Google Pay: Vulnerability has been fixed, PayPal problem still exists

In February, major security vulnerabilities related to Google Pay were reported. If the PayPal account is stored in the app. The fraudsters may make unauthorized debits. The vulnerability is said to have been fixed. However, the problem still exists.

Unnecessary PayPal debits are due to credit card security vulnerabilities created by Google Pay. In order to protect the user’s identity and pay on a public terminal, Google Pay will create a virtual MasterCard for each purchase.

The Card numbers are almost indistinguishable from other card numbers. Since functions such as expiration dates and security codes are not always checked, fraudsters can guess many records and use them for purposes.

After the wave of fraud subsided, it is said that Google had secretly fixed the loophole that caused the problem. According to Heise, the fix may have been implemented within the past four weeks. The security researchers who discovered the vulnerability at that time were no longer able to reproduce the fraud.

PayPal via Google Pay: The difference in February has apparently been secretly fixed

In February 2020, cyber gangs abused a large amount of security holes in the PayPal PayPal virtual credit card to generate unauthorized debit cards for Google Pay. The researchers who discovered the gap at that time had already informed PayPal of the details in February 2019.

Although the company claimed at the end of February that it had finally “solved the problem” (which remained in the dark), the analysis by the research team showed that the gap remained exploitable. Now PayPal is said to have secretly improved: According to the researchers, a complete fix was only made within the last four weeks.

Other possible security holes

However, these problems have not been finally eliminated. Just a few days ago, there should be an unauthorized debit card (via Caschy’s blog). It is conceivable that another aspect has played a role here. Surprisingly, the payment was transferred to the Russian network and the email “noreply+support@google.com” which may not exist was used.

The Paypal account should be separated from Google Pay until the issue is clearly resolved and Google officially comments. The executed transaction cannot be cancelled in the future. To cancel a payment using Google Pay, users must first obtain support from a search engine group.

PayPal: again unauthorized debit

PayPal clearly has another problem. We remember that there was already a very big problem in February, which caused many users to get a lot of money.

Overall, this means that at least we have made recommendations, hoping to reduce the connection with Google Pay.

Security researchers caused losses to PayPal. The payment service provider narrowly unexpectedly narrowed its mouth and did not make any statement about obvious vulnerabilities.

Now some users complain about unauthorized debits. Some readers have already contacted us. They all reported several debits, each at 3.29 euros.

The debit is made by a Gmail account, but the merchant is listed as noreply+support@google.com.