Japanese payment provider PayPay said Monday (Dec. 17) that it will strengthen the security of its app after receiving several complaints from users about charges that were made in error.
According to a report in Bloomberg, citing Fumihiro Ito, PayPay spokesman, customers called and sent emails to complain about charges on their bills that they didn’t make. Several consumers noted that they didn’t have the app installed, but their credit cards were billed for purchases they never made.
PayPay, which is backed by SoftBank, Yahoo! Japan and Paytm, the India digital payments company, said it would make changes to the app and urged users to contact the credit card companies directly to report the charges. Bloomberg noted that PayPay has been questioned about the security of the app in the past. One concern was raised about the fact that users can enter wrong credit card information an unlimited amount of times and won’t get locked out of the app. PayPay told Bloomberg it would address that security hole with the upgrade to the app.
Bloomberg noted that earlier in December, PayPay ran a promotion in which it gave users $88 million in rebates from purchases they made. Customers were given 20 percent refunds from certain retailers, while SoftBank subscribers got a one in 10 chance to get the entire purchase price back. The discounts were capped at 100,000 yen per transaction. The promotion was slated to run until the end of March, but ended 10 days after the rollout because it disbursed all of the allotted funds, noted Bloomberg.
While PayPay is having problems in Japan, some mobile payment services in the U.S. are being called out for their lack of security, prompting settlements with the New York Attorney General. Late last week, the office of the New York State Attorney General Barbara Underwood announced settlements with Western Union Financial Services, Priceline, Equifax, Spark Networks and Credit Sesame over their mobile apps. The AG said all five had mobile apps with a well-known security vulnerability that enabled hackers to intercept private data, including passwords, Social Security numbers, credit card account numbers and bank account information.