Google knows a lot, like your new bank card number before you do

by | Oct 9, 2018 | Business, Data Regulation

piggy bank

Piggy Banks have always been the loose change keepers of children’​s savings

Related: Why your Facebook profile has not been cloned.
Ok, Google. What’s my bank card number?
Imagine playing your favorite app on your Android phone and you go to purchase a pack or booster item to improve your game play. You go through the process and reach the check out, only to notice there is a new card number on the list and your’s is gone.

Have you been hacked? Has someone else been using your account? Where did this payment card come from and is it valid to be used?

It appears that when your primary bank card is coming up to it’s expiry date, Google is able to request something direct from your bank. Your new card number, expiry date and validation code.

Today, the Technology Doctor prescribes you the strongest beverage within reach. Consume immediately and read on…This ones going to get Funky!

So what is a bank card?

If you’re absolutely sure you know what a bank card is (like most adults who use them regularly) then feel free to scroll past this section. For those who don’t know what one is…

It’s that little plastic rectangle that sits in your purse or wallet that allows you to extract your money in one form or another. Cash Machines, Chip & Pin, Online Retail…Your bank card is the key to passing over money to another bank account without the need to hold physical money.

In modern day banking, your bank card is also the primary access requirement to see your bank account online with a special card reader. Card in, punch pin, access code.

Depending on the type of banking account you have, this can be a credit card (pocket loan facility), debit card (limited by the available amount in your account) or a charge card (cash advance facility.) These cards can vary in the long number on the front, but will generally be a maximum of 16 digits long.

Bank cards come with expiry dates which means that once a card has expired, it can no longer be used.

On the back of your card, is a signature strip and between 3 to 7 digits to the right of that strip. The last 3 digits represent the validation code, or security code.

So bank cards are pretty handy, right?
And alas Mr Cardholder, we have your bank card, complete with chip…Totally expired.

In short, yes. Incredibly handy to have.

The downside is that bank cards can be cloned, stolen, just about used in almost every way to extract your money. In October 2017, 98.5 Million cards were issued and that’s not including Credit Cards or Charge Cards. 

In the January – December 2017 UK Finance report estimated that £731.8 Million was suffered in losses due to unauthorized transactions on payment cards, remote banking and cheques.

So how did Google obtain banking information?

In order to understand how Google achieved to obtain my information from my banking provider, I decided to do some research first.

Does Google Play tell me? To the Google Play Terms and Conditions!

To make this easier – Here is all the search terms I used, and their results:

“Card” – 1 Hit “subscriber ID and SIM card serial number”
“Bank” – 0 Hits
“Update” – 12 Hits but nothing about financial information

In short, nothing about how my bank card gets updated automatically.

Does Google ​tell me? To the Google Privacy Policy!

Again, to make this easier – Here is all the search terms I used, and their results:

“Card” – 0 hits
“Bank” – 0 Hits
“Update” – 4 hits, all relating to email marketing.

Again, nothing about how my bank card gets updated automatically.

This is a tough one to crack, sir.
So, where to now?

Google Play support. After all they are the ones who process payments, right?

So I sent a support ticket. Ironically, once you hit submit, you are never able to see what’s been submitted. In short, it asked about my specific cards and where the new card number come from.

Much to my surprise…Google responded.

And the answer was quite shocking. Below is a copy of that response from Google:

Fear not, text version below for the majority of us mortals with normal eyesight.

Hello John,

Thank you for contacting Google.

​My name is [BEEP] and I will be the Advanced Support Technician assisting you with your issue. I understand you had some questions regarding your payment methods. Not to worry I’m happy to help.​

After taking a look into things with my tools, it appears your bank updated your account info, as you mentioned your card ending in [CHA-CHING] is expiring soon and so it appears that they sent an update to our system to make a clean transition for you.​

[BEEP] If so, I’ll be happy to remove it from your account for you.​

If you have any further questions or need help, you can reply back directly to this email.​

Thanks, [BEEP]​

The Google Support Team 

Disclaimer: Google did not send me swear words and sound effects. Purely for impact and randomness.
It’s the bank who did it?

Google asked my bank for the details and they handed them over without the need to ask me my thoughts on the matter. Time to approach the bank on this to see what’s going on. With the introduction of GDPR back on the 25th May 2018, things like this should be an absolute no-no.

Have you ever had something similar like this happen to you? Let us know in the comments!

Related: Why your Facebook profile has not been cloned.

Sharing our blogs helps keep that content coming!

Coffee consumed to bring you this content: 3 Cups

Loading

Facebook Comments

16 Shares
16 Shares
Share via
Facebook
X (Twitter)
LinkedIn
Mix
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap