According to Mendoza, Samsungs tokenization process, which replaces payment card data with random symbols during transactions to render the data useless to thieves, is not as randomized as it could be, potentially allowing malicious hackers to ultimately guess future tokens.
Additionally, the researcher showed that attackers can steal tokens from a users phone using a device that steals over-the-air signals from Samsungs MST technology, which mimics the magnetic stripes of payment cards in order to enable purchases at older point-of-sale terminals.
Samsung disputed the findings, noting that the report regarding the security of Samsung Pay is inaccurate.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now