Samsung set to take on Apple Pay with LoopPay acquisition


  • aumkarpraja

    I just want Google Wallet in Canada. .-.

    • FlamesFan89

      hear hear!

    • bigshynepo

      I woke up this morning hoping for another proprietary payment method that results in an extra 3rd party taking a cut of my payment…

      Thanks for making it a reality Samsung.

  • It’s Me

    That’s actually really interesting, how they simulate a mag stripe swipe. Down sides are that mags readers are much less secure than chip and pin or tokenized NFC, which is why they are used mainly as a fall back for when the other methods fail these days. Storing the raw card data on the phone is also a bit of a concern.

    • FlamesFan89

      My understanding is that the data is encrypted, and requires PIN/Password to access. Does that not make it as secure as online banking? Or is there something I’m missing? Honest questions.

      That said, you are absolutely right that mag readers are much less secure, and that would be where my concern was. I would be WAY less worried about encrypted data on my phone.

    • It’s Me

      As secure as online banking? Maybe but that’s not a real high bar. I got a new Amex a few weeks ago and within 2 days of activation it was used to load a Starbucks card online in the US. I assume that means they needed my acct, verification number (and maybe name and address?). Some online payment methods, like Apple Pay, at least secure the transactions themselves a little further since the account itself is never transmitted.

      I agree with you that the biggest problem is the mag stripe. Probably one of the most common way to collect credit card numbers these days is to intercept mag stripe transactions at the reader which is why chip and PIN is much preferred. This solution will expise the card data just like a plastic card does, because it’s the same.

      But, I just don’t like the idea of the account info all being stored on the phone, even if it’s PIN or passcode protected. That’s where tokenization is much more secure.

    • FlamesFan89

      You and I have talked enough that in confident you are aware of the weight that should be given to anecdote, so I will disregard the Amex story. 😉

      Tokenization is more secure for sure, because if it is intercepted during the transaction, or the receiving party (retailer) has a breach (cough, home depot cough) then your info is safe, however encrypted data is encrypted data. Without the encryption key it’s just garbledegook. I would still prefer the tokenization method because your raw data isn’t being given out at any point, but that is independent of the strength of security of encrypted data.

    • It’s Me

      It’s encrypted on the device. But when sent to the mag stripe reader it’s plain text just like a real mag stripe. Mag stripe data is plain text. The reader/POS might then encrypted the raw card data but if there is an illicit card reader in the mix, the card data is compromised at swipe not at transmission.

      In the case of this system, the card data is likely encrypted on the phone and only decrypted once you enter your PIN. But when it send the card data to the reader, the readers get it as raw card data, which is plain text.

    • FlamesFan89

      Yup, I know. That’s why tokenization is better. At no time is your raw plain text data being transferred. That’s precisely what I was saying. NFC payments are way better. I’m not trying to convince anyone that Looppay and mag strip technology is better. It isn’t.

      I’m just looking at two aspects of it all, separately. One, is the actual transaction. Tokenization, chip and pin, NFC. They win, no doubt about it, way way way more secure. Separately though, the storage of the data on the phone, I am looking at from the aspect of someone getting their hands on your phone. I’m not so worried about the fact that the data might be stored on my phone in an encrypted manner, because, well, it’s encrypted. If they have my phone, and they have my password, well then, i’m screwed, but then, if they have my phone, and they have my password, it likely doesn’t matter whether I even use Looppay or not, I’m screwed. The point is, if they have my phone, and the data is on there, and it is encrypted, and they don’t have the password to unencrypt it, then I have nothing to worry about. That’s all I’m saying about the encrypted data. So long as it’s encrypted, it shouldn’t matter where it is stored, be it on my phone, on some mastercard server somewhere, or tattooed on my forehead. Without the encryption key, it’s worthless data.

    • It’s Me

      Sure, and it absolutely is two different concerns. Which is why I mentioned them as two separate concerns and said that the storing of the account data was “a bit of a concern”. It isn’t the biggest of the concerns. Data can only be compromised if it is available, so it raises a concern, if only a small one. As for encryption making it secure, well (a) not all encryption is created equally and (b) there were some concerns with one manufacturer storing private keys in plain text on their devices for their ultra-secure implementation. I am sure that’s been corrected but I really hope people don’t really think encryption is some panacea for data security in general.

      The entire premise of masquerading as a mag stripe is the bigger and much more concerning problem. While a very interesting bit of technological magic, it also means it’s very existence is based on mimicking the least secure payment method in use today.

  • Kokee

    Shamesung chasing down the rabbit hole again

  • Nadefrenzy

    I can see Lupe Fiasco being hired to sponsor this.

    • DTangaSmall

      That joke took me way too long to get.

    • Nadefrenzy

      Lol yea it wasn’t quite that catchy.

  • Nadefrenzy

    I can see Lupe Fiasco sponsoring this.

  • d a

    Although I currently own a Samsung I have not faith in them keeping my info secure. I’d even trust Apple ahead of Samsung who have demonstrated a complete lack of respect for their customer’s privacy.

  • I love how the CEO says “for consumers around the world” when most countries – except the USA – have adopted EMV (chip & PIN) cards and will refuse the magnetic stripe when your card is identified as having EMV!!!

    Just go to LoopPay’s web site and search their FAQ for EMV. It doesn’t take long to realise this is not a solution for countries where chip & PIN is widely accepted!

    This whole thing is 100% USA focused and will probably never be implemented, at least not seriously, in any other country.

    Go go Google Wallet!!!

  • JD

    Stop worrying about what Apple is doing and worry about your own crappy phones.