Blog

What does the LoopPay breach mean for mobile payment security?

October 13, 2015

Mobile payments have long been hailed as the next big upgrade in payment processing technology, as they provide an extra layer of security over even the EMV-enabled "chip-and-pin" cards that are starting to gain ubiquity in the U.S. after great success in many other countries. 

Mobile payments have long been hailed as the next big upgrade in payment processing technology, as they provide an extra layer of security over even the EMV-enabled “chip-and-pin” cards that are starting to gain ubiquity in the U.S. after great success in many other countries. However, a recent hack may lead some merchants to worry about how secure even this new processing option is going to be able to protect them overall.

LoopPay, now owned by Samsung as part of its Samsung Pay mobile transactions platform, was targeted for an attack by an elite group of hackers affiliated with the Chinese government as early in the year as March, according to a report from the New York Times. This would have happened after the Samsung acquisition, which took place in February. The attack was discovered in August.

What does this mean for mobile payments as a whole?
However, it should be noted that while people who keep tabs on this story are likely to see a lot of headlines about the attack itself, they might need to do a little digging to find out what the hackers were actually targeting, the report said. Instead of the transaction data that LoopPay would obviously control as it anonymized and secured consumer payments, it seems that the hackers were actually trying to get a better understanding of how the proprietary technology behind that security – which the company calls magnetic secure transmission – works.

That is to say that while the hackers breached LoopPay’s computer network, there is nothing to actually indicate they successfully got into the systems that deal with payment technology, the report said.

The Samsung Pay hack might not impact consumers or merchants.The Samsung Pay hack might not impact consumers or merchants.

“Samsung Pay was not impacted and at no point was any personal payment information at risk,” said Darlene Cedres, Samsung’s chief privacy officer, according to the newspaper. “This was an isolated incident that targeted the LoopPay corporate network, which is a physically separate network. The LoopPay corporate network issue was resolved immediately and had nothing to do with Samsung Pay.”

As such, there’s probably little to worry about in terms of fraud as a result of the hack, but this does serve as a reminder that even the most apparently secure companies handling these transactions are not infallible, the report said. However, some security experts warn that there simply might not be evidence of that information being accessed yet, rather than the data not being accessed, so vigilance may still be advisable.

What’s the takeaway for merchants adopting mobile payments?
It’s important for merchants to remember that there’s just about no way to guarantee 100 percent security on any given transaction, but that all they can do it put a little added cushion of security between themselves and people who try to steal payment data for the purposes of fraud. Right now, mobile payments certainly represent the most secure option available to consumers and merchants alike, for many reasons, and any individual hack doesn’t mean that the entire concept of mobile payments is suddenly fraught with risk. Instead, it is still far more secure than any previous payment method has been.

Back To Blog