Samsung-pay

The system behind Samsung-Pay, LoopPay, has been the victim of an attack from sophisticated Chinese hackers that have affiliations with the state, according to The New York Times.

The hacker group, known as Codoso Group, successfully breached LoopPay’s corporate network, including their email and file servers, but failed to enter the portion of the network that deals with payments. The attackers were after the company’s magnetic secure transmission (MST) technology, but according to a statement from Samsung, the breach did not affect Samsung pay itself.

Loop Pay’s system, similar to Apple and Google services, enables Samsung users to pay for items using their smartphone. The MST system that the hackers were after allows the service to operate similar to physical cards with a magnetic stripe, making LoopPay compatible with older point-of-sale technology.

Samsung acquired the Burlington-based LoopPay for $250 million USD in February, just months after the attack was discovered in August 2014. It’s thought the breach could have began as early as March. LoopPay’s new parent company has been quick to shake off concerns that the hack would reveal private data.

“We’re confident that Samsung Pay is safe and secure. Each transaction uses a digital token to replace a card number. The encrypted token combined with certificate information can only be used once to make a payment,” said Samsung in a statement.  

According to the New York Times, the Chinese hacker group known as Codoso Group, who have been implicated in a series of state-affiliated attacks, are well known for leaving and maintaining hidden backdoors in infiltrated networks, suggesting that LoopPay may not be out of the woods yet.

The company has hired two independent forensics teams to handle the breach, who continue to work on the case. The company and parent Samsung seem unfazed by the attempted hack, forging ahead with the U.S. launch of Samsung Pay just over a month after the breach was discovered.