Samsung downplays Def Con 24 claims that Samsung Pay can be hacked

10 Aug 2016

Are mobile payments safer than payments cards?

Korean tech giant Samsung has downplayed claims that Samsung Pay, its contactless mobile payments rival to Apple Pay, has a vulnerability that could potentially allow hackers to skim cards and make fraudulent payments.

It has been a tumultuous week for payment security and for Android, in particular. News emerged that Oracle subsidiary Micros, the third biggest point-of-sale player in the world, may have suffered a data breach, and revelations also emerged that 900m Android smartphones are vulnerable to a new QuadRooter risk.

In a presentation at hacker convention Def Con 24, Salvador Mendoza claimed that attackers can intercept or fabricate payment tokens, the codes generated to represent credit card information.


Are mobile payments safer than payments cards?

According to The Verge, Mendoza demonstrated how a wrist-mounted device can be used to skim tokens and potentially fabricate payments.

However, Samsung has downplayed the flaw and said that its service does not use the algorithm in Mendoza’s presentation.

“Keeping payment information safe is a top priority for Samsung Pay, which is why it is built with highly-advanced security features,” the company said in a statement.

“It is important to note that Samsung Pay does not use the algorithm claimed in the Black Hat presentation to encrypt payment credentials or generate cryptograms.

“Samsung Pay is considered safer than payment cards because it transmits one-time use data at the vast majority of merchants that do not yet have EMV (smart payment) terminals. With Samsung Pay, users do not have to swipe a static magnetic stripe card.”

Mobile payments image via Shutterstock

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years