I had forgotten about LoopPay, and wouldn't have noted any advantage to it anyway until AI mentioned it. Sounds like something Apple might figure a way of designing in themselves as on the surface (Not MS )it does sound advantageous.
There will be no advantage to LoopPay. By the time it really gets going on Samsung phones, all of the merchants will have upgraded their terminals (as mandated by the CC companies) anyway, and these will all accept ApplePay, AndroidPay, or Samsung Pay (via NFC) as well. Plus it is cumbersome to use and brought with all of the same security issues that traditional CCs come with.
Mmm ... In regard to NFC cc payment offerings, it appears that one is not enough and two is too many!
They won't all be updated as there's no legal requirement to do so AFAIK. Mom and Pop's Corner Store will probably keep using their old swipe machine just as they have for years.
Since the credit card companies will shift the burden of fraud reimbursements to vendors using older, less secure machines, then I think that's a pretty good incentive to upgrade.
Here is the issue, and the same is true for Apple, if the merchant or POS does not support NFC, you have to swipe, okay the Samsung system may work with swipes, but if the Merchant upgrade to chip and pin POS as required come Oct or they bare all loses due to fruad, then the Samsung System will not either work. If you have a chip and pin card today and swipe it on a POS with Chip and Pin the terminal knows you have the chip and forces you to put the card into the slot and leave it their until the transaction is complete. It will not allow you to swipe it as long as you have the chip on your CC. I have had this happen to me a couple times already and the whole chip and pin process it longer than just Apple pay.
Most smaller mechants do not seem to be upgrading to NFC they using the cheaper chip and pin POS so you will still need you CC with you for a while.
There will be no advantage to LoopPay. By the time it really gets going on Samsung phones, all of the merchants will have upgraded their terminals (as mandated by the CC companies) anyway, and these will all accept ApplePay, AndroidPay, or Samsung Pay (via NFC) as well. Plus it is cumbersome to use and brought with all of the same security issues that traditional CCs come with.
LoopPay is potentially worse than a card swipe as the LoopPay signals can be picked up wirelessly (and not in close proximity), making security even more vulnerable. There is no encryption at all on the card-swiped data, so the same goes for LoopPay.
LoopPay could've been convenient 5 years ago, but magnetic swiping is in its sunset now.
If Samsung Pay mimics a card swipe then the security element is reduced. The merchant will have the card number and customer data in their system ready for the hacker to abscond with. Sure, the extra convenience is attractive but if security is the goal then no. If the data breaches continue Samsung Pay will take part of the blame.
But I see great reluctance to use any of this technology by the general public. What I’d like to see is a news report about a big retailer like Target getting hacked again followed by an announcement that those customers who used ?Pay at Target are not affected by the breach because their data was encrypted and not available to the hackers. That might make an impact on public opinion.
There will be no advantage to LoopPay. By the time it really gets going on Samsung phones, all of the merchants will have upgraded their terminals (as mandated by the CC companies) anyway, and these will all accept ApplePay, AndroidPay, or Samsung Pay (via NFC) as well. Plus it is cumbersome to use and brought with all of the same security issues that traditional CCs come with.
LoopPay is potentially worse than a card swipe as the LoopPay signals can be picked up wirelessly (and not in close proximity), making security even more vulnerable. There is no encryption at all on the card-swiped data, so the same goes for LoopPay.
LoopPay is potentially worse than a card swipe as the LoopPay signals can be picked up wirelessly (and not in close proximity), making security even more vulnerable. There is no encryption at all on the card-swiped data, so the same goes for LoopPay.
LoopPay could've been convenient 5 years ago, but magnetic swiping is in its sunset now.
LoopPay is mixed. Some older cards will actually transmit raw card data wirelessly. Most cards will use tokenization/HCE so reading the wireless signal doesn't matter. The third type (which LoopPay says is coming) will use the exact same tokenization system Apple uses. So you've got a mixed bag of security from not at all up to the best available.
All it's going to take is one "hacker" to show how they skimmed a card from a Samsung phone by putting an antenna beside the terminal. Even though these represent a small number of the cards it's still going to scare the hell out of people. How can Samsung recover from that by telling people most cards are tokenized?
If Samsung Pay mimics a card swipe then the security element is reduced. The merchant will have the card number and customer data in their system ready for the hacker to abscond with. Sure, the extra convenience is attractive but if security is the goal then no. If the data breaches continue Samsung Pay will take part of the blame.
But I see great reluctance to use any of this technology by the general public. What I’d like to see is a news report about a big retailer like Target getting hacked again followed by an announcement that those customers who used ?Pay at Target are not affected by the breach because their data was encrypted and not available to the hackers. That might make an impact on public opinion.
Why would you wish for someone's information to be hacked? It's also be the people who used NFC payments that were protected. Not just Apple Pay
Really, can't this company come up with their own stuff? I do like how they approach this different as with the accession of LoopPay, but Apple Pay was first, then Google Pay, and now Samsung Pay? Well, we will soon see all merchants accepting these as their previous contracts update next month (?)
Samsung's strategy is not so much coming up with their own stuff as throwing everything at the wall and seeing what sticks.
LoopPay is mixed. Some older cards will actually transmit raw card data wirelessly. Most cards will use tokenization/HCE so reading the wireless signal doesn't matter. The third type (which LoopPay says is coming) will use the exact same tokenization system Apple uses. So you've got a mixed bag of security from not at all up to the best available.
All it's going to take is one "hacker" to show how they skimmed a card from a Samsung phone by putting an antenna beside the terminal. Even though these represent a small number of the cards it's still going to scare the hell out of people. How can Samsung recover from that by telling people most cards are tokenized?
I thought Samsung Pay was the tokenization equivalent to Apple Pay (or other tokenization schemes). And LoopPay is the technical equivalent to swiping a magnetic stripe in a reader (whose data, I believe, are not encrypted).
Put it another way, Samsung Pay uses NFC wireless tech (with tokenization), and LoopPay uses "magnetic signal transmission" tech to simulate the magnetic pickup from a physical card swipe (with no encryption). Two different wireless technologies. Two different "protocols."
From the article: "Tod Beardsley, engineering manager at security firm Rapid7, told Mashable that Samsung's use of "extremely legacy technology" [regarding LoopPay - formosa] is not a good thing. We should be moving away from this technology, not repurposing it."
Edit: after reading some more, it seems like LoopPay is (or will become) a subset of Samsung Pay. Very confusing...
Apple was first with the fully assembled home PC, the GUI outside of Xerox, the tablet computer (who here remembers the Newton?), the touchscreen smart phone, and many other things...but all those things have all been "copied" by other companies. Just like Ford is not the only car on the road, Apple shouldn't expect to be the only computer manufacturer. We can patent ideas which make things better, not things themselves. You can't patent wood, for example, you can patent a way to use wood.
It wouldn't be difficult to pick up magnetic signals wirelessly (the trick is to do it discreetly), and once captured, the card stripe data are not encrypted - I believe. There are numerous articles from companies that propose schemes to encrypt the magnetic stripe data, but I don't know if any of these schemes are in practice. From what I've read (I'm not intimately familiar with this industry), they are not.
The long term solution here is for the banks, credit card companies, cell phone manufacturers and all other interested parties to create some industry-wide standards. NFC payment should be as open and standardized as mag stripes. These proprietary systems will be short-lived as all involved find supporting all the conflicting providers expensive and error-prone.
I would not be surprised to see Apple make the ApplePay system available for licensing or turn the IP over to an industry standards body of some sort.
The long term solution here is for the banks, credit card companies, cell phone manufacturers and all other interested parties to create some industry-wide standards. NFC payment should be as open and standardized as mag stripes. These proprietary systems will be short-lived as all involved find supporting all the conflicting providers expensive and error-prone.
I would not be surprised to see Apple make the ApplePay system available for licensing or turn the IP over to an industry standards body of some sort.
This is one of the very few posts worth reading in this thread so far.
Since the credit card companies will shift the burden of fraud reimbursements to vendors using older, less secure machines, then I think that's a pretty good incentive to upgrade.
Yes, but the banks issuing the credit cards have their hands full just converting all their existing customers to chip cards. It's two months away from the conversion deadline, and I still have a wallet full of credit cards without chips, cards that were JUST reissued a couple of months ago.
Given that, any customer that has not yet been issued a chip card is still the banks responsibility if the card information gets hacked. By some accounts it will take the banks a year or more after the conversion deadline to distribute chip cards. Therefore, there's not as much much incentive for the merchants to rush out and buy new equipment immediately. So there's going to be a significant transition period where having the mag stripe reader may be useful. However, it's not a long term strategy for Samsung.
The long term solution here is for the banks, credit card companies, cell phone manufacturers and all other interested parties to create some industry-wide standards.
That's already been done and the standards agreed on by the carriers, banks, processors and CC providers. Work started on this years ago. Search up PCI mobile payment standards. There's lots of stuff to read. Apple is using what the PCI mobile payment security guidelines already established as requirements. All these mobile payment solutions now rolling out are looking similar for that reason.
Comments
Mmm ... In regard to NFC cc payment offerings, it appears that one is not enough and two is too many!
Since the credit card companies will shift the burden of fraud reimbursements to vendors using older, less secure machines, then I think that's a pretty good incentive to upgrade.
Here is the issue, and the same is true for Apple, if the merchant or POS does not support NFC, you have to swipe, okay the Samsung system may work with swipes, but if the Merchant upgrade to chip and pin POS as required come Oct or they bare all loses due to fruad, then the Samsung System will not either work. If you have a chip and pin card today and swipe it on a POS with Chip and Pin the terminal knows you have the chip and forces you to put the card into the slot and leave it their until the transaction is complete. It will not allow you to swipe it as long as you have the chip on your CC. I have had this happen to me a couple times already and the whole chip and pin process it longer than just Apple pay.
Most smaller mechants do not seem to be upgrading to NFC they using the cheaper chip and pin POS so you will still need you CC with you for a while.
There will be no advantage to LoopPay. By the time it really gets going on Samsung phones, all of the merchants will have upgraded their terminals (as mandated by the CC companies) anyway, and these will all accept ApplePay, AndroidPay, or Samsung Pay (via NFC) as well. Plus it is cumbersome to use and brought with all of the same security issues that traditional CCs come with.
LoopPay is potentially worse than a card swipe as the LoopPay signals can be picked up wirelessly (and not in close proximity), making security even more vulnerable. There is no encryption at all on the card-swiped data, so the same goes for LoopPay.
LoopPay could've been convenient 5 years ago, but magnetic swiping is in its sunset now.
If Samsung Pay mimics a card swipe then the security element is reduced. The merchant will have the card number and customer data in their system ready for the hacker to abscond with. Sure, the extra convenience is attractive but if security is the goal then no. If the data breaches continue Samsung Pay will take part of the blame.
But I see great reluctance to use any of this technology by the general public. What I’d like to see is a news report about a big retailer like Target getting hacked again followed by an announcement that those customers who used ?Pay at Target are not affected by the breach because their data was encrypted and not available to the hackers. That might make an impact on public opinion.
I pay with my Apple Watch. Samesung fail.
That'd be a killer -- do you have a link?
and Samsung will begin trailing the service for some U.S. users on August 25.
Yep, Samsung is trailing, always trailing.
LoopPay is mixed. Some older cards will actually transmit raw card data wirelessly. Most cards will use tokenization/HCE so reading the wireless signal doesn't matter. The third type (which LoopPay says is coming) will use the exact same tokenization system Apple uses. So you've got a mixed bag of security from not at all up to the best available.
All it's going to take is one "hacker" to show how they skimmed a card from a Samsung phone by putting an antenna beside the terminal. Even though these represent a small number of the cards it's still going to scare the hell out of people. How can Samsung recover from that by telling people most cards are tokenized?
i'll reserve my joy when it's hacked.
Why would you wish for someone's information to be hacked? It's also be the people who used NFC payments that were protected. Not just Apple Pay
Samsung's strategy is not so much coming up with their own stuff as throwing everything at the wall and seeing what sticks.
LoopPay is mixed. Some older cards will actually transmit raw card data wirelessly. Most cards will use tokenization/HCE so reading the wireless signal doesn't matter. The third type (which LoopPay says is coming) will use the exact same tokenization system Apple uses. So you've got a mixed bag of security from not at all up to the best available.
All it's going to take is one "hacker" to show how they skimmed a card from a Samsung phone by putting an antenna beside the terminal. Even though these represent a small number of the cards it's still going to scare the hell out of people. How can Samsung recover from that by telling people most cards are tokenized?
I thought Samsung Pay was the tokenization equivalent to Apple Pay (or other tokenization schemes). And LoopPay is the technical equivalent to swiping a magnetic stripe in a reader (whose data, I believe, are not encrypted).
Put it another way, Samsung Pay uses NFC wireless tech (with tokenization), and LoopPay uses "magnetic signal transmission" tech to simulate the magnetic pickup from a physical card swipe (with no encryption). Two different wireless technologies. Two different "protocols."
Or is LoopPay more than I understand?
http://mashable.com/2015/03/03/samsung-pay-security/
From the article: "Tod Beardsley, engineering manager at security firm Rapid7, told Mashable that Samsung's use of "extremely legacy technology" [regarding LoopPay - formosa] is not a good thing. We should be moving away from this technology, not repurposing it."
Edit: after reading some more, it seems like LoopPay is (or will become) a subset of Samsung Pay. Very confusing...
Apple was first with the fully assembled home PC, the GUI outside of Xerox, the tablet computer (who here remembers the Newton?), the touchscreen smart phone, and many other things...but all those things have all been "copied" by other companies. Just like Ford is not the only car on the road, Apple shouldn't expect to be the only computer manufacturer. We can patent ideas which make things better, not things themselves. You can't patent wood, for example, you can patent a way to use wood.
That'd be a killer -- do you have a link?
No, I don't have a direct link. See my post #34.
It wouldn't be difficult to pick up magnetic signals wirelessly (the trick is to do it discreetly), and once captured, the card stripe data are not encrypted - I believe. There are numerous articles from companies that propose schemes to encrypt the magnetic stripe data, but I don't know if any of these schemes are in practice. From what I've read (I'm not intimately familiar with this industry), they are not.
The long term solution here is for the banks, credit card companies, cell phone manufacturers and all other interested parties to create some industry-wide standards. NFC payment should be as open and standardized as mag stripes. These proprietary systems will be short-lived as all involved find supporting all the conflicting providers expensive and error-prone.
I would not be surprised to see Apple make the ApplePay system available for licensing or turn the IP over to an industry standards body of some sort.
Love the subhead.....
"At its Unpacked press event on Thursday, Samsung announced..."
I wonder if the Sammy presenters were confused by the sound of crickets after their presentation?
The long term solution here is for the banks, credit card companies, cell phone manufacturers and all other interested parties to create some industry-wide standards. NFC payment should be as open and standardized as mag stripes. These proprietary systems will be short-lived as all involved find supporting all the conflicting providers expensive and error-prone.
I would not be surprised to see Apple make the ApplePay system available for licensing or turn the IP over to an industry standards body of some sort.
This is one of the very few posts worth reading in this thread so far.
You get it.
Since the credit card companies will shift the burden of fraud reimbursements to vendors using older, less secure machines, then I think that's a pretty good incentive to upgrade.
Yes, but the banks issuing the credit cards have their hands full just converting all their existing customers to chip cards. It's two months away from the conversion deadline, and I still have a wallet full of credit cards without chips, cards that were JUST reissued a couple of months ago.
Given that, any customer that has not yet been issued a chip card is still the banks responsibility if the card information gets hacked. By some accounts it will take the banks a year or more after the conversion deadline to distribute chip cards. Therefore, there's not as much much incentive for the merchants to rush out and buy new equipment immediately. So there's going to be a significant transition period where having the mag stripe reader may be useful. However, it's not a long term strategy for Samsung.