Solution providers are pointing to security risks they see as inherent in mobile payment systems after it was discovered that the technology behind Samsung's new Samsung Pay mobile payment platform, LoopPay, was hacked.
According to a report in the New York Times, Burlington, Mass.-based LoopPay's corporate network was the target of an attack by a group of government-associated Chinese hackers as early as March.
LoopPay did not respond to a request for comment from CRN before publication.
[Related: Mobile Payment Head-To-Head: LoopPay Vs. Apple Pay]
Samsung responded to CRN's request for comment by saying that the breach did not affect the personal information of people using the payment network, and that the corporate network issue was resolved quickly.
According to a Samsung spokesperson: ’Samsung Pay was not impacted and at no point was any personal payment information at risk. This was an isolated incident that targeted the LoopPay corporate network, which is a physically separate network from Samsung Pay. The LoopPay corporate network issue was resolved immediately and had nothing to do with Samsung Pay. Samsung is extremely committed to securing and protecting user data to the highest industry standards.’
Samsung in February revealed plans to buy LoopPay, which touts its Magnetic Secure Transmission technology as an advanced contactless payment offering that turns existing mag stripe readers into mobile contactless receivers.
LoopPay technology powers Samsung Pay, which launched in the U.S. last week. The payment system's Magnetic Secure Transmission allows consumers to tap their smartphones against the magnetic stripe reader machines available in most retail stores.
LoopPay executives, who learned of the attack in August, said they believe attackers broke into the company's corporate network, but not the product system that helps manage payments. But solution providers warn that these risks still lie in any type of mobile payment system.
"I don't think this hack is really going to get to any personal information, so it isn't of any concern yet," said Steven Kantorowicz, president of CelPro Associates, a Samsung partner based in New York. "[But customers] definitely should be concerned about a mobile payment system if it can be hacked for customer personal information and credit information."
Solution providers who offer mobile device management and mobile security services said enterprise customers are hesitant to take on mobile payments because of these security threats.
"We have seen a very slow uptake on mobile payments, primarily due to security concerns," said Jay Gordon, vice president of sales at Enterprise Mobile, a Plano, Texas-based solution provider. "Many of our customers have witnessed a myriad of security breaches in the industry that have made them resistant to mobile payment adoption and confidence."
CelPro's Kantorowicz said large enterprise customers he deals with are not yet opening up mobile payment system opportunities to their employees, and want to wait until the platforms have been tested more in the consumer market.
"I think there's a waiting period in the enterprise. … The success of mobile payment systems will be driven by the consumers and then go to the enterprise," he said. "It's a tremendous market for users as long as companies can keep their mobile payment platforms secure. It's just convenient for users to not have to carry a wallet and a stack of loyalty cards around in their pocket."
LoopPay offers several security features, such as password and PIN-protected data. The company also says it stores and encrypts all card-track data in secure memory within the LoopPay device.
Its technology has the potential to work in 90 percent of existing point-of-sale terminals, Samsung said, citing internal research.
PUBLISHED OCT. 8, 2015
related stories
Video
trending stories
sponsored resources

Cysurance
Cyber Insurance 360

Carbonite
Cloud Storage 360

Application Integration 360

Tenable
Cyber Risk 360

NPD
Industry Trends 360

Channel Chief Showcase

Smart 3rd Party
3rd Party Maintenance 360

Cradlepoint
5g for Business 360

Cato Networks
SASE & SD-WAN 360

Trend Micro
Trend Micro Learning Center

HubStor
Cloud Backup 360

CyberPower
CyberPower

Veeam
Veeam

Comcast Business
Comcast Business Learning Center

CRN Showcase

APC by Schneider Electric
Digital Services for Edge Learning Center

Dell Technologies
Dell Technologies Server Learning Center

Dell Technologies
Dell Technologies Cloud Learning Center

Cyber Protection 360

VMware

EPOS
EPOS

Sophos
Sophos Cybersecurity Learning Center

iboss
Cloud SASE Platform 360

Vonage
Vonage

Sherweb
Sherweb

Vertiv
Edge Computing Learning Center

Dell Technologies
Dell Technologies Storage Learning Center

Fujifilm
Fujifilm

BlackBerry
BlackBerry Learning Center

Acer
Remote Workforce 360

Webroot
Webroot Learning Center

Comm100
Collaboration & Communications 360

Partner Program Guide Showcase

Wasabi
Wasabi

Dell Technologies
Microsoft HCI Solutions from Dell Technologies Learning Center

Hitachi Vantara
Hitachi Vantara

eSentire
Managed Detection and Response 360
