South Korean Police Office Looks into a Hacking Incident Involving Lotte’s Mobile Payment Application

Feb 08, 2019

South Korean police office is currently investigating an incident where a credit card installed within Lotte’s simple payment application was used illegally for purchasing more than $2,666 (3 million KRW) worth of items at offline stores.
The victim wrote on an online community that his mobile payment application was hacked and this is causing huge impact throughout industries. On the other hand, Lotte Members is claiming that it is realistically impossible for its mobile application to be hacked. As a result, industries are highly interested on what the results are going to be from investigations on this issue. It is heard that a corresponding credit card company immediately took an action by holding off withdrawals, but it is highly concerned about this issue.
The victim claims that another person illegally used his credit card that is installed within Lotte’s mobile payment application to buy products worth about $2,666 at Lotte HiMart and Lotte Department Store. While the victim lives in Pohang, this incident occurred at two stores in Bucheon. The victim claims that the suspect abused Lotte’s mobile payment system to purchase a laptop and others in single payments.
This is a rare case as a simple payment application rather than a credit card was illegally used at an offline store.
If the victim’s claim comes out to be true, there is a high chance that this incident will lead to an issue involving lack of security systems for mobile payment systems.
The corresponding credit card company confirmed the illegal use and took an immediate action by holding off withdrawals.
“It is true that our credit card within Lotte’s mobile payment application was used illegally.” said a representative for the credit card company. “We only provide our cards as a method of a payment to Lotte and our credit card was not hacked during this incident.”
Lotte’s mobile payment system provides a wallet that can store credit cards. This issue will cause much bigger problems if it took place online.
“Investigations started as there have been similar problems besides mine.” said the victim. “The police office that is in charge of the investigation told me that it obtained CCTV records that captured the suspect’s face.”

South Korean Police Office Looks into a Hacking Incident Involving Lotte’s Mobile Payment Application

Although official results from the investigation are not made yet, there is an increase in number of people who are cancelling Lotte’s mobile payment system as there have been online posts about possible hacking into Lotte’s mobile payment system.
Regarding this issue, Lotte Members stated that any assumption should not be made before results from the investigation come out and that it is systematically impossible to hack into its mobile payment system.
“We looked into whether it is possible to hack into our system through an official authentication agency and it was shown that it is physically impossible to hack into our system.” said a representative for Lotte Members. “Although we looked into every information and record, we did not find any hint of hacking within payment process.”
“Even if an ID or a password is leaked, it is impossible to hack into our mobile payment system since every section is encrypted.” said the same representative for Lotte Members. “We can only wait for results from the investigation to come out for now.”
The corresponding credit card company suggested possibilities of phishing or smishing.
It is indicating the victim’s personal information was leaked before the credit card was used illegally.
On the other hand, some industries are stating that there is a chance that either Lotte’s mobile payment account was hacked or a web standard page was forged.
“For a person with some knowledge in IT, it is easy for him or her to obtain necessary information that is needed for payments by downloading webpages that are relatively weak in security.” said a representative for a security industry. “Whether obfuscation of corresponding webpages is done correctly needs to be checked.” This representative also added that there is a chance of phishing or smishing due to mishandling by the victim.
There is a chance that Lotte and the corresponding credit card company will blame each for this issue depending on how results from the investigation come out. Corresponding credit card company is stating that the responsibility is on Lotte Members of the victim since it only provides its cards to Lotte as a method of a payment. Some are also suggesting that current laws should be changed so that a consumer is responsible when a credit card is forged or used illegally.
Staff Reporter Gil, Jaeshik | osolgil@etnews.com & Staff Reporter Yun, Geonil | benyun@etnews.com & Staff Reporter Yoon, Heeseok | pioneer@etnews.com

Interpretation & Translation_Service Center

Refund Help Center