An expired certificate has led to the repeated removal of linked American Express credit cards from user’s Google Pay accounts.
Starting yesterday, Google Pay users with linked American Express cards began receiving emails that Google removed their linked Amex card. These emails came as a surprise as the user’s Amex cards were not expired and canceled.
After receiving the emails, Google Pay users flocked to Twitter to see if they were the only ones affected. A quick search reveals that this issue is widespread and affecting users worldwide.
In response to American Express card users, Amex’s Twitter support account stated they were aware of the issue and are working on resolving it.
Amex also recommended that users add their Amex card back to Google Pay, but users found that their credit cards would be unlinked again in a few hours, according to Android Police.
In a statement to BleepingComputer, Google said an expired certificate is causing Google Pay to remove the American Express cards and that they are working on a fix.
“Earlier today we discovered that American Express cards of some of our users got automatically removed from Google Pay due to an expired certificate. We are working to fix this and people will be able to add their cards back soon.” – Google.
To protect customers’ data, companies utilize TLS certificates to encrypt communications between different devices and networks. However, if that certificate expires, communication between the two networks will no longer work and lead to outages such as seeing with Google Pay and American Express.
In 2020, security researcher Scott Helme warned that smart TVs, fridges, and IoTs would soon experience problems due to an impending root certificate set to expire on September 30th, 2021.
While this could be caused by updating the device’s firmware, the concern is that many people do not regularly perform software updates on their smart TVs or household appliances.