NFC Google Pay transactions when phone is locked

Forums › Android › NFC Google Pay transactions when phone is locked - how to turn off?

jonathan18

7413 posts

Uber Geek

ID Verified

Trusted

#295897 3-May-2022 13:35

My default payment method is via Google Pay on my phone; it's a really convenient feature, but my concern is that my phone (an S10+, if that has any bearing) doesn't need to be unlocked for it to work, despite the GP app stating it should need to be (see screenshot below).

I've checked all the obvious things to ensure it's not unlocking automatically (eg smart lock - the only devices on that are our two cars, and I'm definitely not connected to them when paying for stuff; and it's definitely not a case of the phone unlocking via face recognition as I've tested for that). The screen is still locked when paying - all I need is to have the screen on, eg I can pay as soon as I double-tap the screen to display the lock screen, but not actually unlock it.

What really highlighted the risk was I bought a TV this morning: I was able to pay for it - a cost of over $2k - using GP, without unlocking the phone and without being asked for a PIN.

Can anyone advise me what's going on here, and what I may be able to do to ensure GP only works when the phone is unlocked? Also, who sets the transaction limit at which point a PIN is required, or is this never an option when paying by phone?

Thanks for any tip and ideas.

1 | 2

1575 posts

Uber Geek

ID Verified

Trusted

#2909651 3-May-2022 13:51

The easiest way I have found is to have NFC turned off and only switch it on when I need it; although I only have it as a backup option now, since I don't particularly fancy Google having easy access to my transaction history.

Doesn't seem to be any way to lock it with the phone that I can see, or even limit the transaction $$$. Maybe your bank might have more guidance?

Edit: For curiosity, I read up on my bank's policy (ANZ) and I can see they have a $200 limit before you need to unlock the phone, like Paywave

Behodar

10508 posts

Uber Geek

Trusted

Lifetime subscriber

#2909657 3-May-2022 14:08

My dad's grizzled about the same thing in the past, and he's got into the habit of manually toggling it off and on. I believe he's using an Alcatel of some description.

xpd

Geek @ Coastguard NZ
13767 posts

Uber Geek

Retired Mod

ID Verified

Trusted

Lifetime subscriber

#2909661 3-May-2022 14:16

I'm on a Samsung A72, and I have the opposite issue.... I want to be able to pay for low cost items without unlocking my phone, yet I have to unlock it each time. TBH though, I've not really looked into it either......

Gavin / xpd / FastRaccoon / Geek of Coastguard New Zealand

LinkTree

jonathan18

7413 posts

Uber Geek

ID Verified

Trusted

#2909662 3-May-2022 14:18

Thanks, Shinychrome. FFS, this is the default action? Ie, it's supposed to always function without needing to unlock one's phone?!

I stupidly assumed that requiring an unlocked phone would be a sensible default; or, if not, at least the phone user could set it to work this way.

But, yeah, my bank's site indicates this is the case: it says 'Make sure your phone is awake' (as opposed to 'unlocked').

As for limits without a PIN, something clearly sus here as my bank has the same limit: "If you’re making a payment that’s more than $80*, you’ll be prompted to enter your PIN. Due to COVID-19 (coronavirus), we have temporarily increased the contactless payment PIN limit to $200. This is to help reduce the risk of transmitting the virus as fewer people will need to touch the payment terminal.'

I joked with the salesperson he'd typed in $20.94 instead of $2094, but sadly that wasn't the case. Will give my bank a call to find out what went wrong.

Yeah, it does look like turning NFC on/off may be the only answer at the moment; I noticed it can be disabled when the phone is locked but must be unlocked to enable it, which is just as well...

michaelmurfy

meow
13247 posts

Uber Geek

Moderator

ID Verified

Trusted

Lifetime subscriber

#2909674 3-May-2022 15:07

Relax...

1) I work for a bank. I've worked for multiple banks.
2) If you're not stupid then you're protected by Visa's Zero Liability guarantee.
3) If you notice your phone is missing - mark it as lost. This also locks out Google Pay with the majority of phones out there.
4) Your bank can also remove Google Pay too, blocking your card will often block Google Pay with most banks as they're using a linked token.

As long as you let your bank know your phone is missing then you're totally fine. The majority of people won't know there is Google Pay on your phone and it is incredibly rare for this to actually get abused (over a stolen credit card / debit card with paywave). Regardless you're covered.

Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

jonathan18

7413 posts

Uber Geek

ID Verified

Trusted

#2909680 3-May-2022 15:24

Apparently, I'm not the first customer of this bank to recently report the lack of an upper limit before requiring a PIN on phone-based contactless transactions, despite what their policy says is in place, so at the moment if someone takes and uses:

my physical card, they'll be limited to transactions of NMT $200 each (given they'll need to enter a PIN over this amount).
my phone, it looks like they'll be limited solely by my credit limit!

Totally accept that's a risk the bank is taking on, and it appears to be an error on their side, but would still rather not be in the situation of having to deal with this.

Also, I still don't understand why the customer shouldn't be able to choose whether the phone needs to be unlocked before using NFC for payment, especially in the context of information from Google that contradicts the open approach of (at least NZ) banks. It's not going to stop me using GP, but I imagine (and indeed know) there are others that are put off by this.

freitasm

BDFL - Memuneh
79288 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#2909746 3-May-2022 16:17

Interesting because Google's policy is no unlock required up to NZ$ 80. How did you manage to pay a TV without unlocking is... strange.

Set up screen lock to make contactless payments - Android - Google Pay Help

Sharesies

Trade NZ and US shares and funds with Sharesies (affiliate link).

jonathan18

7413 posts

Uber Geek

ID Verified

Trusted

#2909756 3-May-2022 16:45

freitasm:

How did you manage to pay a TV without unlocking is... strange.

Totally; the person I spoke to said she'd recently had someone report the same thing (but with Apple Pay) and didn't believe them until I reported it happening to me.

The bank agrees it's not how it should be operating and is investigating; will report back if/when they provide me with more info.

roobarb

653 posts

Ultimate Geek

Trusted

#2909848 3-May-2022 21:23

Oh dear, I don't like that.

I just tried on my Pixel 6/Android 12 and was able to read the Google Pay credit card details using a contactless card reader when the screen was locked despite having the same settings.

I think it is a Google problem, not the banks, I am using a EU bank card.

roobarb

653 posts

Ultimate Geek

Trusted

#2909850 3-May-2022 21:35

There is another NFC setting

This made a difference, its value is not reflected in the overview list of settings.

nzgeek

618 posts

Ultimate Geek

#2909851 3-May-2022 21:39

It looks like the appropriate security setting is buried under the phone's NFC settings (Settings > Connected devices > Connection preferences > NFC). Look for a setting called Require device unlock for NFC.

This should require the phone to be unlocked for NFC to be usable at all. If you're anything like me, 95+% of your use of NFC is for payments, so this provides the control I want.

jonathan18

7413 posts

Uber Geek

ID Verified

Trusted

#2909856 3-May-2022 21:47

That would be the perfect solution to my concerns, but in its wisdom Samsung don't provide for that, at least on that page (or at all based on an initial search). Bugger.

freitasm

BDFL - Memuneh
79288 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#2909866 3-May-2022 22:33

Neither my Samsung (12) or wife's Huawei (11) have that switch.

wickedlolipoo

45 posts

Geek

#2909926 4-May-2022 00:23

Older model mobiles running on an older version of android can use NFC even if the phone is locked

Probably to do with the Android Version.

I remember being able to use google pay while I was using my Note 10 but when i switched to S21 I can no longer use NFC to pay while my phone is locked.

nzgeek

618 posts

Ultimate Geek

#2909928 4-May-2022 03:12

It looks like the "Require device unlock for NFC" setting was added all the way back in Android 10. You'd think that it'd be available on most mainstream phones by now.

I'm running a Pixel 3a, so it seems that Google are at least trying to maintain decent security on their own devices.

1 | 2