Keep your payment info safe
Here’s where you can find information on what Google Pay does to keep your payment info safe and what to do about lost or stolen phones and unauthorized charges.
Automatic security features
Here are a few ways Google Pay works to keep your information safe.
Your payment information is encrypted and stored on secure servers.
Virtual Account Number is a type of temporary alias for your actual account number. When you pay in stores, your virtual account number is shared with the merchant instead of your actual account number This helps to keep your account information safe.
In order to locate the Virtual Account Number follow the below steps:
- Open the Google Pay app.
- Tap Payment.
- Choose a Payment card.
- Scroll down to the bottom to find the Virtual Account Number (only last 4 digits are visible).
Note: If you don't see "Virtual Account Number," you will need to set up the payment card for in-store payments.
You'll need to set up a screen lock on your device before you add cards to the Google Pay app or for in-store payments. If you turn screen lock off, Google Pay removes your virtual account number from your device for your protection.
To make most purchases, you need to unlock your phone. You won't need to unlock your phone for certain small payments.
Find and secure a lost phone
Whenever your phone is unlocked, it can be used to make purchases in stores. If your phone is lost or stolen, you can find, lock, or erase it using Find My Device.
If you lock your device, Google Pay can't be used. If your device can't be contacted, your payment information might be removed so no one can access it. If you find your device, unlock it and add your payment information again to use Google Pay.
Since Google Pay doesn't store your card details on your phone, anyone who finds or steals your phone won't be able to access that information, even if it's unlocked.
Help protect your payment info
Here are three ways you can keep your payment info safer.
Scammers sometimes use online forums like Craigslist to accept money for goods (like iPhones, shoes, and concert tickets) and services.
Sending money on Google Pay is for friends and family and for small business transactions, usually between people who know each other. If you don't know the seller, we recommend that you pay the seller in-person after you receive the good or service.
Avoid buying online especially if the seller shows these suspicious behaviors:
- Refuses to meet in person
- Asks for payment before sending the goods
- Sells digital goods
- Sells rare or sold-out goods
- Sells expensive goods at a very low price
If you think there’s been fraud or unauthorized activity on your payments profile, contact us to report it within 120 days of the transaction date. We may also ask you for more information to determine if a transaction is covered.
"Phishing" and "spoofing" are fraudulent attempts to access your personal information.
- Phishing is when someone pretending to be someone else asks you for personal information.
- Spoofing is when someone fakes the identity of the email sender so it looks more trustworthy.
If you get a suspicious email, don’t respond with the information it asks for.
- If the message claims to be from Google, report the email.
- If you think you've been scammed, find out what to do next.
How to tell if an email is suspicious
1. Check what information it asks for
If the email asks for any of the below information, it’s most likely fake.
- Usernames and passwords
- Social Security numbers
- Bank account numbers
- PINs (Personal Identification Numbers)
- Full credit card numbers
If you're still not sure whether an email is suspicious, err on the side of caution and avoid sending money or personal information.
Note: Real messages from Google might ask you to click a link to verify your email address. We won't ask you for any information until you've signed in to your Google Account. If we can't verify your Google Pay information, you might get an email from firstname.lastname@example.org or another Google email address asking you to sign in and send documents that verify your billing details.
2. Find the real sender of the email
- In Gmail, click the drop-down next to the "Reply" button and click Show original.
- Make sure the "From" address and the "Reply-to" address match.
- Check that the address on the "Message-id" also matches the "From" address domain.
- If you don't use Gmail, ask your email host for details on how to verify a sender.