If you're launching NFC payment software, the last thing you want is for people to start talking about its safety shortly after launch. But that's exactly what's happened to Samsung: while Samsung Pay launched in the US last week, the New York Times has reported that LoopPay – the subsidiary purchased by Samsung to assist with mobile payments – had been infiltrated for five months.
The breach only came to light in late August, when a separate organisation tracking the hackers, known as the Codoso Group, came across LoopPay data in the process of another investigation.
At the moment, it is claimed that the hackers only managed to access the corporate network, and the production system that helps manage payments, so customer data was not said to be at risk.
Still, as PR battles go, it's a struggle. One of the biggest barriers for new money technology to overcome is the fear that they're not as safe as traditional payment methods – card, cheque, or keeping huge sums of cash underneath your mattress. To that end, whether or not customer data was at risk, Samsung had to go on the defensive, and it's done that with a blog post outlining its position.
“The first thing to know is that Samsung Pay was not impacted and at no point was any personal payment information at risk,” the post starts. “This was an isolated incident that targeted the LoopPay office network, which is a physically separate network from Samsung Pay. The LoopPay incident was resolved and had nothing to do with Samsung Pay.
“We're confident that Samsung Pay is safe and secure. Each transaction uses a digital token to replace a card number. The encrypted token combined with certificate information can only be used once to make a payment. Merchants and retailers can't see or store the actual card data.”
For a hack that Samsung is so keen to paint as a LoopPay problem, Samsung Pay sure gets a lot of mentions here: eight to LoopPay's nine in the post. Assuming the hack is only as serious as the company's internal investigation claims, Samsung is aware of the damage whisperings of security flaws can be to a fledgling payment system – especially one that has Apple Pay as its main rival.