Security News > 2021 > November > Security researcher: Flaw in Apple Pay, Samsung Pay and Google Pay makes fraud easy for thieves
The balance between hands-free payments and the security standards required to protect those transactions has tipped too far in the wrong direction, according to a security expert.
At a session at Black Hat Europe 2021 this week, Timur Yunusov, a senior security expert at Positive Technologies, explained flaws in contactless payment apps that could lead to fraud using lost or stolen mobile phones.
"To perform the attack, smartphones with Samsung Pay and Apple Pay must be registered in these countries, but the cards can be issued in any other region," Yunusov said.
Apple Pay, Google Pay and Samsung Pay apps are all vulnerable to this threat.
In reality, Apple and Samsung have shifted the liability to Visa and MasterCard, he said, even though the problem is not with products from the payment companies.
"If the payment is for $0.00, the phone is locked, and the MCC code is transport, this is a legitimate transaction when someone pays in the subway. But if the payment is $100, the phone was unlocked, and the MCC is 'supermarkets,' which is suspicious, because it should not be possible for customers to pay in supermarkets without unlocking the phone."
News URL
Related news
- Google claims Big Sleep 'first' AI to spot freshly committed security bug that fuzzing missed (source)
- Germany drafts law to protect researchers who find security flaws (source)
- Google Warns of Rising Cloaking Scams, AI-Driven Fraud, and Crypto Schemes (source)
- Researchers Warn of Privilege Escalation Risks in Google's Vertex AI ML Platform (source)
- Unlocking Google Workspace Security: Are You Doing Enough to Protect Your Data? (source)
- How to recognize employment fraud before it becomes a security issue (source)
- MUT-1244 targeting security researchers, red teamers, and threat actors (source)
- Balancing security and user experience to improve fraud prevention strategies (source)