The banks hold the key

Will Samsung’s mobile wallet plans work? We’ll know in 7 months

Stay on Top of Enterprise Technology Trends

Get updates impacting your industry from our GigaOm Research Community
Join the Community!

Samsung has entered the mobile payments fray with its acquisition of LoopPay, giving it the technology to turn its smartphones into wireless credit cards that can purchase goods and service with a wave of the wrist. LoopPay is clearly Samsung’s answer to Apple Pay, but there’s still one missing piece from its payments puzzle.

With LoopPay’s technology the consumer electronics giant now has all of the technical tools to take on Apple Pay, but Samsung still needs to form direct partnerships with the card-issuing banks. If it doesn’t, then the upcoming transition to new chipped smart cards will be awfully rough on its contactless payments technology.

Today LoopPay’s technology relies on what is essentially a spoofing of the credit card. It records the credit card number off of your plastic’s magnetic stripe, and when its fob or smartphone sleeve is waved over a payment terminal, it transmits that number through a magnetic field, emulating the physical card swipe. The technology works at nearly all point-of-sale terminals today, and I can vouch for its effectiveness. I’ve used a Loop fob to buy coffee at Starbucks and tools at my local hardware store with no difficulty. As Samsung incorporates this technology into its phones, it will work the same way.

The problem is that this kind of static magnetic transaction is going to be phased out of the U.S. retail industry starting in October (it already has been in many other regions of the world). The U.S. is adopting EMV (the name comes from the initials of backers Europay, MasterCard and Visa), which will replace magnetic cards with smart chip cards that store encrypted data that LoopPay won’t be able to emulate — at least not without the cooperation of the banks.

LoopPay's most recent iPhone 6 sleeve with detachable "card" module
LoopPay’s most recent iPhone 6 sleeve with detachable “card” module

LoopPay founder Will Graylin and Samsung’s head of mobile payments Injong Rhee assured me in an interview on Thursday that both LoopPay and Samsung have been in discussions with multiple banks and those partnerships are forthcoming. They also said that LoopPay’s technology is already optimized to handle EMV payments as soon as those first bank deals are signed.

I have no reason to doubt Graylin and Rhee, since even before the acquisition LoopPay already had the backing of at least one credit card powerhouse — Visa was an investor — and Samsung itself wields enormous clout. If it commits to making a Loop-powered wallet a key feature in its smartphones, then banks will want to come to the table, just as they came to the table with Apple Pay.

But Graylin and Rhee wouldn’t offer any details on the specific banks they’re talking to or any timeline for when those deals would be in place. That’s worrisome because the clock is ticking. If those deals don’t come down by October then Samsung may find itself with a mobile wallet that increasingly doesn’t work.

What happens in October

This year, banks will start replacing your plastic with chipped cards, and by the end year MasterCard expects that half of all U.S. credit cards will support chip-and-PIN transactions. Meanwhile, U.S. retailers are replacing their point-of-sale terminals with new card readers that accept EMV transactions.

The transition to EMV in the U.S. was originally expected to be slow – and it will take years before that last small merchant upgrades its hardware – but recent big security breaches like the one affecting Target have lit a fire under the major retailers, explained Osama Bedier, a long-time veteran of the mobile payments space. Bedier founded and is now CEO of payments terminal maker Poynt. Previously, he ran [company]Google[/company] Wallet from its launch until 2013, did product development at PayPal and is an advisor to and investor in LoopPay competitor Coin.

By the October deadline, the top 100 biggest retailers in the U.S. will accept EMV payment, accounting for 40 percent of all in-store retail transactions, Bedier said. Why the hurry? If they don’t, they’ll be liable for any fraudulent transactions made on chipped card at their stores.

Every point-of-sale terminal maker is developing an EMV reader, including Square
Every point-of-sale terminal maker is developing an EMV reader, including Square

That’s a huge shift in the U.S. retail landscape, but LoopPay and other digital credit card makers like Coin, Plastc and Swyp like to point out that even new chipped cards will continue to sport magnetic stripes so they will be able to load them into their universal cards. Conversely, even new payments terminals will still have magnetic stripe readers, so every merchant will technically be able to accept a transaction with their devices.

The infrastructure will remain in place for retailers to continue accepting their digital cards, so everything is hunky-dory, right? Here’s the problem: just because a merchant can technically accept a mag stripe transaction doesn’t mean they will.

EMV transactions are more secure because they use cryptograms instead of the numbers printed on your card face. When digital card holders start sending that insecure static data over payment networks instead of using the encrypted chip on their physical cards, the banks will notice, and a certain point they’re going to start rejecting purchases.

“It all depends on how long the grace period is,” Bedier said. “It could be three months. It could be six months. But the card issuers will start declining transactions.”

Samsung’s opportunity

The key for any of these universal card makers is to demonstrate there’s enough utility and demand for their technology that the banks will gladly climb on board, Bedier pointed out. And here’s where Samsung has a big advantage.

On its own, LoopPay was a small company selling a niche product. But with the might of Samsung behind it, it has enormous advantages over its digital wallet competitors, who are mainly startups trying to crowdfund their products. If Samsung were to make a big commitment to embedding LoopPay’s tech in all of its forthcoming Galaxy smartphones and its wearables, or if Samsung created a detachable phone module that you could hand to a waiter or sales clerk, then the banks would likely eat it up. The banks want to offer their millions of Android customers an alternative to [company]Apple[/company] Pay.

Could LoopPay's technology make it into the Galaxy Gear?
Could LoopPay’s technology make it into the Galaxy Gear?

Furthermore, Samsung would have much larger potential retail appeal than Apple could ever hope to achieve any time in the near future. Graylin explained that LoopPay can route secure EMV data through the mag stripe reader, effectively turning a static transaction into a dynamic one. That means LoopPay could process EMV transactions at any terminal, as it wouldn’t be restricted to working with chip-and-PIN readers or systems with near-field communications (NFC) radios, which is the big limitation of Apple Pay.

With the banks’ cooperation, Samsung could also go beyond the EMV standard to offer tokens – temporary credentials good for only one or a limited number of payments – just the way Apple Pay does. Since LoopPay would be connected to the cloud through the Samsung mothership, it could constantly update its encrypted credit card data from the banks.

“I think we’re going to offer a very unique experience,” Graylin said. “I think people will soon see that.”

So over the next seven months we shouldn’t just be looking out for announcements on how Samsung will incorporate LoopPay’s technology into its products. We should also be watching for the specific banking deals Samsung signs. If it gets enough of them quickly, Samsung could find itself with a mobile wallet that could rival Apple Pay. If it doesn’t, Samsung’s fledgling mobile payments plans could wind up buried in the same heap as Google Wallet and Softcard.

9 Responses to “Will Samsung’s mobile wallet plans work? We’ll know in 7 months”

  1. ewalsh5

    With any financialm mobile app, security – by extension any interfacing with private, sensitive data, will be the key. + features like LDAP based device selection when you’re accessing your mobile banking app across different personal devices, device security, inherent encryption features at the app platform level – these are imperative. Fortunately Kony EMM APIs are coming out with something intelligent to pre-build a lot of these features out of the box for you. – – Eamon Walsh, commenting on behalf of IDG and Kony

  2. Mobile payments on Android should have been Google’s job to take care of. Google had around three years headstart with Google Wallet and they succeeded in doing almost nothing. Instead of playing around with Google Glass and a bunch of other futuristic projects they could have really built Google Wallet into a powerhouse payment system.

    Now I’m willing to bet there’s going to be some infighting between Google and Samsung about how mobile payments are going to be performed. I don’t know if there is now going to be some mobile payment fragmentation on Android devices. I guess it will all depend upon how Samsung and Google work with one another. Samsung was slick to grab that LoopPay user base to gain mobile payment market share quickly, but I wonder if that technology will end up being outdated. Google may have actually been working on some new mobile payment plans on its own and now may have to challenge Samsung and LoopPay.

    I offer no predictions. We’ll just have to see how things turn out. Google was stupid not to make more out of Google Wallet for all these years but they’re always doing things with only half-effort and then those projects end up being scrapped.

  3. I am sure Samsung and looppay will come up with a tech for added security. if suppose they can use the finger print scanner as an extra step of authentication, then i don’t think there is a need to worry about using MST at EMV enabled terminals. Merchants need not worry in that case.

  4. Samsung just got burned for capturing and transmitting unencrypted consumer conversations thru its (so called) smart TVs. The company is just not that reliable and trustworthy with consumer data & privacy. Why would the public — or the banks for that matter — trust them and their technology with financial transactions??

  5. Todd Metheny

    This is not accurate. They will not be liable for all fraud at their location in October. Merchants will be liable for fraud where the use of available EMV technology (both from the merchant and from the consumer) would have prevented the fraud. If the consumer doesn’t have an EMV card, no liability. If the merchant processor has not provided them with the means to be EMV ready the merchant will not be liable, the processor will be.

    • Kevin Fitchard

      You are correct, Todd. If a consumer uses an EMV card in a non-EMV terminal then the merchant is liable. If a consumer uses a mag-stripe-only card in an EMV terminal than the banks are liable.

      I was trying not to bog down the story in too many details to avoid confusion, but I believe you’re right. That point shouldn’t be glossed over. I’ll add something to clarify

  6. Btw, the US is implementing the less secure Chip + Signature which can still be spoofed, not Chip + PIN. The committee that decides this stuff said the US consumer would not be able to figure out the PIN part and they will go for PIN in the future.

    The upside to all of this is that as banks start refusing swiped transactions, small mom & pop retailers are also forced to upgrade their terminals with modern ones that have Chip readers and contact-less payment standard. So it helps Google Wallet, Apple Pay and others too.

    My one gripe with Apple Pay, although I absolutely love it, is that it doesn’t have a solution for situations where you have to hand your card to someone like opening a tab at a bar or paying the bill at a restaurant. Loop is cool because you can hand the barkeep or waiter a physical item to take away with them. Apple and Google’s solution would work better in Europe in these cases since the staff bring the reader to you.

    • Kevin Fitchard

      Hey Sxt173,

      I’ve been hearing from the POS guys and the card processors that full-bore chip-and-PIN was going to be the norm because it was more secure. The original plan was to use Chip-and-Signature as kind of bridge to PIN codes (and some are still doing CNS readers like Square), but retailers decided to move to full bore Chip-and-PIN.

      I should definitely look into this more, though, because you’re right, telling American consumers that they suddenly need a PIN code for their credit cards is going to be a tough sell (I know my credit cards have PINs but I don’t know what they are). I think the large-scale adoption of debit cards as helped, don’t you?

      Anyway I’ll look into this more. Thanks for commenting.