The SafetyNet API is the bane of root and custom ROM users everywhere. For those unfamiliar, it is part of the Google Play Services API that is designed to detect modified devices. If your system is tampered with in any way, be it rooted or a custom ROM, the SafetyNet check will fail. Android Pay, among other applications, uses this API and will fail to run if SafetyNet fails.
Reports are coming in from Reddit and our own tip box that SafetyNet appears to fail on some bootloader-unlocked devices, even if the device has not been modified in any other way. Devices confirmed to have issues include the Nexus 6P, OnePlus 3, and Nexus 6. Android Pay fails to add cards and process transactions on said devices.
Now before you get your pitchforks out, this may actually be a bug. Reports started coming in last night from Reddit, but newer comments claim the change has been reversed after waiting or rebooting their device. We reached out to Google for comment, but have not yet received a response.