The problem of personal and financial data leakage and theft is becoming an epidemic that makes it increasingly difficult for consumers to trust the institutions, social networks, banks, stores and even gas stations (especially gas stations!) that they have long frequented and invested in in their own communities. Cheap credit card skimmers cleverly hidden on every day point-of-sale (POS) terminals in major stores have been frustrating consumers, draining their bank accounts and making thieves richer and bolder.
I myself was the victim of a card skimmer hidden inside of a gas pump on Interstate 5 in California on my way to visit family. I was pumping gas and noticed a black car on the other side of the pump island sort of hanging around longer than they normally should having had plenty of time to fill up. Little did I know they were just waiting for me and others like me to swipe my card on the skimmer they had hidden in my has pump so they can take it and use it to create zombie images of my credit card to go on shopping sprees. Of course a few days later I was contacted by my bank's fraud department asking if I had spent $400 at Bebe in Las Vegas. Um, no.. not exactly my store of choice. Something was amiss.
Needless to say, since then I have been extra careful with my card and never use my PIN, always examining pumps and ATMs for skimmers and making sure I use my ZIP code vs a PIN every time.
With my increasing use of Samsung Pay on my Galaxy S7, like everyone I wondered.. how secure is this?
Well, as it turns out.. very. Way more secure than your credit card in fact, even moreso then the shiny new chip-n-PIN card your bank may have recently mailed you. You know, the one that you don't swipe but instead slip into the slot of a POS machine and it.... takes......... forever......? Yeah, that one.
Well the great thing about Samsung Pay is that it's completely "skimmer proof" as it never uses your actual credit card number at all when you are doing your transaction. Instead, it uses a security protocol called tokenization which essentially converts your credit card number into a random value known only to the merchant/bank.
Tokenization is a method of protecting payment card information by substituting the card's number with a unique alphanumeric identifier, generated using proprietary algorithms. The unique identifier, or token, is then used for sending the transaction to the card's payment network, where it is decrypted and the transaction authorized. The actual card number is stored in a secure vault (with the payment processor or bank) and does not reside on the merchant's or Samsung's systems. Tokenization is being used to reduce security risks inherent in the collection and transfer of highly sensitive data between merchants and the card's payment network. Tokenized data is not mathematically reversible and is useless unless you have the original key used to create the token, limiting the chance of your payment information being stolen or compromised. The transaction is seamless and requires no changes on the part of the merchant or consumer.
Even if a skimmer were to somehow capture your tokenized data, the would be thief would not have the merchant key to decrypt it. Ha! Crime doesn't pay, especially when you're trying to rip off someone with Samsung Pay.
So just know that the next time you tap your awesome new Galaxy S7 against a POS terminal using Samsung Pay, you're way more protected than they guy or gal behind you about to use their credit card mag stripe.
The more you know today, the more you Samsung pay!
Happy (and secure) shopping!
Until next time,
The Product Ambassador Team
Disclaimer: The Product Ambassadors are Sprint employees from many different parts of the company that love technology. They volunteer to test out all sorts of Sprint devices and offer opinions freely to the Community. Each Product Ambassador shares their own opinions of these devices, therefore the information in this post does not necessarily reflect the opinions of Sprint. The PA's do not represent the company in an official way, and should not be expected to respond to Community members in an official capacity. #sprintemployee#