Reply to post:

Farewell, Android Pay. We hardly tapped you

Chris 125

Hold on... a lot of the comments above are stressing about how insecure Contactless CARDS are. And yes, someone could tap against your pocket with a lashed-together reader and do a transaction.

It would be short lived, as they'd need all the associated trader accounts so it would take approximately 15 minutes (including a coffee break) to work out that one trader has had a 10,000% increase in fraudulent payments.

But Android/Google Pay? It uses generated card numbers that are only good once. If you were to steal the data by the same method it could only be used that one time, and then the legitimate owner would see a notification that their phone has just done a transaction. And even then, you could only steal that information if the phone was screen-on or unlocked in the victim's pocket.

Phone payments are MORE secure than contactless cards. Pick up a card you find in the street and you can spend £29.99 a pop before it's reported lost. Pick up a phone and assuming the owner isn't a passwordless cretin (actually, doesn't Google Pay enforce at least a PIN code?) it can't be used for transactions.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019