A security researcher has discovered limitations in Samsung Pay's security, which, if exploited by an attacker, could be used in another phone to allow someone else to fraudulently make payments.
The magnetic-based contactless payment system, which comes standard in many newer Samsung phones, works by translating credit card data into tokens so that a hacker can't grab credit card numbers from the device. But those tokens aren't as secure as one might hope. Expert explained that the tokenization process gets weaker after the app generates the first token from a specific card, meaning that there's a greater chance that future tokens could be predicted.
Read moreMonths before its technology became the centerpiece of Samsung’s new mobile payment system, LoopPay, a small Massachusetts subsidiary of the South Korean electronics giant, was the target of a sophisticated attack by a group of government-affiliated Chinese hackers.
As early as March, the hackers — alternatively known as the Codoso Group or Sunshock Group by those who track them — had breached the computer network of LoopPay, a start-up in Burlington, Mass., that was acquired by Samsung in February for more than $250 million, according to several people briefed on the still-unfolding investigation, as well as Samsung and LoopPay executives.
Read moreAt the Mobile World Congress in Barcelona earlier this month, Android smartphone giant, Samsung, released its mobile payments platform.
Samsung Pay has something that Apple Pay does not: Magnetic Secure Transmission that was actually developed by a company called LoopPay. While use of Apple Pay is limited to those merchants who deploy near-field-communication enabled point-of-sale terminals, the inclusion of MST means that Samsung Pay has the capacity to interface with existing mag-stripe reading point-of-sale systems. Magnetic stripe readers, of course, constitute the vast majority of payment terminals.
Read moreAxarhöfði 14,
110 Reykjavik, Iceland