When you add a payment card to Samsung Pay, the information is encrypted and sent to Samsung servers and, ultimately, to the card issuer's payment network(i.e., Visa™, MasterCard™ or American Express™) for approval. Aone-time password(OTP) may be requested by the card issuer for verification purposes. If your card is lost or stolen, this will prevent the card from being added to Samsung Wallet fraudulently.
This process takes place every time you add a payment card. A new token will be generated even if you attempt to add a card that was recently removed.
Samsung does not store or even have access to the payment information added to Samsung Wallet. The last four digits of the card number displayed on the card image in Samsung Wallet is to help you manage your cards.
When you make a payment, you will need to authenticate your identity by using your fingerprint or Samsung Wallet PIN before the information can be sent to the payment terminal. The merchant will only receive a token, and your payment information will be kept secure. The token will be sent to the payment network, where it will be decrypted and verified against the information stored in a secure vault on the internal network. Once authenticated, the payment will be approved and sent back to the merchant. Only the payment network and your bank will have information about the transaction.