Samsung reassures on mobile payments system after LoopPay hack

Samsung reassures on mobile payments system after LoopPay hackSamsung Electronics has sought to reassure users of its new mobile payment system after a hacking attack on the subsidiary that built its technology.

The South Korean company’s statement on Thursday followed a New York Times report that LoopPay, acquired by Samsung in February, had fallen victim to a group of Chinese hackers known variously as the Codoso Group or Sunshock Group. The report said the hackers had access to LoopPay’s computer network since at least March, until being discovered in August.

Samsung confirmed the attack but said there was no risk to users of Samsung Pay, which launched in the US on Monday. The system enables users of its newest high-end phones to pay for items in shops using the devices, and runs on a system developed by LoopPay.

“The reported incident was related to LoopPay’s office network which handles email, file servers and printing within the company,” Samsung said. “Samsung Pay was not impacted and at no point was any personal payment information at risk.”

It added that LoopPay had called in two outside security companies and conducted a “thorough and extensive sweep” of its systems.

Samsung Pay is a key part of Samsung’s efforts to build customer loyalty and set its smartphones apart from a wide field of lower-priced competing handsets that also run on Google’s Android operating system.

Unlike existing mobile payment services offered by Apple and Google, which require shops to upgrade their till equipment, Samsung Pay is compatible with the magnetic strip technology used in most existing credit card terminals found in the US. LoopPay executives told the New York Times that the hack appeared to be aimed at stealing this technology.

If so, the hackers may have been seeking to compromise the security of Samsung Pay, or to create a copycat service using the technology, said Simon Choi at Hauri, a South Korean internet security company.

“Once Chinese hackers infiltrate into a corporate system, they tend to keep breaching it through back doors to get new information and technology,” he said. “Once a corporate system gets hacked, companies had better assume the worst-case scenario — that all existing information has been leaked — and try to come up with security measures to prevent further damage.”

Peter Yu, an analyst at BNP Paribas, said there was a risk of an early blow to consumer confidence in Samsung Pay. However, “consumers don’t have to overreact to the news because it is not as though Samsung Pay’s tokenisation technology was hacked,” he added, referring to a security system that generates a unique encrypted code for each payment to protect data.

Source: Financial Times
See also:
Leave a comment
  • Latest
  • Read
  • Commented
Calendar Content
«    Сентябрь 2022    »