[NewsPoster]

At yesterday's keynote to the Mobile World Congress, alongside the Galaxy S6 family of phones, Samsung revealed Samsung Pay, a competitor to the Apple Pay service. Not much was said about the new offering, derived almost entirely from the recent purchase of LoopPay -- but more information has come to light, including why Samsung noted in press materials that the phone could be remotely wiped to secure Samsung Pay information if lost.

Samsung has claimed that only 10 percent of merchants take Apple pay. This is a worldwide number -- US penetration is estimated at closer to 35 percent. However, that's a far cry from Samsung's estimate of 90 percent that will take Samsung Pay at launch, because of choices Samsung has made for compatibility. Samsung's compatibility decision to try to eclipse Apple's numbers has come at a cost of transaction security.

Samsung Pay works similarly to Apple Pay -- but not identically. Samsung boasts of greater compatibility with existing point-of-sale devices, and that's true. With Samsung Pay's first iteration, instead of Apple Pay's single-use tokenized transaction communicated using encrypted NFC -- Samsung Pay will use the same magnetic information stored on the user's credit card, which is transmitted to the merchant, each and every time, at least for now. The data stream is interceptable, but not casually so. Apple data, even if captured, is useless past the first transaction -- not so with Samsung Pay's data.

According to some data gleaned from various sources, a shopper on an all-day expedition for groceries and errands uses a credit card an average of six times in that day. With Apple Pay, six different tokens are generated, and each can only be used once. However, Apple Pay will, at least in the near-term, not be usable at all locations unless the shopper goes out of their way to seek out supporting merchants. Using Samsung Pay, the same un-randomized credit information is given to all six merchants, but users are likely to be able to use the system nearly anywhere.

Samsung is working towards a tokenized future -- but is not there yet. According to a report from The New York Times, "Samsung is working with both Visa and MasterCard to make substitute numbers available with LoopPay on the phones to boost security."

Additionally, while the LoopPay system is widely compatible with NFC point-of-sale terminals, if the bank doesn't participate in the system, the pass-through simply won't work, regardless of compatibility steps. So far, five banks have been named as participating in the Samsung system at launch -- American Express, Bank of America, Citi, JPMorgan Chase, and US Bank. More will likely be added prior to release and afterwards, but Apple has a significant leg up, now covering some 90 percent US card issuers.

Samsung Pay is available, for now, only on the Galaxy S6 family of phones. Apple Pay is available on the iPhone 6 family, but Apple Watch purchasers that have phones going back to the iPhone 5 can use it through the watch, and iPhone 5s and later users can also use it for in-app or online purchases. It is unknown if Samsung has similar functionality planned, but that would require a new wearable implementing the LoopPay functionality that we haven't seen yet.

Both systems will have problems with data stored outside the system. Banks often don't require that much in the way of identification for identity theft to occur. Customers are sometimes lax with personal data security, compounding the problem. Apple Pay and Samsung Pay are only as secure as their weakest link -- and for Apple, the weakest link is the bank's data security. For Samsung Pay, it remains to be seen if the weakest link is the first generation of the product using LoopPay technology, or the banks.

The LoopPay rebranding as Samsung Pay is a stepping stone for Samsung. Over time, it will forge the same agreements Apple has, and make the system more secure, as the industry demands it must. That future is not today, or even this year. It may not even be 2016. And in the meantime, Apple Pay will also grow and improve -- as will the recently-announced Android Pay, and presumably other rivals such as PayPal.

[jpellino]

Oh for the love of... worse security, cloning the name, over-the-top claims... If there's not a donut-shaped building in NJ by next year, I'll eat a bug.

[Flying Meat]

Very nice.

[prl99]

"Using Samsung Pay, the same un-randomized credit information is given to all six merchants, but users are likely to be able to use the system nearly anywhere." Of the last six merchants I went to, only two would have been able to accept Samsung Pay because four of them had cash registers the customer wouldn't have access to (most restaurants, some merchants) (Home Depot took Apple Pay and TD Curran, an Apple Authorized service center had a credit card terminal with the NFC symbol but the guy apologized saying the terminal service company hadn't set it up--but he probably meant they had turned it off). Too many people assume a customer will have easy physical access to the credit card device but this isn't so. If I want to use any mobile payment device to pay for a car wash, I need to get out of the card and go to the cashier. I have yet to see a restaurant where the wait staff carries around a portable credit card terminal (and I do eat at nice restaurants). Saying nearly anywhere is saying they have access to almost every credit card terminal and I don't believe that's anywhere near true. Unfortunately, this also applies to Apple Pay.

[Gathurm]

Very nice to read an article that has been A/ well researched, B/ accurate and C/ unbiased/balanced. Thank you.

[Charles Martin]

prl99: obviously, the experience varies around the country -- I can't recall the last time I was in a restaurant that didn't have a portable cc/debit terminal that they brought to your table or at least on the counter, and having had my cc stolen TWICE at restaurants over the years, I don't trust any establishment that takes your cc away from you and off to who knows where. I have been to a few small-town diners that still use the old-fashioned cash register (only), and even had that carbon-paper-based card-imprinting device (remember those)?

That said, America generally will be upgrading its terminals over the course of this year. As of this coming October, banks will no longer be responsible for losses from mag-strip cc cards if merchants haven't upgraded to EMV terminals, and the US is finally (finally!) getting chip-and-pin EMVs this year. While they're upgrading anyway, most merchants are expected to opt for NFC compatibility as well, since that just makes sense. Some places, as always, will be slow to change -- but here are powerful incentives to move on up.