Stay organized with collections
Save and categorize content based on your preferences.
Google Pay was designed to provide the flexibility required for an open
platform and protection for all users: the cardholder, merchant, network, the
merchant’s acquiring bank, and the card issuing bank.
Highlights of Google Pay’s security features include:
Network tokenization standards: When a cardholder makes a purchase using
a device token, Google Pay sends the token's DPAN rather than the
FPAN of the card. This “tokenization” provides your cardholders with an
extra layer of security.
Secure in-memory storage of limited-use keys (LUKs): Your cardholder’s
mobile device stores the primary key that generates transaction cryptograms
for contactless transactions. No other primary key data is stored on the
device.
Cardholders authorize payments: When ready to make a purchase, we use
device unlock to enforce network rules for transactions in your country.
This process serves as the Cardholder Verification Method (CVM) and
replicates the security of entering a server-verified PIN entry.
If you have been granted access to this content, make sure you are signed in with your
authorized Google account. If you are a partner who needs access, use the button below for
instructions on how to request access.
All rights reserved. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-10-16 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2024-10-16 UTC."],[[["Google Pay is built on an open platform with security measures protecting all parties involved in a transaction, including the cardholder, merchant, and financial institutions."],["Google Pay utilizes tokenization, secure key storage, and device unlock authorization to enhance transaction security and protect sensitive card information."],["The platform leverages Android's security features such as Play Integrity API, OS security model, and application permissions for robust protection."],["Google Pay replicates the security of a PIN entry through its Cardholder Verification Method (CVM) during payment authorization."]]],["Google Pay ensures security through network tokenization, using device tokens and DPANs instead of FPANs. It utilizes secure in-memory storage of limited-use keys for transaction cryptograms. Payments are authorized via device unlock, enforcing network rules and replicating PIN entry security. Device integrity is validated through the Play Integrity API, and the Android OS security model protects system resources and data. Application-defined permissions also contribute to security.\n"]]