South Korea’s financial authorities have tentatively concluded that unauthorized payments made on fintech platform Toss were not caused by any security breach, according to sources Tuesday.
The Financial Supervisory Services found no proof on alleged hacking attempts, they were quoted by Yonhap News Agency. Adding that illegally obtained personal information may have been used to access Toss and make payments without permission of the account holders.
According to the fintech firm, a total of eight unauthorized purchases, worth 9.4 million won ($7,850) were made on June 3 on three online platforms via Toss without permission.
Analyzing data from Viva Republica, the operator of Toss, and conducting on-site inspections, the financial authorities have been examining the case since news about the incident broke out earlier this month.
“An unknown person seems to have gained access to a Toss user’s personal information, including personal identification number, and made payments on some websites,” an official from Viva Republica previously said.
At some of websites compatible with the Toss payment system, only three pieces of information -- user name, date of birth, and a PIN number -- were needed to pay for purchases.
The fintech startup said it has beefed up its system with more layers of security measures for user identification.
The latest payment incident has raised alarms over the security of local payment platforms. The FSS, for its part, declined to comment saying that the probe is still underway.
By Kim Young-won (firstname.lastname@example.org