N.Y. Times: Samsung subsidiary Loop Pay, part of Samsung Pay, hacked by Chinese group

One of the advantages of Samsung Pay is that the mobile payment service works not only with retailers who use NFC wireless POS systems, but it also works with every retailer that swipes a credit card to ring up a transaction. That is due to the magnetic secure transmission used by Loop Pay, which was purchased last February by Samsung. With Loop Pay, Samsung Pay can be used at over 10 million retailers globally.

A report in today's New York Times says that less than a month after being purchased by Samsung, Chinese hackers were able to break into Loop Pay's computer systems. The hackers, known as the Codoso Group or Sunshock Group, were reportedly seeking Loop Pay's magnetic secure transmission technology. According to Will Graylin, LoopPay’s chief executive and co-general manager of Samsung Pay, the hackers broke into Loop Pay's corporate network, but could not penetrate the system that deals with payments.

The scary part of the story is that Codoso Group's hack into Loop Pay was carried out in March, but wasn't discovered until August. A group investigating the Codoso Group stumbled upon Loop Pay data. Loop Pay and Samsung both say that they are confident that all infected machines were removed, but some security experts say that it is premature to say exactly what the hackers were able to accomplish, since the hack was first discovered in August.


Samsung Pay launched in the U.S. on September 28th, after more than $30 million in transactions was rung up by the service in South Korea.



source: NYTimes