Android Pay has turned out to be much more than a simple rebranding of Google Wallet. Google is working with banks to support cards natively and doing away with those virtual MasterCards altogether. However, the lack of support for rooted or ROM'd devices has irked power users. A Google engineer popped up on XDA to explain the reasoning and calm the mob.
When you install Android Pay, it checks to make sure your device passes the compatibility test suite (CTS) using the SafetyNet API. A rooted device doesn't conform to the security model, so Android Pay won't work. The thing that made this whole scenario annoying for the XDA crowd is that Google Wallet worked just fine, but Google's Jason Clinton clarifies the difference.
Google Wallet made use of virtual cards, which stood between your credit card and the retailer. Since your card number wasn't being used, Google was assuming all the risk. Android Pay actually tokenizes your real card number and supplies it to the payment terminal. In order to make sure your card is kept safe, stricter security is necessary. Working with banks also means Google doesn't have much wiggle room for securing cards.
This probably isn't changing any time soon. Clinton says he's not aware of any way to ensure an app's datastore is secure on a non-CTS-compliant device. Google will continue exploring what it can do for rooted users going forward, but the best we can probably hope for in the short term is a warning on the Play Store listing that Android Pay won't work on modded devices.
- XDA Forums