How Secure is Samsung Wallet

Tokenisation is a method of replacing your sensitive payment information (for example, card number, expiration date, security code, etc.) with a device-specific ‘Token’ which acts as a surrogate value. In mobile payments, tokens are used to protect your payment information and to reduce the security risks inherent to plastic cards.

On top of this, Samsung Knox constantly monitors and protects your phone from malware and other threats. Samsung Knox also includes a security design where highly sensitive operations and information, such as fingerprint and payment information, are kept in a separate computer area known as a “secure environment.” Normal applications or malware have no access to the information inside it. In a nutshell, Samsung Wallet is super secure.

When you add a payment card to Samsung Pay, the information is encrypted and sent to Samsung servers and, ultimately, to the card issuer's payment network (i.e., Visa™, MasterCard™ or American Express™) for approval. A one-time password (OTP) may be requested by the card issuer for verification purposes. If your card is lost or stolen, this will prevent the card from being added to Samsung Wallet fraudulently.

This process takes place every time you add a payment card. A new token will be generated even if you attempt to add a card that was recently removed.

Samsung does not store or even have access to the payment information added to Samsung Wallet. The last four digits of the card number displayed on the card image in Samsung Wallet is to help you manage your cards.

When you make a payment, you will need to authenticate your identity by using your fingerprint or Samsung Wallet PIN before the information can be sent to the payment terminal. The merchant will only receive a token, and your payment information will be kept secure. The token will be sent to the payment network, where it will be decrypted and verified against the information stored in a secure vault on the internal network. Once authenticated, the payment will be approved and sent back to the merchant. Only the payment network and your bank will have information about the transaction.