PaulDavis I'm in the US, but interesting that the UK has policies regarding this.

why would you want to walk around with NFC constantly on when its operation is simple?

You can turn NFC off and turn it on only when you need it. You can also set it to only authorize NFC payments with additional authentication such as fingerprint, password, etc, which in theory, is more secure than a card sitting in my pocket that doesn't require any user authentication before processing a payment.

Your cards should be safe as the proximity required to activate a card is quite small, so it should be obvious to see someone trying to scan your wallet, especially in a jacket pocket

That's not true...at least according to numerous news stories like this and videos of card skimming tools like this

    [deleted] Well, this was a very unhelpful comment and the snarky response was definitely not necessary. The question was geared toward security, not privacy - hence the title "Is Google Pay more secure than paying with a credit card?

    Also, I never even asked about cash. It's completely irrelevant to this discussion. The question asked specifically for a comparison between Google Pay and Credit Cards for NFC payments.

      you can mitigate the card skimming of you nfc cards by having them in a nfc shielded wallet.

      The other option I do is control the cards via my banking apps: I have my cards deactivated most of the time only activate them when I need them. With one Card I have multiple toggles for retail store, ATM, nfc, online payments options and I can temporarily block the cards completely.

      And what all cards have: payment larger than 50€ will always need a pin to approve the transaction.

      According to this:

      https://support.google.com/googlepay/answer/14555219?hl=en

      Google Pay is no longer available in the US. I can't find anything about non-US use.

      But, security-wise, Google Pay/Wallet is supposed to be more secure than credit cards because:

      " Google Pay purchases are tokenized, which means that the service sends your credit information using a unique code for each purchase. If the information could be intercepted, it would not be useful to a thief or hacker, because your credit card information isn't present.

      Perhaps even more important, though, is the physical security that Google Pay offers. If your actual credit card is lost or stolen, it can potentially be used to make purchases, at least until you notify the credit company and cancel the card. But when using Google Pay on your phone, your credit card information is protected behind a passcode or biometrics like facial recognition. "

      That's from :

      https://www.businessinsider.com/google-pay

      I don't know when that article was written and that's not exactly a security research article, but it seems reasonable.

        dregrinfuces Yeah I was referring to Google Pay as the NFC-payment system that Google Wallet uses., not the peer-to-peer payment app that used to exist.

        I read that article too and similarly felt it didn't go in-depth enough. I was hoping people on here might know more about it since there appears to be many security professionals and enthusiasts on here.

          DirtyDan
          Hi Dan,
          speaking generally (for Apple Pay and Google Pay),
          the security is really much higher as with a physical card, because both solutions use virtual credit card numbers instead of your real credit card number, so no dealer will ever see your really credit card number.
          And if you set NFC in the right way (only on, if you have unlocked your phone display), then no misuse is possible.

          But with Google Pay you give up privacy, because Google gives all information about transactions to advertisers to make money with your data.
          This does not happen with Apple Pay because they have another business model.

          And about security of the physical cards:
          There are wallets and card cases with special metal mesh for shielding.
          And: as soon as several NFC cards are stacked in the wallet, it is almost impossible to secret scan a card quickly.

          BTW: Google Pay is not possible with a Pixel Phone if GrapheneOS is installed.
          In other words: no certification by Google.

            PaulDavis So if you use Google Pay, it shows up on your statement as a payment to Google? It must be different with Apple, because anytime I’ve used Apple Pay it’s the retailer that shows up. Which I assume means I get additional protection?

                Cold_Beer No, it was phrased as a question. I won't use gpay, so I have no knowledge. But in the UK, if you pay through a third party provider, and PayPal is the best example, you will lose a lot of consumer protection.
                One example is that paying directly with the card entitles you to protection if the company goes bust while your goods are within warranty. With PayPal you will get whatever they decide. Hence the question about gpay, and it would have covered apple, but you've answered that for me

                    PaulDavis Ah ok. I was unaware of that consumer protection. I’m running an iphone to end of support, it does come in handy once in a while. I don’t mind pulling a card out once in a while though. Actually for big purchases you have to.

                        Cold_Beer For us, the cover is automatic on purchases over £100, as long as part of it has been paid on the credit card. Debit cards offer less protection. So you could pay £100 in cash, and £1 by CC and your purchase is protected. It is a right in law, not a service provided.

                            PaulDavis I do Remember having the green classic Amex card. That gave you two extra years on top of the one year warranty.

                              • [deleted]

                              • Post #16
                              • Edited

                              Mods, if you have to delete my post, have the decency to delete the reply as well. Many thanks.