Safety issue - Garmin Pay - sw 19.20

Hi,

I want to share with you a safety issue with Garmin Pay.

Experienced on Fenix 6x Pro firmware 19.20

Issue : in order to pay with Garmin Pay, you have to enter an unlock code (4 digits).

After payment, or after the delay, the Garmin Pay waller should be closed. In order to make anotyer payment, you have to type the code.

The problem is that, sometimes, the wallet does not relock automaticaly : the system does bot ask you the code!

I have declaired this security issue to Garmin Support. The guy told me he was able to experience the issue. I hope they are working on it...they do not feel in a hurry, which makes me feel very disappointed.

What to do : if your wallet is not protected anymore by the security code (after payment or after delay), just reboot the watch.

Reseting the wallet or the watch does not solve the problem for a long time.

Regards

Top Replies

All Replies

0 gaijin over 3 years ago

This is a feature, not a bug - I know, sounds weird, right? But here's the deal - if you take the watch off your wrist, the watch will no longer detect your heart beat and will lock your wallet. So, if you are worried about someone else using your already open wallet, that can't happen.

I guess the idea is that it would be bothersome to have to enter your unlock code multiple time for several transactions over a short period of time, so as long as the watch remains on your wrist, no need to re-enter your code.

I like it the way it is, but if you want it to change, or perhaps ask for a choice in the settings to lock the wallet immediately after every transaction, then you can request a change to Garmin.

I don't view this as a safety issue with Garmin Pay.

HTH

0 9615586 over 3 years ago in reply to gaijin

Thank you so much for your reply!

Cristal clear and very logical indeed.everything is fine.

I wish Garmin support could have replied such an answer immediately...they were to provide me with a RMA...such a shame

0 Viorel over 3 years ago

Quote from the user manual:

TIP: After you successfully enter your passcode, you can make payments without a passcode for 24 hours while you continue to wear your watch. If you remove the watch from your wrist or disable heart rate monitoring, you must enter the passcode again before making a payment.

"fēnix 6 Pro Series - Paying for a Purchase Using Your Watch" www8.garmin.com/.../GUID-BD8A6737-FFF6-4958-AA18-19CAF2A963B1.html

0 9615586 over 3 years ago in reply to Viorel

Thank you so much for these details and for the link.

Kind regards

0 jaamgans over 3 years ago in reply to 9615586

Note that wear os using GPay operates in a similar fashion in that if you take your watch off your wrist it will lock the watch, and you have to enter a pin. GPay while on your wrist and unlocked, doesn't need a pin.

Garmin's I feel is better and more secure for payment, however I do like the fact that wear os will lock your whole watch - which considering the details they contain these days, may be a better option.

0 -- over 3 years ago in reply to Viorel

There is a theoretical risk that someone grabs your watch, very quickly slaps it on their own wrist and makes payments without passcode all day long. My bank implements Garmin Pay such that you could spend everything on every account including savings, without a limit, so this risk, however small and theoretical, made me back out of Garmin Pay. It's all down to my bank - not Garmin.

But if I could set up a wallet with a spending limit, specifically for Garmin Pay, I certainly would use it.

0 Ɛpsilon over 3 years ago in reply to --

I set up a seperate Revolut account that I just transfer a few quid at a time into, solely for GP.

0 5135968 over 3 years ago

Because I wear an external HRM belt which disables the optical HR I am always asked for a PIN each time I use Garmin Pay, even if its only a few moments apart. I'd love it not to ask me each time!

Personally speaking I feel needing to use a PIN is overkill as the chances of losing a watch attached to your wrist is very low, and I never need a PIN with Google Pay on my phone and get asked for a PIN around 1 in 7 transactions with a contactless card

0 mcalista over 3 years ago in reply to --

-- said:
There is a theoretical risk that someone grabs your watch, very quickly slaps it on their own wrist and makes payments without passcode all day long.

I've just made 5 attempts to switch it from my left wrist to my right wrist, and every time it has required a new PIN.

Now maybe your hands are faster than mine and can do a left-right switch better than I can, but I would suggest that even if you were mugged for your watch, you can draw things out enough to require a new PIN.

0 Viorel over 3 years ago in reply to mcalista

"How to steal from the Garmin Pay wallet" how-to:

Before taking the watch off your wrist put a finger between the hr sensor and your wrist, then take it off while keeping the finger on the sensor