Random Thoughts – Randosity!

Rant Time: Google Wallet Verification

Posted in best practices, botch, business, california, personal security by commorancy on March 22, 2014

So, I know how much everyone love my rants. Well, here’s another one. This falls under personal security and internet security common sense. Today, let’s explore the safety of Google Wallet and it’s so-called verification system.

What is Google Wallet?

Basically, it’s another type of payment system like Paypal or Amazon checkout. Effectively, it’s a way to pay for things or send money on the Internet using Google. That’s about as simple as it gets. Who uses it? I certainly don’t nor will I ever if Google doesn’t change its ways.

Verification of Identity

Like most other payment systems, they want to know who you are. Or, at least, that the person who is wanting to use the payment system owns the card or bank accounts added into their system. However, each one of these payment systems usually does verification in similar ways. For example, Paypal verifies you by requiring you to add a checking account (i.e., routing and account info) and then adding a small amount of money to your checking account. Later, you enter those two tiny amounts of money into their verification panel and you’re all set. That’s pretty much it for Paypal. This is similar to other financial institutions like E-Trade.

Google’s Verification = Stupid

And I thought Paypal’s verification was stupid. Leave it to Google to diverge and make it even more difficult. In the verification form, Google requires you to enter your social security number, your birth date, your home address, your phone number and various other information that could easily lead to identity theft. Then they require that you submit it. Information, I might incidentally add, that is not required for you to use an established credit card or bank account for payment. After all, banks are already required to identify you before opening an account. This is the whole reason why Paypal’s verification system is enough. Paypal merely hangs onto the coattails of the bank that has already previously verified your identity when you opened the account. I digress.

When their entry form doesn’t work, they require you to attach a PDF document of a government issued identification card. Not only is that stupidly manual, who the hell know what Google is going to do with that PDF file once you send it to them? Why would you want to do this anyway? Seriously, you’re not opening a bank account with Google. You’re not getting anything out of it by sending this to Google. And, you’re opening yourself up to huge personal risk by leaving PDF documents of your identification cards floating around on the Internet for hackers to find. Seriously, what is Google thinking here?

For me, that’s a big red flag and a BIG FAT NO to Google. I have no intention of providing any physical paperwork to a private corporation. If you can’t figure out proper method to identify the user electronically, that’s not my problem.

Legal Compliance?

I know that Google claims that this is all in the name of Federal compliance, but I’m quite sure the compliance laws don’t require you to verify a user using any specific implementation techniques. Clearly, Paypal is able to comply with these laws without requiring a PDF version of physical government issued identification. The reality is that Google also does not need a copy of this. That they claim that this is required to fulfill legal obligations is smoke and mirrors.

No, it’s quite clear, Google’s verification system is broken and completely unnecessary. They can certainly comply with all identity verification laws without resorting to asking for a copy of your identification be submitted to them in PDF or any other format.

Merchant Requirements

In fact, while credit card issuers like Visa and Mastercard don’t forbid asking for identification when using a credit card, the merchant must still accept the card for payment as long as it’s properly signed without seeing an ID. Because Google wallet requires actually seeing your identification before using some services with your credit card, this violates card issuer rules regarding the requirement for seeing identification before purchases. On the other hand, unlike a retailer who has the physical card in hand, Google cannot see your card and whether it’s signed. But, the spirit of this rule remains. Using a method of charging a small charge to the card and asking you to check the statement, then supply that dollar amount should be enough to verify that you own that card and that you have access to statements… just like Paypal and E-Trade.

Because a lot of statements have now become e-statements online, the small charge method doesn’t necessarily verify your physical address. Though, if they need to verify your physical address, they can simply send a postcard with a code. Then, have you enter that code into a verification panel once you receive it. In fact, this is really the only method that will verify your physical address is valid.

Google Wallet’s Usefulness?

With all of that said, Google has failed to make any traction towards becoming a defacto wallet. In fact, there are so few merchants that actually use Google Wallet, it’s probably safer not to verify with Google. Being as unused as it is around the Internet and seeing as Paypal is the primary method of paying for things today, it’s too much of a personal risk to submit PDFs of your passport or drivers license to a random corporation. You have no idea where that PDF might end up. Though, it will likely end up on Google drive because Google likely requires its employees to eat Google’s own dogfood (i.e., uses its own services).

And since the risk of using Google drive is as yet unknown with all of the Facebook-like features that Google has added (and continues to add), it wouldn’t surprise me to find Google internal documents accidentally shared through a Google employee’s personal account via Google+. This would obviously be bad for Google, but it wouldn’t surprise me. That’s why you don’t upload PDF files to corporations like Google. In fact, I wouldn’t share PDF files of that type on any network drive unless it’s encrypted and passworded. Better, don’t put it there in the first place.

Companies requiring copy of a personal ID

Personally, I won’t do this type of ‘give me a copy’ verification for any company unless I’m opening a bank account, credit card or need to provide it for some specific financial transaction. Even then, I will only transact that business in person and allow the person long enough time to see the documents to get what they need from it. And no, they are not allowed to photocopy it unless there’s some specific requirement.

I especially won’t do this with companies as big as Google or Microsoft when no transaction is involved. As companies grow larger and larger, employees get more and more careless in document handling. Asking for photocopies of identification cards, social security cards, credit card faces or any other issued card is not cool and I have no intention of ever providing that to a company for any identification purposes unless I’m actually performing a transaction. I won’t do it for ‘just in case’ services that I may never use. Doing so stupidly leaves a financial time bomb out there ready to be exploited.

The most they need is the number off of the face. If a company cannot make do with what’s printed on the face of the card (by being typed in), they get nothing. Just like giving your check routing information to a company such as Paypal is like writing a blank check, giving copies of physical documents to corporations is tantamount to identity theft. I simply don’t trust corporations with access to copies of my physical documents.

Though, were Google to set up a storefront and I could walk in and hand my card to someone to visually inspect and then maybe have them swipe it (although, I’d prefer not), I’d be somewhat okay with that. But, knowing a PDF file is floating around on the internet somewhere with a copy of my physical card, that’s not in any way cool. I will never do that for any corporation sight unseen no matter who they are. Since there’s no way to transact business with Google in person, there’s no way I’ll ever verify my identity for Google Wallet.

Tagged with: , , , ,

19 Responses

Subscribe to comments with RSS.

  1. Johnny said, on February 5, 2017 at 3:05 pm

    I just went to buy something in Play store. A popup appeared with payment methods, Paypal being one of them. I thought it was going to be a typical enter paypal creds and accept the deal scenario. NOT WITH GOOGLE.

    First there was this “error, try again” stupidity after I entered paypal creds and then google creds. Well, as expected trying again didn’t help. So I went to the help pages where I was told my account was suspended, no reasons given, and I should use a verification form. The form was as described in this article where they wanted my dob, id, bank statement scan and what not maybe a scan of my butt ha ha what a joke.

    But the best bit was this part: “To protect your information (…) cover all numbers, except the last 4 digits, with a piece of paper or your finger” and then that picture of a card with a finger covering the digits LOL

    I have no idea why I can’t just pay like in every other shop but this is Google after all so no surprises. Usability has always sucked at Google and this is yet another example.

    One thing is certain. Out of all the things they want the only one I can send them is a picture of my finger, you know which one.

    • commorancy said, on February 5, 2017 at 3:50 pm

      Thanks for your story. Yes, let’s all give Google the finger. 🙂

  2. patrick said, on October 18, 2015 at 11:49 pm

    I think I’ve been convinced to reconsider my purchase. I should be thanking Google for suspending my account 2 hours after I opened it. What the hell was I thinking. Its been a week since I gave them my social security number. The last 4 digits that is – they already had all the other info from the credit card apparently – amazing!! So this was good. A week to reflect on whether I should be giving my money to Google. I was trying to open a Google Play Developer account btw, a $25 transaction directly with Google. I guess they don’t want my money, or another developer on their platform. 😦

  3. Kettle said, on August 26, 2015 at 10:40 pm

    Agreeeeeeeee
    I am NOT going to send pdf files of my government issued id. I am okay with not purchasing anything on google app store but your app developers might not…

  4. Lisa Lindy said, on November 25, 2014 at 4:02 pm

    Thank you for the information. You can still send money to other Google wallet users without the stupid verify nonsense. I wonder—-why the lie about ‘needing the information’ as it sounds so pat that it seems like a philish or something. Any opinion on that? Or, are they trying to fumboozle the Ukrainians, meaning they won’t try to hack something so stupid?

    • James said, on July 17, 2016 at 9:53 am

      NO YOU CANT….Just tried to send money and receive money…cant do it..I’ve gotten 2 emails already…the first wanting copy of DL and a bill(phone, electric..etc..) that has my home address and my complete SS number…I filled in the form with the pictures of the DL and bill. 24 hours later…still not enough…they claim they cant verify my SS number and want a copy of my SS Card…REALLY

      • commorancy said, on July 17, 2016 at 10:55 pm

        Hi James,

        This is a totally separate and relatively new federal government requirement. The US federal government now requires a physical address and identification information to open a bank account and to send money from an account to someone else. The reason for this is because of terrorism. Banks are now required to collect your address and identifying information to ensure you aren’t sending money to support a terrorist organization. It’s yet another big brother move by the US government. However, as long as your PP account has a bank account on file and a credit card, you shouldn’t need to do any of what they are asking unless the amount of money you are attempting to send is very large. If you want to avoid this issue, the best way is to have the money recipient send your Paypal account a request for the money first. This transaction is seen by Paypal as a payment for goods/services rather than as a money transfer.

        Though, nothing will prevent Paypal or Google or even Amazon from asking for extended identity information if there is anything suspicious in what you are doing. I still wouldn’t agree to send PDF copies to anyone via email without some security measures in place. You should ask Paypal if they offer a service to securely transfer these documents for their use. If they say no, then you have the right not to send it to them and explain to them why. It is not your obligation to provide secure transfer of your documents. Paypal requested these documents, it is their responsibility to provide a secure transfer method and to ensure your documents are protected in transit and are promptly destroyed once viewed.

  5. Mohammed said, on November 22, 2014 at 2:44 pm

    Thanks for expressing my frustrations and concerns so well. Like the other contributors I’ve been left angry and frustrated after trying to purchase 69p whatsapp by adding paypal method in wallet. Immediately it suspended my account until I could be verified by sending i.d. Spoke to a woman at Google and she just kept apologising and saying there was nothing else she could do and the account would only get re-instated once they recieved the id. I explained that Paypal had done all the checks and that I was paying through them but it was totally pointless in end.

    My frustration has increased tenfold after buying a GooglePlay prepaid card for a tenner thinking it will bypass all the security rubbish but low and behold I cannot redeem the voucher until I have sent in my ID and the account remains suspended. Would be grateful if anybody could explain this stupidity please! I’ve paid them already but they still want to know who I am. WHY?

    • commorancy said, on November 22, 2014 at 5:16 pm

      What I would suggest is open a second Google ID just strictly for buying apps. Only use prepaid cards on that account and you should be good to go. They shouldn’t require any ID for the new account if you only use prepaid cards. Though, with Google’s internal disorganization, never say never.

    • commorancy said, on November 27, 2014 at 7:43 am

      One other thing I would suggest. Since you can install the Amazon app store on pretty much any Android device, I’d suggest installing that store instead. Most bigger apps sold in Google Play are also sold in Amazon’s App Store. The benefit here is that when you buy apps with Amazon, you’re using Amazon checkout which doesn’t need verification by Google. This means, you can bypass all of Google’s stupid verification requirements and still get all the benefits of being able to buy apps for your Android device. Or, alternatively, dump the generic Android device entirely and go with an Amazon device or an Apple device.

      • James said, on July 17, 2016 at 9:59 am

        Ok you really are talking about 2 different things..you don’t need to set up Google wallet to purchase apps in the play store…you can use several different pay methods as well…CC, PayPal, bank account, debit card etc…

        GOOGLE WALLET comes in when you purchase, send or receive money from a third party…And yes google wants all your private information for you to do so…in hard copy(todays hard copy is a jpeg or pdf file)

        • commorancy said, on July 17, 2016 at 10:31 pm

          Hi James,

          Google has apparently changed the way wallet works from the time the article was written. At that time, Google was attempting to make Google Wallet the place for all transactions of any type. However, since Google Play store has arrived (which came far later than Wallet), the way Google accepts payment for apps and movies is now different and separate from Google Wallet. In fact, Google has distanced themselves from Google Wallet so much that it’s barely even used at this point. At least, it’s so infrequently used, there’s really no point in even considering using Google Wallet for anything.

  6. Luke said, on October 23, 2014 at 3:57 am

    Completely agree! Google asked me for all of this just because I added a Paypal account to my Google Wallet. If this is how they want to become the standard wallet, this is a big fail. I’m not going to send them anything and as you said, they reckon it’s to comply with legal requirements.
    The only problem is that Google wallet is the only way to pay for apps on the Play Store, so I can’t buy anything from there any more!
    Nice one Google – way to get people to trust you!

  7. John said, on September 25, 2014 at 7:51 am

    I was using google wallet fine until trying to make a £0.99 purchase was deemed to be suspicious activity. There was no way I was sending the ID to google, for three reasons; firstly as per your post it is unnecessary and purely a system designed by them with no legal basis, two, it will be in the T&C’s that they are not liable should my said ID be stolen by an employee or hacker, and lastly more and more governments can make an organisation hand over user details and whilst I am an suspecting individual with nothing to hide, i’d rather keep my details private.

    • commorancy said, on September 27, 2014 at 2:29 pm

      Hi John,

      I fully agree that Google has no need to know any of these personal details. I don’t use Google Wallet and never have any plans to use this service. I am seeing Google Wallet used more often than when I wrote the article, but it’s clear that as payment systems, Paypal and Amazon’s checkout are still, by far, the predominant payment systems.. with Paypal being the absolute biggest. There’s really no need to give Google any personal information when Google Wallet is so little used.

      Of course, because Paypal is pretty much the defacto payment system on the internet, it’s not out of the realm of possibility that Google outright buys eBay and Paypal and scraps Google Wallet.

      • James said, on July 17, 2016 at 9:55 am

        HAHA….PayPal will request a copy of your SS card if you ever try and move money onto your PayPal account.

        • commorancy said, on July 17, 2016 at 10:39 pm

          Hi James,

          Asking for SS number is only intended for use with transactions that require sending a 1099. If you set up a Paypal store, for example, Paypal may require an SS number be on file for tax implications. There may be other reasons for this as well, including government requirements. The feds always want their cut of taxes and have no qualms pressing businesses to make sure taxpayers are held accountable. Though, I’ve never been asked to give physical copies of any documents be sent to Paypal. While Paypal might ask for your number, rarely do they need a photocopy of the actual card.

          I’ve no idea why they would need a copy of the SS number to move money into a Paypal account. However, moving money out of it might require an SS number if you operate a Paypal store and even then, only for 1099 tax purposes. What that means is that Paypal will send you (and the IRS) a 1099 at the end of the year that you’ll have to file with your taxes.

  8. Minjar said, on April 9, 2014 at 1:14 pm

    Just came across your rant. The verification is frustrating me as well. Even if they intend to use the data solely for verification purpose, can they give100% guarantee that one of their employees will not steal my data, that my data will not be stolen when being transmitted to them (some of which is completely out of their control), that their servers will never be compromised, that no one can force them to give my personal details? If I was them I would ask only what I need to know. I don’t need the burden of carrying someone else’s passport, and I wouldn’t want to put my customers at risk. Google used to be a good company but now it has become just another stupid corporation.

    • commorancy said, on September 27, 2014 at 2:46 pm

      Hi Minjar,

      Sorry for the late reply, but I thought I would touch on some of your comments. Yes, it’s very frustrating when companies the size of Google (because they are the size they are) feel they can strongarm consumer data out of you. Well, that’s not happening here, at least for me. What Google is asking for is entirely unreasonable. There is no need for that level of data turnover to a private third party that has 1) no real need for that level of information and 2) has no obligations to keep it safe. In fact, in light of the recent information released about the government’s requirements for companies like Google to hand over data on a whim, there’s no way that Google needs to have that information. Per a US govt. request, they have to hand over whatever the govt. requests. If Google doesn’t have it, they can’t hand it over. It’s very simple.

      There are very few companies with whom I will hand over that level of information. The only companies that ever get that level of detail are banks, and specifically, banks issuing me loans for large purchases (like a mortgage or a car). I will not hand over that same level of information to a payment gateway to purchase $.99 cent books or $1.99 movies. That’s a ridiculous requirement for small purchases. There are too many other shops that don’t require that level of information, like Amazon. As an example, Amazon gives us far better selection with all the same types of content in a single store. Google’s store offerings are scattered and disorganized. The content locations are hard to find and even harder to view.

      Like, for example, if you buy a Movie through Google Play, you can only watch the movie with a special player that you have to download separately (even if you’re using Chrome). Not only does Netflix, Hulu and Amazon stream directly through the browser, they do it in HD. You can’t watch HD with most of Google’s content without downloading that special player. You can’t even watch your purchased movie content through Chrome directly, and this is Google’s very own browser. Seriously, what’s up with that? If Amazon and Netflix can stream their content directly through Chrome in HD, then so can Google. If Google can’t even be bothered to offer the same level of play convenience as their closest competitor, there’s no reason to even use Google for content offerings. Google’s executives just don’t get it.

      I don’t know what Google is thinking here, but it’s crystal clear that Google’s business model is a fractured disorganized mess. Why would I want to hand any private data over to an organization that’s that disorganized?


All comments are encouraged under the following rules: Comments will not be posted that contain personal attacks. Personal attacks only serve to degrade your comment, make you seem like a troll, weaken your stance and undermine your points. Please choose your words carefully. Thank you for contributing!

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: