Security News > 2021 > November > Security researcher: Flaw in Apple Pay, Samsung Pay and Google Pay makes fraud easy for thieves

The balance between hands-free payments and the security standards required to protect those transactions has tipped too far in the wrong direction, according to a security expert.

At a session at Black Hat Europe 2021 this week, Timur Yunusov, a senior security expert at Positive Technologies, explained flaws in contactless payment apps that could lead to fraud using lost or stolen mobile phones.

"To perform the attack, smartphones with Samsung Pay and Apple Pay must be registered in these countries, but the cards can be issued in any other region," Yunusov said.

Apple Pay, Google Pay and Samsung Pay apps are all vulnerable to this threat.

In reality, Apple and Samsung have shifted the liability to Visa and MasterCard, he said, even though the problem is not with products from the payment companies.

"If the payment is for $0.00, the phone is locked, and the MCC code is transport, this is a legitimate transaction when someone pays in the subway. But if the payment is $100, the phone was unlocked, and the MCC is 'supermarkets,' which is suspicious, because it should not be possible for customers to pay in supermarkets without unlocking the phone."

News URL

https://www.techrepublic.com/article/security-researcher-flaw-in-apple-pay-samsung-pay-and-google-pay-makes-fraud-easy-for-thieves/#ftag=RSS56d97e7