Samsung Electronics is seeking to reassure customers that its mobile payment system is safe following a recently detected hack against LoopPay, a startup it acquired earlier this year and whose technology it has since integrated into its Samsung Pay mobile payment wallet.
On Wednesday, Samsung attempted to set the record straight about its mobile payment system by publishing a statement:
“The first thing to know is that Samsung Pay was not impacted and at no point was any personal payment information at risk,” the release reads. “This was an isolated incident that targeted the LoopPay office network, which is a physically separate network from Samsung Pay. The LoopPay incident was resolved and had nothing to do with Samsung Pay.”
The statement goes on to say that the intrusion affected three servers on LoopPay’s office network, which is separate from the production network that handles payment transactions under Samsung’s management.
According to The Financial Times, LoopPay has contacted two security firms to assist with the recovery process.
The electronics company first launched its Samsung Pay service back in August of this year for a South Korean release. The mobile payment wallet, which competes with Apple Pay to the extent that it urges shoppers to use their mobile handsets to make purchases and not their credit cards, came out in the United States last month.
Yuanta Securities analyst Lee Jae-yun told Reuters that despite not having directly affected Samsung, the LoopPay hack could nevertheless trigger security concerns among users regarding the integrity of their personal information.
These fears notwithstanding, if The New York Times is correct in reporting that the breach was indeed carried out by the Codoso Group, a Chinese hacker collective which is believed to be affiliated with the Chinese government and which has perpetrated attacks against major financial, defense, and other organizations in the past, the hack might not have exposed any user data.
As Ken Westin, a senior security analyst at Tripwire, told PCWorld, the group in this case would have likely targeted LoopPay’s code instead, possibly with the intent to collect information on individuals.
Samsung acquired LoopPay specifically for its Magnetic Secure Transmission, a technology which enables a mobile device emulate a magnetic stripe card. This feature helps Samsung Pay work with older payment systems.