Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Security Flaw Discovered In Samsung Pay - expert comment

August 2016 by George Rice, senior director, payments at HPE Security - Data Security

Security researcher Salvador Mendoza recently discovered a security flaw in Samsung
Pay and discussed it during his Black Hat talk in Las Vegas. Basically Samsung Pay
generates tokens each time a transaction is made. The idea is that this will mask
the credit card information so that in the event it is intercepted, the details
can’t be seen by the hacker. However according to Mendoza, he claims that with
every token that Samsung Pay generates, the process becomes weaker and weaker till
the point where if used enough times, a hacker could predict future tokens and steal
them for use in another device.

The comments from George
Rice, senior director, payments at HPE Security.

“Mobile devices offer many consumer conveniences, which are often driven by the
quick and easy access to sensitive data. Mobile payments applications like Samsung
Pay are no different, storing an individual’s preferred payment cards in its
phone-based app. Many mobile wallet providers use surrogate card values called
payment tokens to reduce exposure of sensitive data when transmitting to the payment
acceptance business. This announcement of Samsung Pay’s security flaw highlights
that payment tokens still have value to criminals who may capture and use stolen
payment tokens for fraudulent transactions. Businesses and consumers must recognise
that mobile devices are inherently insecure data environments, and use a combination
of encryption and tokenization to achieve maximum protection of sensitive data.
Techniques like format-preserving encryption allow mobile wallets to encrypt credit
card information, payment tokens and personal information (e.g. date of birth, SSN)
immediately upon capture so the data is useless if even stolen by data thieves.”


See previous articles

    

See next articles












Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts