Update – A Samsung representative has since reached out to use witha statement about the report which you can read below.
While mobile payment solutions are highly convenient, and in some ways more efficient, there are still many who are a bit skeptical about it especially with regards to security and whether or not the payments are secure. Of course companies like Apple, Google, and Samsung have reassured users that it is safe, or at least until recently where a flaw was discovered.
Security researcher Salvador Mendoza recently discovered a security flaw in Samsung Pay and discussed it during his Black Hat talk in Las Vegas. Basically Samsung Pay generates tokens each time a transaction is made. The idea is that this will mask the credit card information so that in the event it is intercepted, the details can’t be seen by the hacker.
However according to Mendoza, he claims that with every token that Samsung Pay generates, the process becomes weaker and weaker till the point where if used enough times, a hacker could predict future tokens and steal them for use in another device. Mendoza claims he proved his theory by sending a token to one of his friends in Mexico who then spoofed it despite the fact that Samsung Pay isn’t available in the country yet.
It is unclear if Samsung has since fixed this flaw, but a spokesperson was quoted as saying, “Samsung Pay is built with the most advanced security features, assuring all payment credentials are encrypted and kept safe, coupled with the Samsung Knox security platform. If at any time there is a potential vulnerability, we will act promptly to investigate and resolve the issue.”
We are aware of a recent and inaccurate report regarding the security of Samsung Pay. We would like to clarify that Samsung Pay is built with highly secure technology and is the most widely accepted mobile payment solution available today.
Each Samsung Pay transaction uses a digital token to replace a card number. The encrypted token combined with certificate information goes through multiple security layers and can be used only once to make a payment. Samsung Pay is designed so that merchants and retailers cannot see or store the actual card data, and our customers are notified with each transaction. Multiple layers of security from Samsung Pay and our partners are in place to detect threats to security.
Security is our number one priority at Samsung — and always will be. We are committed to securing and protecting user data.
Samsung Pay is off to an amazing start and we are proud to offer the only mobile payment option that works almost anywhere you can swipe or tap a card today.