Table of contents:

PayPal: Unauthorized charges due to Google Pay
PayPal: Unauthorized charges due to Google Pay

Making payments with our watch or mobile is increasingly common. Google Pay is the king of mobile payments on Android and now, apparently, PayPal has a security breach for those who havePayPal and Google Pay linked.

Although Google Pay does not allow you to link a PayPal account, since we would need a physical card and a bank, we can link our PayPal accountto this service through the Google application store such as the Play Store.

One of the payment methods available in the Google Play Store is PayPalWhen we pay for an app through PayPal, we can decide that remember our account or not, so that it is easier to buy applications and not have to enter it each time.

If we have chosen to be reminded of our PayPal account, Google will add our account to Google Pay,but we will not be able to make transactions in places physical with her.

PayPal: Unauthorized charges due to Google Pay
PayPal: Unauthorized charges due to Google Pay

Now some hackers have managed to detect and take advantage of a security flaw in PayPal which reveals the numbers and expiration of the card PayPal virtual, except for the CVC code which is used by Google to verify the card.

I don't have a PayPal card, how do they steal our money?

In some countries PayPal has its own card, although not in Spain. In order to carry out transactions with PayPal funds, Google Pay creates a virtual card which is offered by PayPal, of which the owner of the PayPal account does not have proof, in order to be able to make payments in online stores.

Hackers have managed to get hold of the virtual card that links our PayPal funds, which could perfectly well be another credit or debit card, to the merchant in which we carried out the transaction.

Andreas Mayer, a German security researcher, discovered a similar flaw in PayPal in February 2019, but PayPal did not prioritize fixing of this security breach. According to Markus Fense, hackers have had different ways to get hold of the CVC code which is needed on different sites.

The first option that Fense explains, is the possibility that someone has observed the CVC number in a public place. The second option is that there is a malware which has infected our mobile and we don't know it, in order to be able to get hold of it. the number or, finally, making it up since, as we have mentioned before, this number is not essential in many places, such as Amazon.

As we know, in Amazon it is not possible to pay with PayPal, but it is possible with this card that Google Pay has to enable transactions made through PayPal. For the moment, where the most cases have been observed has been in Germany and the US

How do I know if I am affected?

To find out if this type of unauthorized payment has affected us, we will only have to go to our PayPal account and review the movements that He has suffered for the past few days. If we see that any of them does not fit us, it is best to contact PayPal customer service so that they can give us a refund or open a dispute if we are not satisfied with the product we have purchased.

On the other hand, we must highlight that in the PayPal account movements should appear in the "unauthorized" or pending charge, so this can already put us on notice and verify the different accounts to which we have linked our cards, whether they are credit, debit or even prepaid. After what happened, PayPal has solved the problem and reimbursed those affected for the stolen money.

How about the cunning of hackers? Have you been a victim of data theft?

Popular topic