods
- Sells rare or sold-out goods
- Sells expensive goods at a very low price
If you think there’s been fraud or unauthorized activity on your payments profile, contact us to report it within 120 days of the transaction date.
"Phishing" and "spoofing" are fraudulent attempts to access your personal information.
- Phishing is when someone pretending to be someone else asks you for personal information.
- Spoofing is when someone fakes the identity of the email sender so it looks more trustworthy.
- If the message claims to be from Google, report the email.
- If you think you've been scammed, find out what to do next.
How to tell if an email is suspicious
1. Check what information it asks for
If the email asks for any of the below information, it’s most likely fake.
- Usernames and passwords
- Social Security numbers
- Bank account numbers
- PINs (Personal Identification Numbers)
- Full credit card numbers
If you're still not sure whether an email is suspicious, err on the side of caution and avoid sending money or personal information.
Note: Real messages from Google might ask you to click a link to verify your email address. We won't ask you for any information until you've signed in to your Google Account. If we can't verify your Google Pay information, you might get an email from firstname.lastname@example.org or another Google email address asking you to sign in and send documents that verify your billing details.
2. Find the real sender of the email
- In Gmail, click the drop-down next to the "Reply" button and click Show original.
- Make sure the "From" address and the "Reply-to" address match.
- Check that the address on the "Message-id" also matches the "From" address domain.
- If you don't use Gmail, ask your email host for details on how to verify a sender.