The "magnetic secure transmission" is a bogus adhock feature that relies on the flawed design of magnetic card readers. Merchants should not allow it and Samsung should discontinue the feature. If a thief steals an unlocked Samsung phone, they could pay for a lot of stuff since no authentication is needed at the POS.
this is what happens when another company steal others' products not knowing the core intend of them.
They didn't steal anything, they acquired LoopPay for $250M. And don't try to rewrite history by claiming Apple Pay was the first mobile payments system, it came out years after Google, banks and telcos all had their own systems
Christ on a bicycle, did you… did you just play the 'security through obscurity' card?
Wow, things went south pretty damn fast. :-(
I can see how you could see it that way, but his point is a little more subtle than that since you're talking about a subset.
For a skimmer to work, a magnetic strip device has to be in place at the terminal. This means that all swiped cards as well as Samsung Pay users when using the feature they purchased from LoopPay. Skimmers are simple and cheap.
The alternative is to target ONLY Android-based devices, and then ONLY those that are made by Samsung, and then ONLY those that less than a couple years old, and ONLY when they use Samsung Pay, and ONLY when it's the LoopPay feature.
You just mentioned a lot of ONLYs that are actually quite common.
Not saying you in particular, but the Samsung apologists are out en force today. Samsung Pay is much less secure than Apple Pay...fact. Let's move on.
Worked for First Data for nearly 5 years. Largest transaction processing company in the world and handled Samsung, Android, and Apple Pay. Tried to explain to people a million times that the mag strip purchases, even with Samsung Pay, we're not a secure as the tokenized and encrypted NFC payments with Touch ID. There's a reason Apple left that technology out. It's dated and much easier to hack. Can't wait for Apple Pay to hit websites. Then I can use it for all my online shopping since some apps still haven't intergraded it yet.
Samesung Pay is Apple Pay and Android Pay with that added feature they acquired from LoopPay to allow the phone to send a signal on Mag Strip reader only machines when there wasn't NFC. This allows the phone to work at far more places in the U.S. You still have all the Flaws that Mag strip readers have.
At some point the Mag strip readers will be disabled and only chip cards and NFC will be allowed. LoopPay at that point will be worthless and make any issues with it mute. The biggest problem is really the banks dragging their feet. I'm still waiting around for my Chip card for my Debit/Visa card from my Bank for example. There was a big switch this last October where any fraud using a Mag strip card would be on the merchant and no longer on the bank IF the card was a chip card. If it's not, the fraud would still be on the bank. I guess the banks are making more then enough money and so are in no rush to get chip cards out to their customers. It's business as normal.
Once LoopPay is out of the picture, there's ZERO reason to even use Samesung Pay, I mean why? Might as well use Android Pay like the rest of Google's services. Samesung is trying to get a way to make money after the sale of their devices and so far it just hasn't worked out like their MILK Music streaming service. Here they are trying once again. In the end it'll fail also.
Christ on a bicycle, did you… did you just play the 'security through obscurity' card?
Wow, things went south pretty damn fast. :-(
I can see how you could see it that way, but his point is a little more subtle than that since you're talking about a subset.
For a skimmer to work, a magnetic strip device has to be in place at the terminal. This means that all swiped cards as well as Samsung Pay users when using the feature they purchased from LoopPay. Skimmers are simple and cheap.
The alternative is to target ONLY Android-based devices, and then ONLY those that are made by Samsung, and then ONLY those that less than a couple years old, and ONLY when they use Samsung Pay, and ONLY when it's the LoopPay feature.
You just mentioned a lot of ONLYs that are actually quite common.
Not saying you in particular, but the Samsung apologists are out en force today. Samsung Pay is much less secure than Apple Pay...fact. Let's move on.
Samsung Pay is as secure using NFC at registers that offer it. Samsung Pay is notas secure as Apple Pay when using the Loop-Pay tech they bought and rolled into Samsung Pay at registers without NFC. But it's still more secure than using your old credit card and more successful than using Apple Pay at one.
You just mentioned a lot of ONLYs that are actually quite common.
Not saying you in particular, but the Samsung apologists are out en force today. Samsung Pay is much less secure than Apple Pay...fact. Let's move on.
Samsung Pay is as secure using NFC at registers that offer it. Samsung Pay is notas secure as Apple Pay when using the Loop-Pay tech they bought and rolled into Samsung Pay at registers without NFC. But it's still more secure than using your old credit card and more successful than using Apple Pay at one.
So less secure than Apple Pay just like I wrote, right? And it's kind of silly to now make excuses for the Loop technology because that's a selling point that Samsung loves to use...available everywhere! Well it's now less secure everywhere! But feel free to keep defending it.
Also not sure what you mean by "more successful". Is Samsung Pay more successful because it uses an insecure technology that Apple doesn't use? They can have that "success".
Samsung Pay is as secure using NFC at registers that offer it. Samsung Pay is notas secure as Apple Pay when using the Loop-Pay tech they bought and rolled into Samsung Pay at registers without NFC. But it's still more secure than using your old credit card and more successful than using Apple Pay at one.
So less secure than Apple Pay just like I wrote, right? And it's kind of silly to now make excuses for the Loop technology because that's a selling point that Samsung loves to use...available everywhere! Well it's now less secure everywhere! But feel free to keep defending it.
Also not sure what you mean by "more successful". Is Samsung Pay more successful because it uses an insecure technology that Apple doesn't use? They can have that "success".
You just mentioned a lot of ONLYs that are actually quite common.
Not saying you in particular, but the Samsung apologists are out en force today. Samsung Pay is much less secure than Apple Pay...fact. Let's move on.
Samsung Pay is as secure using NFC at registers that offer it. Samsung Pay is notas secure as Apple Pay when using the Loop-Pay tech they bought and rolled into Samsung Pay at registers without NFC. But it's still more secure than using your old credit card and more successful than using Apple Pay at one.
So less secure than Apple Pay just like I wrote, right? And it's kind of silly to now make excuses for the Loop technology because that's a selling point that Samsung loves to use...available everywhere! Well it's now less secure everywhere! But feel free to keep defending it.
Also not sure what you mean by "more successful". Is Samsung Pay more successful because it uses an insecure technology that Apple doesn't use? They can have that "success".
For those transactions that can be completed with either Samsung Pay or Apple Pay they are equally as secure. Both use random tokens in place of card numbers and NFC chips with "secure-elements" provided by NPX.
Don't conflate the additional features of Samsung Pay that enable it to be used where Apple Pay cannot with just-as-secure-as-ApplePay NFC payments. LoopPay tech doesn't get involved in the transaction unless you are at a terminal where you couldn't otherwise use either Apple Pay or Samsung Pay, and in those cases it is still more secure than your old credit card and thus beneficial if you worry about those kinds of things.
So no Samsung Pay is not less secure than Apple Pay for contactless NFC payments. To be clear I don't even like Samsung. I don't like their business methods, I don't like their "copyist" tendencies, I don't like their throw everything at the wall and see what doesn't stink attitude. But that's no reason to add FUD. There's already plenty of reasons not to like them. Samsung Pay isn't one of them IMHO.
So less secure than Apple Pay just like I wrote, right? And it's kind of silly to now make excuses for the Loop technology because that's a selling point that Samsung loves to use...available everywhere! Well it's now less secure everywhere! But feel free to keep defending it.
Also not sure what you mean by "more successful". Is Samsung Pay more successful because it uses an insecure technology that Apple doesn't use? They can have that "success".
Give up, you are being facetious.
I don't think you understand proper usage of the word facetious. I can help you out if you like.
So much ignorance here about the technologies in play. If you remove the words Apple, Samsung, and other brands, and instead look just at the technologies in play, you'll come to a different, and more accurate conclusion.
Seems to me the headline to this article is at best misleading, at worst just flat-out wrong. Credit card credentials are not lifted with this method; it’s a tokenised representation of the card (as also used by Apple Pay) that is single-use only.
It would be no different than lifting the Apple-Pay or any other NFC data. The reason this is a problem for Samsung is that it's being used on the mag-stripe component, which doesn't have the ability to check the nonce (magstripes only contain the card number and expiry,) thus requires a back-end check to see that the virtual card has been used.
At best someone who skims a samsung-pay transaction this way would have about 30 seconds to use that payment nonce before the actual transaction goes through, at worst, they "fake" the transaction on a compromised device and have a much longer time to do some fraud with it.
It's hard to pull of either way. The solution of course is to just not use the magstripe, period.
I don't think you understand proper usage of the word facetious. I can help you out if you like.
Your facetous argument goes: Samsung offers two avenues of payment, one of those is in some circumstances less secure than the other (ignoring that it is no less secure than using a mag stripe card) so therefore even if you are using the more secure method - NFC - Samsung pay is less secure - which of course it isn't.
So less secure than Apple Pay just like I wrote, right? And it's kind of silly to now make excuses for the Loop technology because that's a selling point that Samsung loves to use...available everywhere! Well it's now less secure everywhere! But feel free to keep defending it.
Also not sure what you mean by "more successful". Is Samsung Pay more successful because it uses an insecure technology that Apple doesn't use? They can have that "success".
Give up, you are being facetious.
This could be the response to every post that you write here...
I can see how you could see it that way, but his point is a little more subtle than that since you're talking about a subset.
For a skimmer to work, a magnetic strip device has to be in place at the terminal. This means that all swiped cards as well as Samsung Pay users when using the feature they purchased from LoopPay. Skimmers are simple and cheap.
The alternative is to target ONLY Android-based devices, and then ONLY those that are made by Samsung, and then ONLY those that less than a couple years old, and ONLY when they use Samsung Pay, and ONLY when it's the LoopPay feature.
You just mentioned a lot of ONLYs that are actually quite common.
You're claiming that the Loop Pay feature "actually quite common" in comparison to the magnetic stripe being used, and implying that it's so common that it would be preferable to using a skimmer. Um, no. That is axiomatically false.
So less secure than Apple Pay just like I wrote, right? And it's kind of silly to now make excuses for the Loop technology because that's a selling point that Samsung loves to use...available everywhere! Well it's now less secure everywhere! But feel free to keep defending it.
Also not sure what you mean by "more successful". Is Samsung Pay more successful because it uses an insecure technology that Apple doesn't use? They can have that "success".
For those transactions that can be completed with either Samsung Pay or Apple Pay they are equally as secure. Both use random tokens in place of card numbers and NFC chips with "secure-elements" provided by NPX.
Don't conflate the additional features of Samsung Pay that enable it to be used where Apple Pay cannot with just-as-secure-as-ApplePay NFC payments. LoopPay tech doesn't get involved in the transaction unless you are at a terminal where you couldn't otherwise use either Apple Pay or Samsung Pay, and in those cases it is still more secure than your old credit card and thus beneficial if you worry about those kinds of things.
So no Samsung Pay is not less secure than Apple Pay for contactless NFC payments. To be clear I don't even like Samsung. I don't like their business methods, I don't like their "copyist" tendencies, I don't like their throw everything at the wall and see what doesn't stink attitude. But that's no reason to add FUD. There's already plenty of reasons not to like them. Samsung Pay isn't one of them IMHO.
Not really as secure as Apple Pay! From what I understand with Samsung Pay a person doesn’t select on the device wether it uses NFC or MST for payment, the device does that automatically based on some conditions if it doesn’t detect a NFC signal. That means theoretically it could be forced to use MST by jamming NFC signals, though it would be a bit more complicated to make work. So in the end it might not matter how secure the NFC Samsung Pay is.
So less secure than Apple Pay just like I wrote, right? And it's kind of silly to now make excuses for the Loop technology because that's a selling point that Samsung loves to use...available everywhere! Well it's now less secure everywhere! But feel free to keep defending it.
Also not sure what you mean by "more successful". Is Samsung Pay more successful because it uses an insecure technology that Apple doesn't use? They can have that "success".
For those transactions that can be completed with either Samsung Pay or Apple Pay they are equally as secure. Both use random tokens in place of card numbers and NFC chips with "secure-elements" provided by NPX.
Don't conflate the additional features of Samsung Pay that enable it to be used where Apple Pay cannot with just-as-secure-as-ApplePay NFC payments. LoopPay tech doesn't get involved in the transaction unless you are at a terminal where you couldn't otherwise use either Apple Pay or Samsung Pay, and in those cases it is still more secure than your old credit card and thus beneficial if you worry about those kinds of things.
So no Samsung Pay is not less secure than Apple Pay for contactless NFC payments. To be clear I don't even like Samsung. I don't like their business methods, I don't like their "copyist" tendencies, I don't like their throw everything at the wall and see what doesn't stink attitude. But that's no reason to add FUD. There's already plenty of reasons not to like them. Samsung Pay isn't one of them IMHO.
Not really as secure as Apple Pay! From what I understand with Samsung Pay a person doesn’t select on the device wether it uses NFC or MST for payment, the device does that automatically based on some conditions if it doesn’t detect a NFC signal. That means theoretically it could be forced to use MST by jamming NFC signals, though it would be a bit more complicated to make work. So in the end it might not matter how secure the NFC Samsung Pay is.
Comments
Not saying you in particular, but the Samsung apologists are out en force today. Samsung Pay is much less secure than Apple Pay...fact. Let's move on.
So less secure than Apple Pay just like I wrote, right? And it's kind of silly to now make excuses for the Loop technology because that's a selling point that Samsung loves to use...available everywhere! Well it's now less secure everywhere! But feel free to keep defending it.
Also not sure what you mean by "more successful". Is Samsung Pay more successful because it uses an insecure technology that Apple doesn't use? They can have that "success".
Don't conflate the additional features of Samsung Pay that enable it to be used where Apple Pay cannot with just-as-secure-as-ApplePay NFC payments. LoopPay tech doesn't get involved in the transaction unless you are at a terminal where you couldn't otherwise use either Apple Pay or Samsung Pay, and in those cases it is still more secure than your old credit card and thus beneficial if you worry about those kinds of things.
So no Samsung Pay is not less secure than Apple Pay for contactless NFC payments.
To be clear I don't even like Samsung. I don't like their business methods, I don't like their "copyist" tendencies, I don't like their throw everything at the wall and see what doesn't stink attitude. But that's no reason to add FUD. There's already plenty of reasons not to like them. Samsung Pay isn't one of them IMHO.
At best someone who skims a samsung-pay transaction this way would have about 30 seconds to use that payment nonce before the actual transaction goes through, at worst, they "fake" the transaction on a compromised device and have a much longer time to do some fraud with it.
It's hard to pull of either way. The solution of course is to just not use the magstripe, period.
This could be the response to every post that you write here...
Pity you wouldn't take your own advice.
From what I understand with Samsung Pay a person doesn’t select on the device wether it uses NFC or MST for payment, the device does that automatically based on some conditions if it doesn’t detect a NFC signal. That means theoretically it could be forced to use MST by jamming NFC signals, though it would be a bit more complicated to make work. So in the end it might not matter how secure the NFC Samsung Pay is.