There can't be ANY security measures going on here. What they're doing is transmitting an electromagnetic signal from the phone directly into the mag stripe read head, therefore in order for the reader to "think" it just scanned a card, the signal must carry the mag stripe info exactly as it is on the card. And it's on the card in a totally insecure way. Also, this means that the phone must store all the mag stripe info in its memory (now THAT is probably encrypted... but how well?). There is no Secure Enclave in an Android phone like there is in an iPhone, so I wouldn't be surprised that this stored CC info is just there for the taking with little effort. Same applies to the fingerprint data stored on the Android phone.
I'll go pop some popcorn and watch this one play out. Should be interesting.
That was my initial thought: how is LoopPay better (more secure) than the normal magnetic swipe? I didn't see any mention of extra security measures, so if it's just replacing the actual magnetic swipe physical motion with a transmitted EM signal to the same EM reader in the same format as before, then this is really underwhelming.
It's not so much ripping off Apple as coasting off their Apple Pay momentum. They would've never decided to delve into this area if Apple hadn't already paved the way.
Except ?Pay is in its infancy and mobile payments is something that has been talked about for years. If this was typical Samsung they would have brought out an (inferror) mobile payments solution BEFORE ?Pay just so they could claim they were "first". If we want to talk about copying lets talk about Huawei who just announced new phone called Honor 6 Plus. Now that's blatent copying.
Apple Pay is very new, but already there are tens of millions of iPhones capable of utilizing it. That number moved Apple Pay from infancy to adolescence in a matter of a month or two. Along with the adoption of all the major banks and most of the major retailers, Apple Pay has moved to a place that is well beyond the chicken/egg place and is now established. Regardless of what we may conjecture about what Samsung may have done, the fact that Apple made the leap from announcement to nearly complete adoption in less then 60 days is an amazing feat.
Loop Pay is basically using an em field to induce a current in the reader where a credit card induces that same current by passing a magnetic strip under the reader. Interesting idea but am I the only person that thinks broadcasting your credit card numbers in the clear like that is a really really dumb idea?
I mean sure the signal can be very weak but that just means you need a bigger dish to read it without contact. Alternatively you can just put a skimmer off to the side (but still very close to the actual machine).
There can't be ANY security measures going on here. What they're doing is transmitting an electromagnetic signal from the phone directly into the mag stripe read head, therefore in order for the reader to "think" it just scanned a card, the signal must carry the mag stripe info exactly as it is on the card. And it's on the card in a totally insecure way. Also, this means that the phone must store all the mag stripe info in its memory (now THAT is probably encrypted... but how well?). There is no Secure Enclave in an Android phone like there is in an iPhone, so I wouldn't be surprised that this stored CC info is just there for the taking with little effort. Same applies to the fingerprint data stored on the Android phone.
I'll go pop some popcorn and watch this one play out. Should be interesting.
That was my initial thought: how is LoopPay better (more secure) than the normal magnetic swipe? I didn't see any mention of extra security measures, so if it's just replacing the actual magnetic swipe physical motion with a transmitted EM signal to the same EM reader in the same format as before, then this is really underwhelming.
That's pretty much how I read it too. All of the same old problems with the retailer being hacked and the account into being tied to the customer still applies. Plus now, we have a phone/dongle containing the same info but now on a non-iPhone with a much lower level of innate security...AND the signal with the card strip info is being transmitted into the open air in an unencrypted manner. If we can read a digital signal from the edge of the solar system, someone can read this piss ant signal from a few feet away.
I see two problems with it though, off the top of my head.
First, there is the issue of trust and security. Who really trusts Scamsung?
And second, there's the issue of cheap Fandroid bums. I believe that many Android users do not have any credit cards to their name. I haven't looked into any of the finer details for this new payment system yet, but hopefully there's a way to input EBT card data into the phone.
The "cheap Fandroid bums" usually shop at Walmart which "isn't gonna pay no bank charges" if it kills 'em.
Motorola Atrix had fingerprint scanner before Apple or Samsung. Google Wallet existed before ?Pay Apple isn't usually the first to something, but they're usually the first to get the UX right. Mobile payments isn't an Apple invention and I'll make a wager right now that whatever Samsung rolls out it won't be as elegant and user friendly as ?Pay.
Even if they get it right, which I doubt they will, it will be half-@ssed (with 98% certainty), it won't go anywhere.
The leadership at Samsung as spoken: it has told it's phone division to simply copy what works.
At least Apple can wait and take other's ideas and do it right. They don't copy: 99% of the time they take an idea and make it great and well-loved and a money-maker.
So LoopPay requires special hardware (dongle) to inject a facsimile of a magnetic card swipe signal wirelessly. Interesting concept for greatest compatibility, but unless there's some serious security measures going on behind the scenes, someone can sniff this signal from afar.
Sounds like it would make credit card skimming that much easier if your card number could be obtained contactless.
I like the LoopPay app, it's really well designed. The animation guide looks very cute. The ChargeCase appears to be of less quality, but it works like a charm just as it claims. Every time I use it people are amazed. Review here: http://www.nicee.co/reviews/gadgets/peripherals/looppay/2014/06/chargecase
There can't be ANY security measures going on here. What they're doing is transmitting an electromagnetic signal from the phone directly into the mag stripe read head, therefore in order for the reader to "think" it just scanned a card, the signal must carry the mag stripe info exactly as it is on the card. And it's on the card in a totally insecure way. Also, this means that the phone must store all the mag stripe info in its memory (now THAT is probably encrypted... but how well?). There is no Secure Enclave in an Android phone like there is in an iPhone, so I wouldn't be surprised that this stored CC info is just there for the taking with little effort. Same applies to the fingerprint data stored on the Android phone.
I'll go pop some popcorn and watch this one play out. Should be interesting.
If you review the scant security pages on LoopPay's website, you'll see that they quietly avoid these concerns altogether. They only address the "what if someone steals the dongle attached to my phone, can they make purchases?" And "can someone put my credit card number into their device?"
Both questions are answered with some weak answers: (1) you can make the device always require that it be attached to your phone, and (2) their system doesn't work if the name on the card doesn't match the owner of the registered dongle. That's it. They don't address any of the other security loop holes such as card skimmers or hacking credit card databases held by retailers.
Comments
How have you lasted here a month? Get out.
There can't be ANY security measures going on here. What they're doing is transmitting an electromagnetic signal from the phone directly into the mag stripe read head, therefore in order for the reader to "think" it just scanned a card, the signal must carry the mag stripe info exactly as it is on the card. And it's on the card in a totally insecure way. Also, this means that the phone must store all the mag stripe info in its memory (now THAT is probably encrypted... but how well?). There is no Secure Enclave in an Android phone like there is in an iPhone, so I wouldn't be surprised that this stored CC info is just there for the taking with little effort. Same applies to the fingerprint data stored on the Android phone.
I'll go pop some popcorn and watch this one play out. Should be interesting.
That was my initial thought: how is LoopPay better (more secure) than the normal magnetic swipe? I didn't see any mention of extra security measures, so if it's just replacing the actual magnetic swipe physical motion with a transmitted EM signal to the same EM reader in the same format as before, then this is really underwhelming.
Apple Pay is very new, but already there are tens of millions of iPhones capable of utilizing it. That number moved Apple Pay from infancy to adolescence in a matter of a month or two. Along with the adoption of all the major banks and most of the major retailers, Apple Pay has moved to a place that is well beyond the chicken/egg place and is now established. Regardless of what we may conjecture about what Samsung may have done, the fact that Apple made the leap from announcement to nearly complete adoption in less then 60 days is an amazing feat.
Loop Pay is basically using an em field to induce a current in the reader where a credit card induces that same current by passing a magnetic strip under the reader. Interesting idea but am I the only person that thinks broadcasting your credit card numbers in the clear like that is a really really dumb idea?
I mean sure the signal can be very weak but that just means you need a bigger dish to read it without contact. Alternatively you can just put a skimmer off to the side (but still very close to the actual machine).
That's pretty much how I read it too. All of the same old problems with the retailer being hacked and the account into being tied to the customer still applies. Plus now, we have a phone/dongle containing the same info but now on a non-iPhone with a much lower level of innate security...AND the signal with the card strip info is being transmitted into the open air in an unencrypted manner. If we can read a digital signal from the edge of the solar system, someone can read this piss ant signal from a few feet away.
The "cheap Fandroid bums" usually shop at Walmart which "isn't gonna pay no bank charges" if it kills 'em.
apple pay is a failure itself, cant believe the intelligence of those samsung monkeys.
And the basis for this pronouncement after a month is what exactly?
apple pay is a failure itself, cant believe the intelligence of those samsung monkeys.
"Troll, troll troll, troll. Troll!"
go home, son.
Motorola Atrix had fingerprint scanner before Apple or Samsung. Google Wallet existed before ?Pay Apple isn't usually the first to something, but they're usually the first to get the UX right. Mobile payments isn't an Apple invention and I'll make a wager right now that whatever Samsung rolls out it won't be as elegant and user friendly as ?Pay.
Even if they get it right, which I doubt they will, it will be half-@ssed (with 98% certainty), it won't go anywhere.
The leadership at Samsung as spoken: it has told it's phone division to simply copy what works.
At least Apple can wait and take other's ideas and do it right. They don't copy: 99% of the time they take an idea and make it great and well-loved and a money-maker.
Shamesung: the opposite.
Sounds like it would make credit card skimming that much easier if your card number could be obtained contactless.
How is that ripping Apple off? Did Tim Cook invent workplace diversity? /s
Review of the LoopPay ChargeCase: http://www.nicee.co/reviews/gadgets/peripherals/looppay/2014/06/chargecase
Review here: http://www.nicee.co/reviews/gadgets/peripherals/looppay/2014/06/chargecase
If you review the scant security pages on LoopPay's website, you'll see that they quietly avoid these concerns altogether. They only address the "what if someone steals the dongle attached to my phone, can they make purchases?" And "can someone put my credit card number into their device?"
Both questions are answered with some weak answers: (1) you can make the device always require that it be attached to your phone, and (2) their system doesn't work if the name on the card doesn't match the owner of the registered dongle. That's it. They don't address any of the other security loop holes such as card skimmers or hacking credit card databases held by retailers.
How out of date are retail outlets in the US? Still using swipe?
Hey! At least they don't demand payment in poultry anymore (mostly).