How secure is Samsung Pay?
Samsung has partnered with key financial institutions to safeguard your personal, transactional, and payment information. Samsung Pay uses tokenization and authentication methods to secure your information. In addition to the security measures implemented by Samsung Pay, Samsung’s KNOX service constantly monitors suspicious activity within the device to protect from any malicious attacks.
When you Add a Card
When you add your payment card to Samsung Pay, the information is encrypted and sent to Samsung servers and, ultimately, to the card issuer's payment network (i.e., Visa®, MasterCard®, or American Express®) for approval. A one-time password (OTP) may be requested by the card issuer to verify you are the cardholder. Should your card be lost or stolen, this will prevent the card from being added to Samsung Pay fraudulently.
Once your card is approved, the payment network creates a digital card number, or token. The token substitutes the payment card's number with a unique alphanumeric identifier, generated using proprietary algorithms. Tokenized data is not mathematically reversible and is useless unless you have the original key used to create the token, making this more secure than sending your actual card number.
This process takes place every time you add a payment card. A new token will be generated even if you are attempting to add a card recently removed.
Samsung does not store or have access to the payment information added to Samsung Pay. The last four digits of the card number will be displayed on the card image in Samsung Pay to help you manage your cards.
When you Make a Payment
When you make a payment, you will need to authenticate by using your fingerprint or Samsung Pay PIN before the information can be sent to the payment terminal. The merchant will only receive a token, and your payment information will be kept secure. The token will be sent to the payment network, where it will be decrypted and verified against the information stored in a secure vault on internal networks. Once authenticated, the payment will be approved and sent back to the merchant. Only the payment network and your bank will have information about the transaction.
If you Lose Your Device
If your device is ever lost or stolen, Samsung offers a free service to remotely lock or erase Samsung Pay. The service also has the ability to locate your device and erase all your stored personal information.