Samsung Pay is one of the most popular mobile payment methods in big markets all over the world today. It’s a direct rival to Android Pay and Apple Pay but the South Korean company’s is limited to only a few Galaxy models but it’s coming soon to the latest Gear S2 and S2 Classic as it’s Beta ready already. The service also recently launched in Brazil, Puerto Rico, Australia, and Singapore in the past couple of months.
According to one study, Samsung Pay satisfies more consumers than Apple Pay for many reasons. We haven’t heard any problem about the system until today. We just learned that some Samsung Pay error has allowed hackers to skim several credit cards. The idea is that the tokens used in recent transactions can be stolen and then used for future transactions. According to a security researcher, Samsung Pay’s security is limited and can be exploited.
The problem is that credit card data can be translated into tokens that can then be hacked or duplicated. It’s supposed to secure the information but unfortunately, it can be predicted in the new purchases. Any token can be stolen by anyone easily as predictions can be made. The unfortunate result is a possible card skimming. Security research Salvador Mendoza showed off his experiment in a YouTube video:
It was a success. A token sent to a friend who lives in Mexico and where there is NO Samsung Pay. The idea is that a friend will receive a token while in the country. With the use of a magnetic spoofing device, he was able to duplicate the information.
That’s amazing but scary if you’re on Samsung Pay. Mendoza isn’t making this public to teach hackers by giving step-by-step instructions but rather to serve as warning to whoever is responsible for the security of the mobile payment method, as well as, to other groups who are venturing into this kind of service.
No official word if, how, and when Samsung would be releasing a fix for this issue.
UPDATE: Samsung has officially responded to the claim and reiterated that the mobile payment service is “built with highly secure technology” and explained that for every transaction, a digital token is made and encrypted. This token, which can only be used one, comes with a certificate information that passes through multiple security layers. The idea is that no one, not even the retailers or merchants, can see any card data. Read Samsung’s Official Statement
VIA: ZDNet
“The idea is that the tokens used in recent transactions can be stolen and then used for future transactions. According to a security researcher, Samsung Pay’s security is limited and can be exploited.”
What a load of bunkum; you are stating to sound like Donald Trump—all bullshit …