Managing Fraud and Chargebacks on Google Pay
Table of Contents
- How Does Google Pay Work?
- Is Google Pay Secure?
- How Do Chargebacks Work Over Google Pay?
- Can Google Pay Be Hacked?
- Can You Get Scammed Through Google Pay?
The COVID-19 pandemic has changed a lot about the way commerce is conducted, and many of those changes will have lasting effects on customer behavior. One technology that's gotten a significant boost over the past two years is mobile wallet apps. Many customers tried these apps for the first time as a way to avoid touching payment terminals, and these kinds of customer habits tend to stick around.
Mobile wallet apps like Google Pay are convenient for customers, but what about the merchant's end of things? Since Google Pay processes transactions using regular credit cards, these transactions are subject to chargebacks. Plus, any platform where money is changing hands will be targeted by fraudsters looking to make a quick buck. What do merchants need to know about fraud and chargebacks on Google Pay?
Google Pay lags behind Apple Pay in terms of market share, but there are still 25 million people making payments with it in the United States. And Apple Pay is of no use to anyone who doesn’t own an iPhone, of course
More than 50,000 websites now accept Google Pay as a method of payment, and that number is continuing to climb steadily.
As the global COVID-19 pandemic has driven up interest in touch-free payment methods, digital wallets and mobile payment apps have swiftly gone from novelty to necessity in the minds of many customers.
Merchants can attract and retain more customers by accepting these payment options, but they need to go into it with an understanding of not just the basic mechanics of how these transactions work, but also how effectively they're secured against cyber-attacks and what the dispute process looks like when Google is involved.
How Does Google Pay Work?
The customer simply holds their phone near the merchant’s NFC-enabled terminal and Google Pay will complete the transaction wirelessly. The customer authorizes the payment with their own phone, so they never need to touch the merchant’s terminal or sign anything.
Users can add different credit or debit cards to their Google Pay accounts and can use any uploaded card to fund their transactions. When a Google Pay transaction is initiated, the app generates a virtual account number that is transmitted to the merchant’s terminal for processing.
In an e-commerce setting, merchants can offer Google Pay as a checkout option, similar to PayPal. The customer will provide Google Pay with their login credentials to authorize the transaction, and checkout can proceed as usual from there.
Is Google Pay Secure?
Google Pay uses effective, up-to-date security protocols to keep customer data safe from fraudsters, hackers, and unethical merchants. There are three key elements to Google Pay’s security features.
First, it stores the user’s payment credentials in an encrypted format on Google’s servers. While no company can ever guarantee total safety from a data breach, you can reasonably expect that Google will spare no effort to protect the integrity of Google Pay.
Google Pay also requires users to log into their smartphone and then separately log in to the Google Pay app in order to authorize a transaction. This makes it extremely difficult, if not impossible, to make unauthorized Google Pay transactions by accident, or with a stolen phone. NFC-enabled terminals also can't be rigged to initiate transactions without the user’s knowledge.
Lastly, the use of tokenization protects the customer’s payment credentials at the point of sale. The merchant receives only a newly-created, single-use virtual account number, not the actual payment card account number.
If the merchant’s computer is hacked, the data can't be used to make unauthorized transactions or create cloned credit cards. This is similar to the way EMV chips work, and that technology has been extremely successful at reducing fraud in card-present environments.
When there is fraud on Google Pay, it's often because a fraudster succeeded in using a low-tech method such as phishing or social engineering to convince a user to divulge their login credentials.
Google Pay does have one particular vulnerability for brick-and-mortar merchants. Stolen credit card information can't usually be used to make purchases from these merchants, since fraudsters can't easily write that information onto an EMV chip the way they can with a magnetic stripe. However, fraudsters can create a Google Pay account and add the stolen credit card information, allowing them to make purchases using NFC-enabled payment terminals.
Fortunately, right now it seems unlikely that many fraudsters would go to the effort of doing this. It's much easier to use stolen credentials to buy things from e-commerce websites from the comfort of their own homes, and in-person purchases in countries other than the ones the cardholder lives in often set off red flags at banks that will get the card canceled more quickly.
If e-commerce merchants significantly bolster fraud prevention across the board, however, the scales may shift enough to make this a more appealing method of attack.
How Do Chargebacks Work Over Google Pay?
Once the cardholder contacts their issuer with their dispute claim, the issuer contacts the card network, and the card network then contacts Google Pay. Google will email merchants with the details of their chargeback and request any supporting documentation that can be used to fight the dispute.
After the merchant responds, Google will review the documentation. If Google believes the merchant’s claim has merit, they will submit a representment of the charge, along with the merchant’s evidence, to the issuer. The issuer will then render a decision on whether to uphold or reverse the chargeback. Google Pay will credit back transaction fees for transactions that get charged back, but chargeback fees will apply if the chargeback is upheld.
Despite the fact that the chargeback process through Google Pay is mostly the same as a typical credit or debit card chargeback, many merchants report a lower rate of success fighting chargebacks through Google Pay. While the reasons for this aren't entirely clear, it could be that Google Pay has a higher rate of true fraud as compared to friendly fraud. Chargebacks on payments made with Google Pay may also be harder to fight because less information is gathered from the customer.
Banks may see the lack of address verification, CVV confirmation, or other traditional anti-fraud measures as making it more likely that a customer's false claim of fraud is true, especially if they're not completely familiar with the security measures Google Pay has in place.
The chargeback process with Google Pay is largely similar to the chargeback process merchants are already familiar with. Merchants can avoid chargebacks over Google Pay by following the same best practices they should already be using—for example, obtaining tracking numbers and delivery confirmation for all orders, documenting all communication with customers, and clearly presenting their terms and conditions of purchase to the customer before finalizing a sale.
Merchants should always respond as quickly as possible to Google Pay chargeback notifications to give Google as much time as possible to review and prepare representment. Staying on top of notifications can be one of the more challenging aspects of chargeback management for busy merchants, but it is essential to defeating friendly fraud and other invalid chargebacks.
Remember that when chargeback management feels overwhelming, there are always professionals like the experts at Chargeback Gurus ready to step in and help you craft a plan of action that can put you back in control of your disputes and chargebacks.