Samsung Pay vulnerability allows paying without the device

Samsung Pay

Samsung has been marketing how easy and safe it is to pay through its Samsung Pay service and while the first part is true, the safety claim has run into an issue. A security researcher has published a way wherein a hacker can intercept the ‘tokens’ that Samsung Pay generates to make payments without needing the device or for that matter, even be present in the same country.

According to Samsung, “Samsung Pay keeps payment information separate and doesn’t store or share it” but the researcher found that the app-generated token is active for a number of hours, which is more than enough to make a fraudulent transaction.

Apparently, all supported credit cards are affected by this hack but gift cards are not affected as Samsung Pay requires to scan a barcode.

Meanwhile, a statement released by Samsung does not confirm the vulnerability but tries to assure the security of Samsung Pay and has promised to plug the vulnerability, if they find any, as soon as possible.

Source