Mercator Blog

Samsung Technology Offers Consumers the Best Payment Solution. Is That Enough?
Date: March 3, 2015
Tim Sloane
Vice President, Payments Innovation
On Sunday, March 1, Samsung announced the Galaxy S6 (and Galaxy S6 edge) and LoopPay payments. The new LoopPay solution uses a technology called Magnetic Secure Transmission (MST) and represents a major improvement over the current LoopPay fob, which Mercator Advisory Group analyzed in an earlier blog titled “Several Challenges Confront Samsung in Gaining Momentum with LoopPay.” The fob was not only shrunk to fit inside the new Galaxy S6 and S6 edge, but it also was updated to support both tokenization via the magnetic head and full support for Near Field Communication, or NFC. Perhaps most interesting is the fact the device will detect NFC if it is available and use that as the preferred payment mechanism, defaulting to the mag head only if NFC is unavailable. As a result, the Samsung device will be capable of supporting 90% of merchant locations, including all merchants that support NFC, a clear and large advantage over Google Wallet and Apple Pay. But that may be insufficient for market success.

We begin this analysis by reviewing and updating the analysis presented in our earlier blog cited above, which was predicated on the LoopPay fob’s feature set. In that blog we stated:

“Apple clearly achieved a marketing coup when banks all took out ads communicating the benefits of Apple Pay, not only to their customers but to the larger market as well. It is unclear what business arrangements Samsung will put in place (if any) to encourage bank participation, much less banks’ advertising investment. In theory LoopPay enables Samsung to ignore the banks, but if Samsung does that, then it is likely to also lose banks’ marketing participation. This problem is a Samsung business and contractual consideration that only Samsung can answer, but failing to address it would be a major failure on Samsung’s part.”

Marketing and consumer attention indeed remain the key issues that may prevent broad adoption of what is clearly a better payment product for consumers. Google has achieved a partnership with mobile carriers through the acquisition of Softcard, and the carriers in turn have agreed to preload Google Wallet onto compatible mobile devices. It is rumored that Samsung has annoyed the mobile carriers by deploying a solution that bypasses carrier control of the Secure Element and has failed to provide any incentives for bank participation. Marketing LoopPay and gaining consumer awareness of the solution may be the largest stumbling blocks to success. Also, no date has been announced for the initial provisioning of LoopPay that Mercator is aware of. As discussed below, the LoopPay solution does not utilize the Secure Element (SE) and so may need to go through a protracted certification process.

The second issue that was discussed in the earlier blog cited above is the question of how Samsung would monetize LoopPay. It has been rumored that banks have refused to offer any basis points on transactions back to Google or Samsung, so if a monetization plan is possible, it will likely be through the sale of new features within the wallet directly to the consumer, not from the banks or networks.

The third issue discussed was regarding comfort of usage at the point of sale:

“LoopPay, as it is currently implemented (not in the as yet unreleased Samsung implementation), does not require the point of sale (POS) terminal to be updated by the merchant. Most POS devices that accept magnetic-stripe cards will accept the LoopPay device. But will consumers know how to use LoopPay in a smartphone? Will the clerk or the store be comfortable with customers pushing their phones against the POS? How will Samsung educate consumers and merchants on this new payment interaction at the POS?”

This clearly remains a question that needs to be answered by Samsung and banks that adopt LoopPay. In the earlier blog I then listed the following seven potential issues. Their status is shown here in boldface type; those that are resolved with the new implementation of LoopPay are indicated as “FIXED.”

“1. LoopPay today transmits the card number to the POS magnetic head. The number is NOT tokenized and so lacks the security feature of Apple Pay. (FIXED)

2. LoopPay sends the card number using an electromagnetic field that “rattles” the POS head from a distance. Depending on the signal LoopPay projects, it may be an added security risk. (REMAINS POTENTIAL ISSUE)

3. LoopPay can be modified to send a token (random alphanumeric character sequence) instead of a card number, but this will preclude wide acceptance because POS devices must be updated with new software to expect the token via the mag head of the POS device. (FIXED) In addition, if a token is used, then the payment networks and the issuing banks must be integrated into the provisioning process. (REMAINS POTENTIAL ISSUE)

4. LoopPay could use encrypted card numbers or even virtual card numbers to protect card data, but either approach limits acceptance by necessitating upgrades of POS terminals and either requires new card network and card issuer infrastructure, similar to, but different from Apple Pay. (FIXED)

5. Training of consumer and clerks will be needed to teach them that this method of payment is safe and acceptable. (REMAINS POTENTIAL ISSUE)

6. It is unclear if the LoopPay device under development by Samsung will include its own SE or utilize the other Samsung security model (Knox). If everything is not embedded in LoopPay, then this version of LoopPay does not represent a “de facto standard” that could be implemented across all Android devices (should Samsung wish to sell the chip and should other device manufacturers be willing to accept a chip from Samsung). (Samsung apparently established a new software secure element using the ARM TrustZone architecture. This approach enables deployment without mobile carrier participation and in theory suggests that other manufacturers could do the same using this technology, but Mercator’s discussion with a Samsung partner suggests it is unlikely Samsung will license technology to others.)

If Samsung embraces a tokenization model similar to that deployed by the payment networks to support Apple Pay, then it must find a way to partner with or circumvent mobile carriers’ control of the Secure Element. Apple added an extra SE to the iPhone 6 that Apple controls directly.” (FIXED, but may have annoyed mobile carriers in the process.)

So there remains a lack of clarity regarding how well Samsung’s LoopPay will perform in the market although some clarity is starting to shine through the clouds. In the broad Android market it is likely Google Wallet will be the baseline function utilized by device manufacturers and mobile carriers. LoopPay, a better payment product, may succeed on Samsung devices or be blocked by banks or mobile carriers, depending on how Samsung manages all the partners within the value chain. It would be extremely interesting to see if LoopPay could achieve greater market penetration through licensing arrangements, but it does appear Samsung has decided against this course of action.

So the market will see at least some LoopPay adoption and a lot of Google Wallet adoption. This at least makes the decision much easier for banks. The branded networks will control most of the payments infrastructure unless some new organizations, such as the debit networks or NACHA, announce something extraordinary. (Today PayPal acquired Paydiant, which very well may also swing market share away from the branded networks, but we will have more on that in a separate blog this week.). As a result, banks should prepare to integrate to the network tokenization process today. The primary component that this requires is migration to EMV BINs and the creation of a new Identification and Verification (ID&V) process that will be used to validate the cardholder and assure the token is secured in the cardholder’s device (which is represented by the Token Assurance Level value). Current reports indicate that significant fraud has been seen in Apple Pay implementations due to the failure to provide robust authentication of the user and the user’s device. Properly enrolling the cardholder is critical to avoid fraud loss in this area.

Based on the considerations above, we may not be able to predict the handset payment environment that will be most widely adopted in the market, but we do know that the back-end issues are now coalescing around adoption of the Token Service Provider services that were introduced by MasterCard and Visa as new revenue opportunities.