In a program report “What’s new in Google Pay?”, published at the Google I/O conference this year, the head of Google Pay products Rajiv Appana described in detail some of the steps the company is taking to protect users. In essence, if the risk management system determines the need to verify the payment sent through Google Pay, the protection works and checks whether the user is who he calls himself.
The first method of protection described by Google was built-in tokenization. Built-in tokenization will assess whether you need to check the cardholder before the card is used by the seller. The user will be asked to confirm his data by entering CVC. The customer will then receive a text message or email with a one-time password confirming their identity.
The second method is a one-time password, which is formed by a small debit from the user’s bank account. The customer then checks his bank account to find out the amount of the withdrawal. This amount will be the one-time password that will need to be entered. After verifying ownership of the bank account linked to the card you are using, this verification will be saved in your Google Account and the payment will be canceled.
All this is happening against the background of the company’s preparations for the release of virtual cards for users of Android devices.