How do scams work using Google Pay and Apple Pay?
Google Pay and Apple Pay themselves are secure payment technologies, but scammers misuse them through social engineering — tricking victims into authorising payments to fraudulent accounts using the same convenience that makes the apps popular.
Last reviewed: 10 June 2026
Explanation
Google Pay and Apple Pay use tokenisation and biometric authentication to make card payments highly secure from a technical standpoint. Fraud involving these services almost never involves breaking the technology; instead, it involves tricking users into willingly authorising payments through emotional manipulation.
Phone-based scams are the most common vector: a caller claiming to be from a bank fraud team, government agency, or utility company directs the victim to open a payment app and send money to a safe account or to settle an overdue balance. The caller may know personal information about the victim to add credibility. The victim's biometric authentication authorises the payment — the security measure is bypassed through human trust, not technology.
In-person social engineering also occurs: a person approaches you with a phone, claiming to have sent you money via Apple Pay or showing a false payment confirmation, and asks you to send them money in return. Verify all incoming payments in your own banking app before sending anything.
Phishing for Apple ID or Google account credentials is indirectly related: with access to your Apple ID or Google account, an attacker could potentially add their own payment method or access payment history, though the apps' security design limits this risk significantly with device-bound authentication.
Common red flags
- Any caller asking you to open a payment app and send money to resolve an issue
- Person showing you a payment confirmation screenshot and asking for money in return
- Claimed emergency that creates pressure to authorise a large payment quickly
- Request to add a new card to Apple Pay or Google Pay at someone else's direction
- Email or message requesting your Apple ID or Google account credentials
- Government agency, utility, or bank that claims payment must be made via Apple Pay or Google Pay
What to do now
- Verify any incoming payment in your bank's own app before sending funds in return
- Remember that no legitimate government agency or utility uses Apple Pay or Google Pay as a payment demand channel
- Hang up on any caller asking you to open a payment app — call back on a verified number
- Enable strong authentication on your Apple ID and Google account with a password manager and 2FA
- Report fraudulent transaction requests to Apple or Google and to your bank
- File a report with the FTC if you sent money in response to social engineering
Frequently asked questions
Can scammers steal money from Apple Pay or Google Pay without my knowledge?
Unauthorised transactions through these apps are rare due to device-bound biometric authentication. The more realistic risk is being socially engineered into authorising a payment yourself, or having your Apple ID or Google account compromised to access payment data.
Is a contactless card payment safer than Apple Pay or Google Pay?
Apple Pay and Google Pay are generally considered at least as secure as contactless physical card payments because they use tokenisation, meaning your actual card number is not transmitted. Physical card contactless payments are also relatively secure but carry marginally more risk from skimming devices.