Samsung Takes On Apple Pay By Acquiring Mobile Wallet Startup LoopPay 62
An anonymous reader writes Samsung is buying major Apple Pay and Google Wallet competitor LoopPay. "Our goal has always been to build the smartest, most secure, user-friendly mobile wallet experience, and we are delighted to welcome LoopPay to take us closer to this goal," JK Shin, Samsung co-CEO and head of the company's mobile business, said in a press release. "What's a real differentiator is this uses technology that's in stores today," David Eun, executive vice president of Samsung's global innovation center, said in an interview. "We don't have to wait for a point in the future where there are a lot more [NFC-enabled] terminals."
Strongly Worded... (Score:5, Insightful)
Re:Strongly Worded... (Score:5, Informative)
Correct, LoopPay only works with existing magnetic swipe readers. LoopPay works by basically cloning the credit card. The LoopPay devices sends out a magnetic field that is picked up by the magstripe reader in the POS terminal.
LoopPay does not use NFC or RFID. Which also means it's great for those that want to commit credit card fraud since there is no verification or executable code to copy. Just load up the LoopPay device with multiple CC numbers, and see which ones work.
LoopPay also does not work unless there is a magstripe reader in the POS device. In October 2015, retailers in the US will start being liable for fraud committed via the magstripe reader, meaning retailers likely won't be willing to accept magstripe cards, such as those the LoopPay copies.
Re:Strongly Worded... (Score:5, Interesting)
Is that even permitted under PCI DSS? I know other projects, like Coin [onlycoin.com], get hung up on this, for good reason.
Re: (Score:2)
Has nothing to do with PCI-DSS, really. Your old style credit card has a magnetic strip on it that can be trivially cloned with only a few dollars worth of hardware. All LoopPay does is emulate that strip. In fact, the encoding is well known that you don't have to clone the strip - if you have the data that's on the strip, you can make up your own ve
Re: (Score:2)
Their PCI wording on the website is intentionally deceptive, I feel. When asked about PCI they talk specifically only about the fact that their datacenter is compliant in the storage of card numbers.
Its strictly against PCI requirements to store trackdata in any way, with the single exception of reading it in-memory and relaying it upstream to another PCI compliant service provider. Since this is exactly what their product does, I fail to see how they can claim its compliant (and, as I mentioned, they very
Re:Strongly Worded... (Score:5, Insightful)
If you want "too strong a term", how about the submitter calling LoopPay a "major" competitor. That one is truly hilarious.
Aren't retailers going to be upgrading anyway (Score:5, Insightful)
The article points out how LoopPay can more easily work with existing terminals, and ApplePay needs retailers to get new terminals.
But aren't most retailers going to be upgrading in the near term anyway? The U.S. is moving to credit cards with chips now which mean most serious retailers will be upgrading. The little retailers are probably mostly going to upgrade also, once Square supports ApplePay because you don't want to pass up those customers.
It's a nice try but I don't think it will get much traction no matter how easy it is for retailers to support, since they have to convince the customer first...
Re: (Score:2)
Re:Aren't retailers going to be upgrading anyway (Score:5, Informative)
Actually, the shift is in October, when a bill comes into force that liability shifts to the least secure thing in the chain. If the bank supports it, and the customer has a chip card, but the merchant got a swipe reader, then the merchant is responsible for the fraud.
If the bank gives the cardholder a non-chip card, well, liability goes to the bank. (If you have non-chip cards, most banks will probably issue you new cards out of cycle, so if you still use your swipe card instead of your new chip card, you're going to be liable).
Ironically, Apple Pay might have kickstarted the process because upgrading to support NFC means you get a chip reader too. (Apple Pay is just an implementation of EMV, so Apple Pay support comes "for free" with a new reader)
Merchants will want to delay delay and delay, but they run the real risk of the readers being out of stock and being stuck with the liability while they wait for new readers because they didn't upgrade when there was plenty of time.
Re: (Score:2)
The merchant is liable if the transaction is fraudulent. He or she chose to punch the numbers in manually instead of rejecting the faulty card.
Re: (Score:2)
Re: (Score:2)
The banks don't want to spend money to quickly replace the cards with something nobody yet takes
My bank (Bank of America) issued me a chip and PIN CC two years ago.
merchants don't want to spend money to take cards that haven't been issued yet.
They have been issued, and some merchants already take them. Most places I still swipe and sign, but the Wal-Mart self-checkout detects that it is a C&P card, and asks me to insert the card into the reader.
There is no chicken and egg problem here.
Re: (Score:2)
Your card is not a chip and PIN but a chip and signature card. If it's a low-value transaction, then simply dipping may be enough (just like tap-to-pay cards), but if the value is high enough you will be required to sign for it rather than enter a PIN.
There is large movement on part of the banks (Score:2)
Every credit card I have has been converted to a chip card already, some because I got a new card recently, but some of them the credit card just saying "hey we're sending you a new card" and the new card has a chip...
I would say in very short order existing credit cards will be converted.
On the terminal side that is indeed slower but the merchants have powerful incentive to do so to meet the new regulations taking effect this October (as others pointed out). But for sure at least, the cards are moving/hav
Re: Aren't retailers going to be upgrading anyway (Score:2)
But aren't most retailers going to be upgrading in the near term anyway?
Yes, and Samsung obviously knows that. They probably have patents that can be used either offensively or defensively vs. Apple. Given the transition, now is the time for both companies to get their best deal.
Re: (Score:2)
The article points out how LoopPay can more easily work with existing terminals, and ApplePay needs retailers to get new terminals.
But aren't most retailers going to be upgrading in the near term anyway? The U.S. is moving to credit cards with chips now which mean most serious retailers will be upgrading. The little retailers are probably mostly going to upgrade also, once Square supports ApplePay because you don't want to pass up those customers.
It's a nice try but I don't think it will get much traction no matter how easy it is for retailers to support, since they have to convince the customer first...
Retailers and banks are upgrading their terminals and cards respectively because of a new law that either took effect in January of 2015 or will in Jan of 2016 (I forget which). The law puts the responsibility of a fraudulent transaction on the head of the party with the least amount of security. If the card offers chip security and the retailer uses mag stripe, then the retailer is responsible for fraud. If the retailer has a chip terminal and the card only has a mag stripe, then the bank is responsible
Re: (Score:2)
But aren't most retailers going to be upgrading in the near term anyway?
Here in Canada we upgraded to chip cards a while back, before contactless was available. Now it's getting to the point here where a retailer supporting contactless is the new norm. I'd estimate that it took about a year, maybe a bit less, to go from seeing contactless occasionally, to seeing it in a majority of stores. And stores here have a lot less pressure to upgrade, since they've already had chip readers for years.
Loo Pay? (Score:4, Funny)
Great name, Samsung. Nice work.
Re: (Score:2)
For when you need to spend a penny.
Re: (Score:2)
Great name? Rant on Dave!
Re: (Score:2)
;-)
...letmegetthisstraight (Score:4, Insightful)
So it amplifies and broadcasts the signal held on the magnetic stripe of an old-style credit card. The completely unencrypted, insecure data that has your card number AND the 3-4 digit verification number.
Why? Because modern card readers will never catch on, of course! Especially when retailers will be tripping over themselves to switch to the new smart readers in a year, since the credit card processors will hold them responsible for any fraud resulting from still using the old gear.
This is a train wreck. Good on LoopPay for convincing some sucker to buy them before their product falls on its face.
Re: (Score:2)
Sorry, I was confusing CVC1 and CVC2... though some cards include CVC2 as well, and you don't need to provide the CVC2 or any other data when you use the magstripe, so it doesn't really matter.
Yes, magstripe cards are insecure by design, but we hardly need to make fraud easier. It's a lot safer and simpler for a criminal to stick an antenna in their pocket than to try to grab legible images of the fronts and backs of cards.
Re: (Score:2)
Re: (Score:2)
Its really aggravating too that US banks will refuse to offer chip-and-pin even though they could. Chip-and-signature is better than magstripe but its still a royal PITA whenever you travel in Europe.
Re: (Score:2)
Wait, does it not encrypt the magstripe data before transmission?
Re: (Score:3)
Wait, does it not encrypt the magstripe data before transmission?
The card reader wouldn't be able to read it if it was encrypted.
Re: (Score:2)
Yes, that's exactly right. I heard about this while it was still a Kickstarter-style project, and as soon as I realized that the "Loop" in the name was a reference to an induction loop, I immediately thought "well, I'll just build a larger loop, and hide that under the table the payment terminal is on, and wirelessly capture the raw track data from the card".
My second thought was "there's no way to be sure that a given customer is using the official app, or even the official hardware, so if even one bank le
Google seriously missed the boat (Score:3)
I can't help but think that Google has seriously missed the boat when it came to mobile payment. Google Wallet was compatible with Android smartphones, ... and released in one of the few countries in the world where NFC terminals were uncommon.
Seriously I was doing payments using Google Wallet on a Galaxy S3 years ago at any random terminal. The problem was jumping through major hoops to get around the fact that the service wasn't available in countries which actually have NFC terminals. Not only were there hoops, but Google considered them loopholes and slowly shut them out.
So now while mobile payments is the latest hot thing I am unable to do now something that I was able to do about 3 years ago. What a missed opportunity to be a market leader rather than a poor follower.
Only got google to blame and apple to applaud (Score:2)
With their iTunes music and video store, Apple has proven to the "man" they can handle transactions and work with the "man" in a mutually beneficial way that also offers a (back then) new service for the customers. On top of that, Apple is in the device selling business and not in the data business. I am certain these were very important factors when they got their deals for Apple Pay with banks and CC companies.
No sane bankster or CC company would ever be caught publicly doing anything customer-data togeth
Re: (Score:2)
They didn't need to. Google does not need your credit card, or business with banks. The Google system works like swiping paypal across the terminal, and nothing like what Apple set up, which did require major backing from banks and credit cards.
Re: (Score:2)
I hate double posting but I missed something.
You seem to be under the impression that Google's solution didn't work. It did. Worked flawlessly at every terminal. It worked with every payment method you could link to it (I used an Australia credit card but gave a fake American address, now they check to see if the address and credit card actually match with the issuer).
There was no technical issue holding them back. There was no players they were missing, there were no partners they needed to make this work.
Re: (Score:2)
Not only were there hoops, but Google considered them loopholes and slowly shut them out.
When you think about it, all hoops are actually loopholes. [rimshot]
Re: (Score:2)
Google also insisted on getting in the middle of the transaction with their Wallet, and if my understanding is correct the results basically ended up providing an inferior experience to merchants since the cards ultimately got recognized as card-not-present. Apple on the other hand worked closely with everyone in the chain rather than trying to muscle their way in. If you're a merchant, the difference between paying card-present and card-not-present is often around 1% (because CNP has a lot more fraud ass
Re: (Score:2)
True but I don't buy into the 3G comments. 3G was not incredibly new or cutting edge. It was 8 years old by that point and in many countries it was working very well.
I think it was more of an effort to wait for the US mobile market to try and stabilize which was then (and frankly with your fragmentation is now still) a complete joke. In the rest of the world it was again a call of "about bloody time". Another case in point was the introduction of Facetime. I initially thought it was some kind of joke as at
So ApplePay needs new card readers? (Score:2)
So ApplePay needs new card readers? the retailers have to upgrade and replace working old readers to use it?
Well, I guess CVC [slashdot.org] will be glad to hear those news....
Re: (Score:2)
So ApplePay needs new card readers? the retailers have to upgrade and replace working old readers to use it?
As an example, Apple Pay would work just fine with the terminal in my company's canteen somewhere in the UK. Apple Pay needs the card terminals that everyone will have to buy anyway to replace their old ones.
Re: (Score:2)
Little retailers still face the liability shift, so they will likely upgrade as well. The problem with CurrentC is that they will still be obligated to support EMV, so they can't completely block progress.
Our local veterinarian a brand new reader there. I have used both EMV and NFC payment methods there.
That other "modern" payment competition (Score:2)
This looks almost as "promising" as that other "modern" payment competition to Apple Pay, you know the one with complicated QR codes, the one nobody can even remember the name of because it was so outdated, complicated and irrelevant even before it was actually launched.
I don't believe this. (Score:2)
Always or only since Apple released ApplePay?
Apple got it right (Score:2)
IMHO, Apple got ApplePay exactly right. Since it's built on existing systems and protocols, Samsung would do well to just copy it.
Re: (Score:2)
Since it's built on existing systems and protocols, Samsung would do well to just copy it.
This acquisition is actually quite telling. The fact that they're not blindly copying Apple this time is a strong indication of exactly how incompetent Samsung is. To replicate ApplePay, Samsung would need not only the technology (not really that hard to replicate, and they already have most if not all of it) but also the savvy to navigate the world of finance and negotiate with multiple entities in that industry. LoopPay, being solely a technology-based solution, sidesteps all of that. Note in this case th
Re: (Score:2)
They're also incurring a shit-ton of liability in storing magstripe copies - something that's a PCI violation however you interpret the standards. That means that in the case of fraud the cardholder (phoneholder?) will be considered liable instead of the bank or merchant, and as soon as that happens the inevitable class-action lawsuit against Samsung (far more lucrative than going after LoopPay would have been) will be a doozy.
Re: (Score:2)
Except that the market in contactless payment outside the USA has already been sown up. So while ApplePay might get traction in the USA, in the rest of the world it is very unlikely to get any significant traction.
Then again the USA has been a third world country when it comes to credit/debit card technology for some time.
Re: (Score:2)
Not necessarily sewn up - the fact that contactless terminals are everywhere in, for example, the UK means that when Apple Pay launches here (or any other similar NFC-based phone payment system) people will be able to start using it right away in most of their favourite shopping places.
I use contactless payment pretty much everywhere I shop where my transactions are routinely under £20 (the current contactless limit, rising to £30 soon) - pubs, grocery store, high street shops, gas stations, cof