Samsung Pay's security receives a "very good" test rating
Samsung Pay's security is in the "very good" category. This was announced by the tech giant in an official newsroom post. According to the post, Samsung Pay scored 450 points out of 500 in a security test conducted by an independent agency called umlaut. Umlaut is part of the Ireland-based IT company Accenture and offers 'advisory and engineering services to clients all over the world.'
In its post, Samsung stated that Samsung Pay meets the requirements of umlaut's test procedure in 'all tested aspects.' During the security test, Samsung Pay was tested in four areas:
In the "security of data traffic" tests, testers inspected the types of security algorithms and protocols implemented into Samsung Pay. They also examined how sensitive data is transmitted and if the app has the appropriate measures in place to protect its users from man-in-the-middle attacks, which control and manipulate data traffic.
In regard to Samsung Pay's good test results, Gerrit Povel, Vice President, Direct to Consumer Division at Samsung Germany, stated, "We play it safe with mobile payment. The result of the independent test by umlaut proves the high priority that security has in the development and operation of the Samsung Pay app. The rating 'very good' underlines the role of Samsung Pay as a leading solution in mobile payment."
- security of data traffic between smartphone and bank
- compliance with secure programming standards
- data protection on the smartphone
- protection against malicious attacks by third parties.
In the "security of data traffic" tests, testers inspected the types of security algorithms and protocols implemented into Samsung Pay. They also examined how sensitive data is transmitted and if the app has the appropriate measures in place to protect its users from man-in-the-middle attacks, which control and manipulate data traffic.
In the "compliance with secure programming standards" test, the testers from umlaut checked if Samsung Pay uses secure programming methods and if there is any hidden sensitive information in the app's source code. During the "checking data protection" tests, the experts tested how securely the Samsung Pay app stores sensitive data and if this data is protected from third parties. The app was also tested against impersonation attacks. These are attacks where the user was tricked into using Samsung Pay on fake apps or websites.
Things that are NOT allowed: