Samsung has confirmed its Pay service has a security issue that means hackers could spend money from your account, but it's "extremely unlikely" to ever happen.
Samsung Pay translates your credit card information into a "token" to ensure your details won't be stolen in the transaction process, but hackers are theoretically able to take it in a skimming attack and use it themselves.
What would it take?
Salvador Mendoza - who pointed out the Samsung Pay vulnerability - notes someone would be able to pose as a Samsung employee and pretend to teach customers how the service works, all the while carrying out the skimming attack.
The hacker would also need to block the transmission between the phone and the card issuer though, or use the token very quickly afterward before the details go through.
The blog post finishes, "In summary, Samsung Pay's multiple layers of security make it extremely difficult to make a purchase by skimming a token."
It also highlighted that the user's phone would be sent an alert of any payment, so anyone exposed to the fraud would instantly be able to see an erroneous transaction.
Even though there is a security risk here, Samsung is certain its security is high enough to make the scenario almost impossible to recreate.
