Samsung Pay Hack Lets Attackers Make Fraudulent Payments (theverge.com)

Posted by BeauHD on Wednesday August 10, 2016 @12:05PM from the fraudulent-charges dept.

jmcbain writes: The Verge reports that a security researcher at DefCon outlined a number of attacks targeting Samsung Pay, Samsung's digital payment system that runs on their smartphones. According to the article, the attack "[focuses] on intercepting or fabricating payment tokens -- codes generated by the user's smartphone that stand in for their credit card information. These tokens are sent from the mobile device to the payment terminal during wireless purchases. [They expire 24 hours after being generated and are single-use only.]" In a response, Samsung said that "in certain scenarios an attacker could skim a user's payment token and make a fraudulent purchase with their card," but that "the attacker must be physically close to the target while they are making a legitimate purchase."

1 of 16 comments (clear)

Min score:

Reason:

Sort:

but... by Anonymous Coward · 2016-08-10 12:37 · Score: 2, Insightful

"the attacker must be physically close to the target while they are making a legitimate purchase."
s/the attacker/a skimming device planted by the attacker/
Since when has this ever been a hurdle for fraudsters?