Apple Pay vs Samsung Pay: Who will prevail?

The world we live in has been shaped by many crucial debates, changing our future for better or for worse. But none have been so heated, vicious and utterly inconsequential as the battle between Samsung and Apple. I’m not talking about these two tech giants going head to head, I’m talking about the petty arguments between friends and family about whose phones are better.

Now, I own an Apple phone, and so do most of my family. But recently, my brother turned to the dark side and bought a Samsung, and we’ve been back and forth at each other’s phones ever since. However, one feature that’s rarely discussed is the new payment systems - because neither of us has a clue how they work. So, I decided to look into the competition and try to understand Samsung

In a nutshell, Samsung Pay lets your phone emulate the card that’s already in your wallet. Your card works using a magnetic strip which is picked up by the card machine, allowing the transaction to be carried out. When you put your phone up to the machine, it sends a signal that simulates this magnetic strip, to let you pay.

This technology is called MST and is exclusive to Samsung. It may be slightly older than the Apple alternative (NFC), but it means that Samsung Pay is compatible with nearly all card machines whilst Apple Pay, being newer technology, is not. Most machines are not advanced enough to work with the Apple alternative.

All this concerned me at first – if I link my phone up to random card machines, am I not essentially giving out my bank details to all the shops I’ve been to? But in fact, you never have to use your bank details at all. As mentioned in the Apple Pay blog post, instead of sending over your account details, your Apple account and a substitute security code are sent over. This code is called a token. Tokens are single use only and expire after a certain period of time.

The problem is that hackers are able to intercept these tokens and use them to pay for what they want. Samsung’s MST technology is older than NFC, the Apple alternative, and it has certain weaknesses that make it vulnerable to these cyber-attacks. 

The tokens for Samsung Pay must stay valid until they are used or until 24 hours have passed.  This means that even if the transaction fails and the token ends up unused, they cannot cancel it for a whole day. If a hacker was to steal one, Samsung wouldn’t be able to shut it down. 

NFC is a newer technology, and it allows Apple to cancel tokens if they fall into the wrong hands. Samsung could switch over to this newer system, but it would mean that their app would not be compatible with the older card machines that it currently is. 

These cyber attacks are extremely hard to carry out, so you rarely see them. But even so, Samsung has called this issue “an acceptable risk”, but no more dangerous than other methods of credit card fraud.

Another interesting element is the authentication stage. Samsung lets you use a fingerprint sensor, a passcode or an iris scanner to access Samsung Pay. The first two are extremely secure and hard to bypass, but the iris scanner has an unsettling weakness.

Recently, a group of German Hackers (called CCC) managed to easily fool the iris scanner. They used a life-sized, high-resolution picture of the owner’s eye, with a contact lens on top to give it shape. This was enough to trick the phone to give them full access to all applications and sensitive data.

It was surprising that they did this so easily. They even claimed that they could do the same thing using photos from the owner’s social media. Instead of an iris scanner, Apple has chosen to use Face ID or fingerprint sensors for their phones, which seems to be much more secure.

However, if somebody does unlock your phone, you still should be safe. Whilst Samsung doesn’t directly limit the spending cap for Samsung pay, most shops, bars, and restaurants do (normally to £30). And if the worst comes to the worst, they offer a free service to remotely lock or erase Samsung Pay.

Whilst this article may not end the war, it does give me more ammunition the next time my brother and I lock horns over Samsung and Apple. But at the end of the day, even if I prevail in this battle, the war will rage on until another pointless debate begins.