What’s under the hood: Security on Google Pay

https://ift.tt/2YxZG1O
In the last two years, instant bank-to-bank transfers via UPI have become the preferred form of payment for millions of Indians, many adopting digital payments for the first time. At Google Pay, we've been very excited to be part of this story, and bringing the convenience of UPI to millions of users, in a simple and secure user experience. 


We launched Google Pay with the best of Google's security infrastructure, leveraging our experience of 20 years of bringing some of the world's most helpful technology products to billions of users worldwide. Some of these are: 

  • Enhanced fraud protections with SafetyNet: Beyond the 'one device - one account' safeguards offered by UPI, Google Pay is secured with Google Pay advanced fraud models and backed by Google's authentication platform, ensuring world class protections against fraud attacks and faster identification and suspension of fraudsters.
  • Secure access: The PIN entry screens in Google Pay have been secured against remote desktop attacks since the early days of app's launch, keeping our users safe, even when widespread scams have affected other digital payments users.
  • Blocking fraudsters from getting on to Google Pay: Our exhaustive risk relations check at the onboarding stage prevents known bad actors from recreating their accounts on the app.
  • Scam protections: Since its launch, Google Pay uses machine learning-based scam prevention models, and also displays explicit 'scam' or 'stranger' warnings if a user receives a request from someone suspicious or not in their contacts.
             

    • Explicit language and prominent warnings during collect requests: Collect requests as a flow are unique to UPI and thus might be new to several users. For this reason, Google Pay displays very clear and prominent warnings to the user about what it entails at each step.

      Additionally, to help our users fully understand each step on the app, we have now launched notifications and SMS alerts to clarify the direction of flow of money: Google Pay will now send app notifications as well as SMS to inform users each time they receive a collect request to highlight that approving the request will deduct money from the users' bank accounts. 

      We are mindful that at Google Pay, users are entrusting us with their most sensitive asset - their money. We are conscious of the responsibility that comes with this trust. The above security features, and a lot more ongoing work in this direction, are a small example of how we keep our users safe. 

      As we make this journey together, there are steps that our users can also take to keep their money secure. Just as we learnt to handle cash carefully, the world of digital payments requires care and mindfulness as well, to ensure we keep our money safe. Some of these are:
      • Just as you keep your ATM card PIN private, your UPI PIN needs to be safeguarded in the same way. This code is only for your use, to securely access your UPI-linked bank account, via Google Pay. The same applies to your phone PIN.
      • Google Pay customer care representatives will never ask for your PIN or ask you to authorise a money transfer, while troubleshooting. If anyone contacts you with such a request, always decline.
      • UPI places incredible power in the hands of the user and money can only leave your account if you authorise it. Only approve transfer requests from people you trust, or for transactions that you have initiated. If you don't remember initiating a transaction, decline.
      • Please pay attention to 'scam' and 'stranger' warnings that appear on Google Pay, in case an unknown contact requests for a money transfer. Read these signals carefully and only transact with people you trust. 
      • Be alert to the direction of the money flow. Receiving money never requires your UPI PIN, only sending money does. If you need to enter your UPI PIN, you are authorising a payment.
      • If you ever need any kind of support or help, our 24/7 support is available to help, who you can contact safely from within the app. Do not call unverified numbers present on the web. 
        These simple tips, along with Google Pay's security infrastructure, can ensure that your experience on digital payments stays seamless, and you can leverage its many conveniences to the fullest. This journey is an ongoing one as we continue to learn and evolve the product, and look forward to your feedback to make Google Pay even more helpful in your daily life. 

        Posted by Ambarish Kenghe, Director, Product Management, Google Pay

        Subscribe to receive free email updates: