Samsung has been forced to defend Samsung Pay users – its new mobile payment system – after a hacking attack on the subsidiary that built its technology.
In a statement that followed a New York Times report that LoopPay had fallen victim to a
group of Chinese hackers known variously as the Codoso Group or Sunshock Group, the company acknowledged the hackers had accessed the LoopPay computer network since at least March, until being discovered in August.
Samsung confirmed the attack but said there was no risk to users of Samsung Pay, which launched in the US on Monday.
“The reported incident was related to LoopPay’s office network which handles email, file servers and printing within the company,” Samsung said. “Samsung Pay was not impacted and at no point was any personal payment information at risk.” It added that LoopPay had called in two outside security companies and conducted a “thorough and extensive sweep” of its systems.
Samsung Pay is a key part of Samsung’s efforts to build customer loyalty and set its smartphones apart from a wide field of lower-priced competing handsets that also run on Google’s Android operating system.
Unlike the Apple Pay and Google wallet, which require shops to upgrade their POS equipment, Samsung Pay is compatible with the magnetic strip technology used in most existing credit card terminals found in the US.
LoopPay executives told the New York Times that the hack appeared to be aimed at stealing this technology. If so, the hackers may have been seeking to compromise the security of Samsung Pay, or to create a copycat service using the technology, said Simon Choi at Hauri, a South Korean internet security company.
“Once Chinese hackers infiltrate into a corporate system, they tend to keep breaching it through back doors to get new information and technology,” he said. “Once a corporate system gets hacked, companies had better assume the worst-case scenario — that all existing information has been leaked — and try to come up with security measures to prevent further damage.”
Peter Yu, an analyst at BNP Paribas, said there was a risk of an early blow to consumer confidence in Samsung Pay. However, “consumers don’t have to overreact to the news because it is not as though Samsung Pay’s tokenisation technology was hacked,” he added, referring to a security system that generates a unique encrypted code for each payment to protect data.
The post Samsung Pay on defensive after mobile payments hack appeared first on Payments Cards & Mobile.