Navigation

7pay shut down after 4 days in wake of security misstep

The Yomiuri Shimbun

Seven Pay Co. President Tsuyoshi Kobayashi, center, and other officials bow in apology at a press conference in Tokyo on Thursday afternoon.

The Yomiuri ShimbunJust four days after Seven-Eleven Japan Co. launched its new 7pay smartphone payment service, the major convenience store operator has stopped accepting new users and partly suspended the service due to a spate of problems including basic security loopholes.

Given the undeniable fact that Seven-Eleven Japan was one step behind in taking security precautions amid its rush to introduce the cashless payment service, it is highly likely the suspension will force Seven-Eleven Japan to review its digital strategy.

“This is an extremely regrettable event,” Seven Pay Co. President Tsuyoshi Kobayashi said at a press conference in Tokyo on Thursday. “I sincerely apologize for causing tremendous concern and inconvenience to the service’s users.”

Seven Pay is the unit that operates 7pay, which was launched Monday at about 21,000 convenience stores nationwide. Users registered through the company’s smartphone app, and if money was added to their account by cash inputs or other means, this could be used for shopping purchases. For every ¥200 spent through the app, users received 1 point (worth ¥1) in nanaco electronic money.

About 1.5 million people registered for 7pay during its first three days. However, it has been revealed that about 900 of these customers lost a total of about ¥55 million due to unauthorized access to their accounts. One high-profile case reportedly involved a third-party using 7pay to purchase about ¥100,000 worth of cigarettes at a store.

Many of the unauthorized access cases appear to have been made via locations outside Japan. Even though the payment service was mainly for domestic customers, there were no measures in place to block access to accounts from overseas.

Many services that operate through smartphone apps use a two-stage verification system, in which a text message is sent to the user to confirm their identity. However, 7pay did not include this basic security safeguard.

During Thursday’s press conference, Seven Pay officials repeatedly said the “detailed cause” of the problems were being investigated and insisted they wanted to quickly resume full services after countermeasures had been implemented.

Some observers have criticized Seven Pay’s slow response to the problem — some losses were first reported on Tuesday, but it was not until after 6 p.m. Thursday that the company halted new registrations.

Seven & i Holdings Co. had positioned 7pay as the linchpin of its digital strategy and had hurriedly introduced the payment system. By collecting a vast amount of 7pay users’ purchase data, the company could issue coupons that would encourage customers to visit its stores again.

It also hoped to accurately grasp trends in hot-selling items in individual stores and regions, which could be used for new product development and more efficient placement of orders.

Seven & i Holdings was also considering a service in which outside companies and other entities could use its vast amount of customer shopping data.Speech

Click to play

0:00/-:--

+ -

Generating speech. Please wait...

Become a Premium Member to use this service.

Become a Premium Member to use this service.

Offline error: please try again.