How Samsung Pay fights card cloning in South Africa

Samsung Pay helps secure your bank card information against card cloning and other attacks through the use of a security protocol called tokenisation.

Speaking at a press briefing in Johannesburg, Philip Henning, the project leader for Samsung Pay in South Africa, said one of the strengths of their mobile payments service is that it works on almost any card machine.

Devices that support Samsung Pay come with a technology called Magnetic Secure Transmission (MST) which effectively lets you make a contactless payment on a card machine even if it doesn’t have near field communications (NFC).

NFC is the technology being used in cards for contactless payments.

MST lets Samsung bridge the gap until NFC contactless technology is more widely adopted in the country. It works by creating a magnetic field with specialised hardware in Samsung phones.

That is why Samsung Pay is limited to certain Samsung smartphones – the device must include the special hardware that can generate the magnetic field necessary for MST.

Secure transactions

However, transmitting card payment information through the magnetic stripe reader on a card machine comes with a stigma of being insecure.

“All your card information is stored on the magnetic track of your card,” Henning said. If an attacker is able to compromise a card reader, they can access all your card information except the three-digit CVV number.

Tokenisation solves this by ensuring that your actual card information is not transmitted by Samsung Pay to the card machine.

Rather than use your real card information, Samsung Pay contacts the payment provider – Visa or Mastercard – to obtain digital tokens that represent your card.

This requires integration with the banks, and offers the added benefit that Samsung Pay is able to work even if your phone is not connected to the Internet. When you reconnect, Samsung Pay will refresh your tokens.

Your bank and card issuer effectively generate a virtual card for Samsung Pay to use which doesn’t have an expiry date, or any other features that would allow a criminal to use it if they intercepted it.

The token must also be combined with a cryptographic key before your bank will authorise a payment.

All these factors make Magnetic Secure Transmission very safe and ensures that clients who use Samsung Pay can not fall prey to card cloning attacks which have been a problem in South Africa, Henning said.

Now read: Samsung Pay in South Africa – The thorough checks it went through