Privacy Ninja

Amex Cards Removed From Google Pay Due To Expired Certificate

Amex Cards Removed From Google Pay Due To Expired Certificate

An expired certificate has led to the repeated removal of linked American Express credit cards from user’s Google Pay accounts.

Starting yesterday, Google Pay users with linked American Express cards began receiving emails that Google removed their linked Amex card. These emails came as a surprise as the user’s Amex cards were not expired and canceled.

Google Pay email about the removal of American Express card
Google Pay email about the removal of American Express card
Source: AndroidPolice

After receiving the emails, Google Pay users flocked to Twitter to see if they were the only ones affected. A quick search reveals that this issue is widespread and affecting users worldwide.

Also Read: What You Should Know About The Data Protection Obligation Singapore

In response to American Express card users, Amex’s Twitter support account stated they were aware of the issue and are working on resolving it.

Amex also recommended that users add their Amex card back to Google Pay, but users found that their credit cards would be unlinked again in a few hours, according to Android Police.

In a statement to BleepingComputer, Google said an expired certificate is causing Google Pay to remove the American Express cards and that they are working on a fix.

“Earlier today we discovered that American Express cards of some of our users got automatically removed from Google Pay due to an expired certificate. We are working to fix this and people will be able to add their cards back soon.”

– Google.

To protect customers’ data, companies utilize TLS certificates to encrypt communications between different devices and networks. However, if that certificate expires, communication between the two networks will no longer work and lead to outages such as seeing with Google Pay and American Express.

Unfortunately, expired certificates have led to a growing list of outages over the past year, including Google VoiceSpotifyFacebook’s Tor siteGitHubSpamCop, and more recently, a related bug in Pulse Secure VPN devices.

In 2020, security researcher Scott Helme warned that smart TVs, fridges, and IoTs would soon experience problems due to an impending root certificate set to expire on September 30th, 2021.

While this could be caused by updating the device’s firmware, the concern is that many people do not regularly perform software updates on their smart TVs or household appliances.

Update 4/16/21 2:45 PM EST: American Express told BleepingComputer that the issue has been resolved and that customers can add their Amex cards back to Google Pay.’

Also Read: The Difference Between GDPR And PDPA Under 10 Key Issues

Thanks for reaching out. We are aware that some American Express Card Members had issues using or adding their cards to Google Pay. We’ve identified and resolved the issue. Customers should be able to add their Cards back into the Google Pay wallet. We apologize for any inconvenience this may have caused.

– American Express.

Outsourced DPO – It is mandatory to appoint a Data Protection Officer. Engage us today.

PDPA Training (SkillsFuture Eligible) – Empower data protection knowledge for your employees.

Vulnerability Assessment Penetration Testing – Find loopholes in your websites, mobile apps or systems.


Leave a Reply

Your email address will not be published. Required fields are marked *


Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.

Powered by WhatsApp Chat

× Chat with us on WhatsApp