Just two days later, the parent of the chain verified that unauthorized charges had been made on some users' accounts after learning of them through feedback from customers. Victims also tweeted about their experiences. One complained that unauthorized purchases had been made using funds added to the account from a linked credit card. This marks a setback for digital payments in Japan, which ranks lower than Asian peers in the rate of cashless transactions. The country is hurrying to make itself friendlier to financial technology startups.

 

By early Thursday, Seven & i had revealed about 55 million yen ($510,000) stolen from 900 or so 7pay users. The company has in effect suspended the service by stopping users from adding money to their accounts. Tokyo police on Thursday imprisoned two Chinese nationals on suspicion of using other people's accounts to buy electronic cigarette cartridges worth about 730,000 yen from a 7-Eleven in Tokyo's Shinjuku Ward.

 

It was figured out on Friday that one of the suspects delivered instructions about gaining unauthorized access to 7pay accounts via WeChat, a popular Chinese messaging app. The Metropolitan Police Department suspects the involvement of an international criminal organization. 7pay didn't have two-step authentication to ensure the identity of users when they log in to the service. Adding this and other new security features will take 'at least three months,' said one cybersecurity expert who asked not to be named. 'And even that may not be enough.'

 

Seven & i became one of the first companies in Japan to introduce its own electronic money when it debuted nanaco in 2007. But as mobile payments promptly shifted from contactless cards to smartphones, the group found itself rushing to catch up. 7pay marked the group's entry into payment apps, and Seven & i had intended to grow the use of the service to other retailers. But now even rivals worry that the incident will hurt consumer confidence in digital payments in general.

 

'This has thrown cold water on the market just as it was heating up,' said a source at a payments company. Hiroshi Mikitani, the billionaire founder and CEO of e-commerce group Rakuten, remarked: 'The industry as a whole needs to make sure we raise the level of security.' The government's target is for at a minimum 40% of all payments to be cashless by the middle of the 2020s. Campaigns tied in with the consumption tax hike in October and the Tokyo Olympics next summer are expected to move the needle.

 

Various services have been released in quick succession, but the hacking of 7pay could deter Japanese consumers from making the switch. It could also affect the timing of a reward program for cashless payments that the government has planned to link to the tax increase. 'I think there will be rising unease among consumers,' said consumer finance writer Akio Iwata.

 

PayPay, a smartphone payment app operated by a joint venture of SoftBank and Yahoo Japan, also fell prey to unauthorized use in December, after it introduced a major campaign offering incentive points worth 20% of purchase amounts. Seven & i has a digital strategy of milking purchase data gathered though its vast store network. It has boldy promoted 7pay, envisioned to play a crucial role in this strategy.

 

To encourage customers to shift to 7pay, Seven & i on Monday began offering fewer points for purchases made with its nanaco e-money. Iwata said that Japan's cashless payment market stands out for its generous reward programs. In this way, 'the market has overheated, and the quality of services has declined in some cases,' he said.

 

Source: TRONSERVE