So I have to ask...how secure is Samsung Pay vs ApplePay?
Not as secure without Touch ID, although in order for an unauthorized person to make a purchase using your phone they would have to know your passcode or somehow grab your phone before it locked, such as you set your phone down and went to the restroom. Someone could grab your phone but it is an unlikely scenario. As far as the payment platform itself, it is probably as secure, however I would never assume that Samsung wasn't skimming your purchase history.
Wait so Samsung only made SamsungPay for the sake of copying Apple? Seems foolish I would have adopted AndroidPay and spend the millions used on SamsungPay for some other innovation.
Depends on what articles you read. Some say the fees will apply after 2-5 years. They did say Google and Samsung couldn't get anyone to pay. All lot of those phones don't even have fingerprint support. And their wearables generally lack payment feature too.
It wasn't that they "couldn't get anyone to pay". In the time since Apple Pay rolled out both Visa and MasterCard along with others agreed on a set industry standard with rules for mobile payment processing. Those standards are also mandated to be free, and new rules prohibit banks from offering a cut of interchange fees. That's why Apple is unlikely to be able to get that .15% of interchange fees when contracts come up for renewal.
That's been the biggest holdup in getting ApplePay into other countries like GB. Apple is trying to stick to their guns and take a cut anyway.
Mmmm. 'Like GB'?
ApplePay has been thriving here for quite sometime.
Depends on what articles you read. Some say the fees will apply after 2-5 years. They did say Google and Samsung couldn't get anyone to pay. All lot of those phones don't even have fingerprint support. And their wearables generally lack payment feature too.
It wasn't that they "couldn't get anyone to pay". In the time since Apple Pay rolled out both Visa and MasterCard along with others agreed on a set industry standard with rules for mobile payment processing. Those standards are also mandated to be free, and new rules prohibit banks from offering a cut of interchange fees. That's why Apple is unlikely to be able to get that .15% of interchange fees when contracts come up for renewal.
That's been the biggest holdup in getting ApplePay into other countries like GB. Apple is trying to stick to their guns and take a cut anyway.
Mmmm. 'Like GB'?
ApplePay has been thriving here for quite sometime.
So I have to ask...how secure is Samsung Pay vs ApplePay? To me, its more than just the convenience of using my phone to pay for things, its also the amount of security it provides. I think a lot of people forget this...Apple didn't just invent ApplePay for the convenience, but also (and maybe more importantly), the fact that its far more secure than simply swiping your credit card.
The security aspect is often misunderstood. Here's a link that describes some of the feature differences between Apple Pay and Samsung Pay and where security is discussed as well. In a nutshell your transaction is just as safe using Samsung Pay as it is using Apple Pay or Android Pay.
http://www.phonearena.com/news/Apple-Pay-vs-Samsung-Pay-vs-Android-Pay-comparison_id77632
Hahaha.... No, absolutely not. MST = swipe card operation. Since Merchants are being told they are responsible for magstripe payments, merchants aren't allowed to use the magstripe unless overridden or it's the only option in their POS system. Like in Canada, if the NFC fails, you have to insert the chip, and if the chip fails, then you use the swipe card, and only after the merchant OK's it.
There is nothing stopping someone from "playback" attacks with MST, or even using stolen card numbers from the internet with the MST. In fact it would be less conspicous for someone using a Samsung phone to be using stolen card information this way, instead of stolen or cloned cards.
So this web-app lacks the all of the safety parts of Apple Pay, so it seems like it might just be a mea culpa to Apple so that online sites that only support Samsung Pay (eg Korea) operate on all devices in order to get Samsung Pay adopted.
The ultimate solution is to just have entering card numbers online stop and require an Apple-pay/Android-Pay/Samsung-Pay, etc secure element payment gateways like what happens with Paypal already. No more card numbers, there has to be some physical verification of the card being present. Too bad desktop NFC/chip readers aren't common or we'd have done it back when Chip+Pin was new or even back in 1994 when EMV was new. Maybe that should be the new thing. Remember the TPM chip? This would have been something that the TPM chip could have been used with to secure a hardware configuration. I suspect we'll see "secure elements" being introduced into computer screens at some point.
There is nothing stopping someone from "playback" attacks with MST, or even using stolen card numbers from the internet with the MST. In fact it would be less conspicous for someone using a Samsung phone to be using stolen card information this way, instead of stolen or cloned cards.
Gator doesn't know what a playback attack means, and neither does the writer of the article, saying that all those pay systems are "essentially" the same in terms of safety....
The only advantage of the SamsungPay system is its magnetic field emitter that allows it to operate on older credit card machines. Without that hardware in the iPhone, there doesn't seem to be any technical advantage to this App. Am I missing something?
Payments require 3 stakeholders: the buyer, the merchant and the bank. While Apple has been successful to attract iPhone users and banks, attracting merchants has not been overwhelming, especially in countries where the iPhone market share is less than 20%. Why would a merchant invest in the integration of a payment system into his IT infrastructure, if that payment system can only address 20% of his potential customers. Merchants prefer a single IT integration for all payments methods, not an integration per payment method That is the main reason why Samsung is building Samsung pay mini. It offers a solution to the Korean merchants that can address all Korean customers, also the Korean iPhone users. I would not be surprised that it were the Korean merchants who asked Samsung to build this solution. I don't see Samsung expanding this solution outside Korea
There is nothing stopping someone from "playback" attacks with MST, or even using stolen card numbers from the internet with the MST. In fact it would be less conspicous for someone using a Samsung phone to be using stolen card information this way, instead of stolen or cloned cards.
Gator doesn't know what a playback attack means, and neither does the writer of the article, saying that all those pay systems are "essentially" the same in terms of safety....
(sigh)
I could have said "Anton doesn't know how to do a payment transaction security comparison" but that wouldn't be true as I'm certain you do.
Yes, I've read of playback attacks and, while that makes me no expert like you and a couple of others would presume to be, as far as I can tell it has nothing to do with using Samsung Pay for any particular transaction instead of Apple Pay or Android Pay. For those transactions capable of being completed by the three they're all equally secure, correct? If for example three people check-out at the same NFC tap and pay register, one each using Apple Pay, Samsung Pay and Android Pay, all of those transactions were equally secured unless I've missed something, which is entirely possible. If so simply point it out. I've already said I'm not an expert and would appreciate learning more about it.
Being able to use it for non tap and pay transactions is a separate function than is impossible to compare since neither Apple nor Google offer it. It's simply an extension of payment options that potentially makes the service more useful, not less secure. NFC and tokenization is the default, same as the other two. The MST option that concerns you is a backup method to complete a transaction and only used when NFC is not available. http://www.nfcworld.com/2015/03/01/334390/mastercard-discusses-how-samsung-pay-works/
IMHO Samsung Pay (and to be honest I don't particularly like Samsung) could potentially be the most useful even if not best of all three at the moment (and equally as secure) since using it might encourage someone to use their smartphone for all in-store transactions. Nearly every brick 'n mortar retailer purchase could be completed using it whether registers have been updated to NFC or not so "leaving your wallet at home" when shopping might actually be workable considering the millions of cash registers that won't work with either Apple or Android Pay.
For those transactions capable of being completed by the three they're all equally secure, correct?
Not correct.
Samsung Pay MST is just as secure as standard magnetic stripe cards are...Which means, they are not, because there were numerous cases in the past that a local vendor/restaurant that accepted your card for payment, then uses a not very secure internet connection to send that card data as plane text (sometimes). And due to the tech, there is no such thing as tokens in that system.
Since MST simply imitates inductive currents in that pay-terminal that are normally created by a mag-stripe of a card and does NOT affect the transmission path after that, then it is safe to assume MST is no-where near the security levels of ApplePay and AndroidPay. Security-wise, Samsung "invented" a method that was invented several decades ago and has the same security flaws as the original pay-with-card method. In short - no reason to feel more safe with MST, because a new method still has all the security flaws of an old one (due to being based heavily on that old tech).
For those transactions capable of being completed by the three they're all equally secure, correct?
Not correct.
Samsung Pay MST is just as secure as standard magnetic stripe cards are...Which means, they are not, because there were numerous cases in the past that a local vendor/restaurant that accepted your card for payment, then uses a not very secure internet connection to send that card data as plane text (sometimes). And due to the tech, there is no such thing as tokens in that system.
Yes correct. You either don't know that Samsung Pay defaults to secure tokenized NFC like Apple Pay does or more likely IMHO do actually know but decided it was important to your argument to make believe it does not and avoid mentioning it.
If a transaction could be completed by Apple Pay then Samsung Pay (and Android Pay) would use the same secure communication method: NFC and tokens in place of your actual credentials. Exactly what I said.
You keep bringing up MST which only comes into play with transactions than neither Apple Pay nor Samsung Pay could otherwise complete. I expected a higher level of honesty from you rather than the purposely misleading track you've appeared to have taken. I don't like Samsung either but I try to resist using FUD to make them out to be worse than they are.
Samsung Pay MST is just as secure as standard magnetic stripe cards are...Which means, they are not, because there were numerous cases in the past that a local vendor/restaurant that accepted your card for payment, then uses a not very secure internet connection to send that card data as plane text (sometimes). And due to the tech, there is no such thing as tokens in that system.
Yes correct. You either don't know that Samsung Pay defaults to secure tokenized NFC like Apple Pay does
MST is not NFC and I was specifically talking about MST capability. My point was that so called MST, that is presented as a nice and additional "secure" feature, in reality is just as secure as normal methods of sending credit/debit card info. In other words, MST payments are yesterday of the payment tech...
Samsung Pay MST is just as secure as standard magnetic stripe cards are...Which means, they are not, because there were numerous cases in the past that a local vendor/restaurant that accepted your card for payment, then uses a not very secure internet connection to send that card data as plane text (sometimes). And due to the tech, there is no such thing as tokens in that system.
Yes correct. You either don't know that Samsung Pay defaults to secure tokenized NFC like Apple Pay does
MST is not NFC and I was specifically talking about MST capability. My point was that so called MST, that is presented as a nice and additional "secure" feature, in reality is just as secure as normal methods of sending credit/debit card info. In other words, MST payments are yesterday of the payment tech...
Doesn't Samsung's MST still use tokens in place of your actual credentials? If so it's absolutely more secure than a card swipe isn't it? You should read up on it so as to know. I'll even give you a good starting place:
http://www.samsung.com/us/support/answer/ANS00043865/997410383/
So as I read it you are still wrong but I'm open to new information.
Comments
That's funny.
Mmmm. 'Like GB'?
ApplePay has been thriving here for quite sometime.
The delay was due to disagreement over what Apple would get from the transactions
There is nothing stopping someone from "playback" attacks with MST, or even using stolen card numbers from the internet with the MST. In fact it would be less conspicous for someone using a Samsung phone to be using stolen card information this way, instead of stolen or cloned cards.
So this web-app lacks the all of the safety parts of Apple Pay, so it seems like it might just be a mea culpa to Apple so that online sites that only support Samsung Pay (eg Korea) operate on all devices in order to get Samsung Pay adopted.
The ultimate solution is to just have entering card numbers online stop and require an Apple-pay/Android-Pay/Samsung-Pay, etc secure element payment gateways like what happens with Paypal already. No more card numbers, there has to be some physical verification of the card being present. Too bad desktop NFC/chip readers aren't common or we'd have done it back when Chip+Pin was new or even back in 1994 when EMV was new. Maybe that should be the new thing. Remember the TPM chip? This would have been something that the TPM chip could have been used with to secure a hardware configuration. I suspect we'll see "secure elements" being introduced into computer screens at some point.
That is the main reason why Samsung is building Samsung pay mini. It offers a solution to the Korean merchants that can address all Korean customers, also the Korean iPhone users. I would not be surprised that it were the Korean merchants who asked Samsung to build this solution. I don't see Samsung expanding this solution outside Korea
Yes, I've read of playback attacks and, while that makes me no expert like you and a couple of others would presume to be, as far as I can tell it has nothing to do with using Samsung Pay for any particular transaction instead of Apple Pay or Android Pay. For those transactions capable of being completed by the three they're all equally secure, correct? If for example three people check-out at the same NFC tap and pay register, one each using Apple Pay, Samsung Pay and Android Pay, all of those transactions were equally secured unless I've missed something, which is entirely possible. If so simply point it out. I've already said I'm not an expert and would appreciate learning more about it.
Being able to use it for non tap and pay transactions is a separate function than is impossible to compare since neither Apple nor Google offer it. It's simply an extension of payment options that potentially makes the service more useful, not less secure. NFC and tokenization is the default, same as the other two. The MST option that concerns you is a backup method to complete a transaction and only used when NFC is not available.
http://www.nfcworld.com/2015/03/01/334390/mastercard-discusses-how-samsung-pay-works/
IMHO Samsung Pay (and to be honest I don't particularly like Samsung) could potentially be the most useful even if not best of all three at the moment (and equally as secure) since using it might encourage someone to use their smartphone for all in-store transactions. Nearly every brick 'n mortar retailer purchase could be completed using it whether registers have been updated to NFC or not so "leaving your wallet at home" when shopping might actually be workable considering the millions of cash registers that won't work with either Apple or Android Pay.
If a transaction could be completed by Apple Pay then Samsung Pay (and Android Pay) would use the same secure communication method: NFC and tokens in place of your actual credentials. Exactly what I said.
You keep bringing up MST which only comes into play with transactions than neither Apple Pay nor Samsung Pay could otherwise complete. I expected a higher level of honesty from you rather than the purposely misleading track you've appeared to have taken. I don't like Samsung either but I try to resist using FUD to make them out to be worse than they are.
So as I read it you are still wrong but I'm open to new information.