You might have read yesterday that a security researcher claimed to have found a vulnerability in Samsung Pay which enables hackers to wirelessly steal credit cards. Samsung has taken its time to come up with a detailed response to the claims made by the security researcher and has also provided details about how the tokenization process actually works and just how secure it is. Samsung has also created a document which provides FAQs about this entire process so that those who are concerned about Samsung Pay security can put their trust in the mobile payments service once again.
“Keeping payment information safe is a top priority for Samsung Pay which is why Samsung Pay is built with highly advanced security features. It is important to note that Samsung Pay does not use the algorithm claimed in the Black Hat presentation to encrypt payment credentials or generate cryptograms. Samsung Pay is considered safer than payment cards because it transmits one time use data at the vast majority of merchants that do not yet have EMV (smart payment) terminals. With Samsung Pay, users do not have to swipe a static magnetic stripe card,” the company said in a statement.
The document it has created starts off with the basics by describing what Samsung Pay is. It then dives into the technical bits by explaining what a token and cryptogram is and how it is generated. Samsung also explains whether or not it's possible for a hacker to steal a token to make a fraudulent payment. It provides detailed information on how Samsung Pay handles tokens to ensure user information is safe and secure while trying its best to put the concern to bed that it's possible for someone to make payment using a stolen token. If you have been concerned about using Samsung Pay following the security researcher's findings you should certainly read up on all of this.