Contrary to what might seem, given its enormous technological and innovation capacity, Japan has one of the lowest penetration rates of mobile payments. This implies that the government should promote the popularization of this form of payment in order to reduce the impact of cash. In 7-Eleven, a chain of stores that has become tremendously strong in Japan (it is the second most important), they decided to counteract the trend by creating their own payment system based on barcodes and QR.
On paper, it was attractive: any regular customer of the company could include mobile payments on their mobile thanks to an application and service created by 7-Eleven: 7pay. This way of paying came into force on 1 July. And it ended three days later due to a fraud of 55 million yen (about 500,000 dollars) that affected about 900 people.
As the company reflected in an official statement, 7pay was the victim of a fraud that, through embezzlement from some 900 customers of the mobile payment service, managed to steal almost half a million dollars (55 million yen). 7-Eleven had to stop its service after only three days of putting it into operation. It is not yet known whether the company will reactivate it after correcting serious security breaches or has given up.
7pay relied on barcodes/QR and a highly insecure account access system: it was enough to know the telephone number, date of birth and address to access the user’s payments. In addition, if the customer did not add his or her birth date to the registration data, the system always used the same date: January 1, 2019. These inconceivable security errors were complemented by the absence of double authentication: thieves could pay without the user having to authorize the transaction.
As confirmed by Japanese media such as Nikkei, the country’s police arrested two Chinese citizens suspected of fraud on Thursday, July 4. In addition, they found the thieves received the instructions through the WeChat application, so they suspect that behind the robberies is a Chinese criminal organization, as is usual in these cases.