A while ago I had to freeze my card and request a new one because both the chip and pin and contactless features stopped working, for whatever reason. My new card arrived shortly after and I’ve been updating websites and services with my new card details as and when I come across one that has my old details.
Come to today, I was about to purchase a movie on YouTube when I noticed my old card was still present there. So I started the usual process of adding my new card and removing the old when I had a sudden realisation:
“If my new card isn’t in my Google Pay account, how have I been using Google Pay / Contactless everyday to process transactions?”
I had a look at Google Pay on my mobile and to no surprise, it was still setup to use my old card. It’s been working fine, no issues whatsoever, processing daily transactions as normal for over a month on my old frozen and replaced card. The transactions have been coming through to Monzo perfectly fine and as I’ve never had a payment decline I’ve not thought to change the card on my Google Pay account to the new one.
So that begs me to ask the question, how is Google Pay processing legitimate transactions on my old frozen and replaced card and what stops someone from obtaining my card and using it through Google Pay even if I freeze / replace it?
I am a little concerned.