7-Eleven Japan Shut Down its Mobile Payment App After Hackers Stole $500K From Users
Last week, 7-Eleven Japan suspended a recently launched mobile payments feature on its app after a flaw allowed a third party to make bogus charges on hundreds of customer accounts. The company released the feature on July 1. It allowed customers to scan a barcode with the app and charge a linked credit or debit card. However, the app had a flaw. A hacker would only need to know a user’s date of birth, their email, and phone number, and could send a password reset request to another email address. The app also defaulted people’s birthdates to Jan. 1, 2019 in instances where they didn’t fill out the field, making it even easier for someone to break into an account. According to 7-Eleven Japan, around 900 individuals had their accounts targeted and charged ¥ 55 million ($500,000).
Total Retail's Take: U.S. consumer adoption of mobile payments has been slow for a variety of reasons, security being one of them. This incident in Japan won't help to allay consumers’ concerns that mobile payments are susceptible to fraud. So while retailers spend money to roll out mobile payment options, many within their apps, the question remains: Is this time and cost worth it?
Ido Safruti, chief technology officer and co-founder of PerimeterX, a web security service, offered his thoughts on the 7-Eleven Japan security breach, as well as the status of web security in general: "According to this year’s Verizon Data Breach report, the growth of e-commerce is driving more fraud to the digital world and away from physical locations. The report found that there was an increase in retail web application breaches from 5 percent of all breaches in 2014 to 63 percent in 2018, and a decrease in attacks on point-of-sale (POS) systems over the same period (from 63 percent in 2014 to 6 percent in 2018). Other reasons for the rise in e-commerce attacks, such as account takeover, include an increase in stolen credentials available on the dark web, password promiscuity, a growing cybercriminal ecosystem, and application design flaws. We're also seeing a rise because websites are acting more like banks that provide access to valuable resources such as money, credit cards, gift card credit and loyalty points. To combat this trend, retailers need to implement more advanced security measures for their web and mobile applications."