Hackers could exploit a vulnerability that has been discovered in Samsung Pay. This would allow them to steal credit cards wirelessly. Samsung secures transactions by translating credit card data into tokens. This way the card numbers won’t be stolen from the device. Salvador Mendoza, a security researcher, has discovered that the tokens aren’t as secure as they were first thought to be. He discovered that the token process is limited and that sequencing the tokens can eventually become predicted. The process becomes weaker after the app generates the first token for a specific card. There are greater chances that the next tokens could be predicted.
Hackers that know how to do this would then steal the data and use them in other devices to make unauthorized transactions for items. This theory was proven when Mendoza sent a token to a friend in Mexico. The friend then was able to use magnetic spoofing hardware to make a purchase with Samsung Pay. Samsung Pay hadn’t even launched in Mexico yet when this happened. The video below shows Mendoza explaining more: