A case concerning fraudulent e-money withdrawals has expanded to include five other service operators in addition to NTT Docomo Inc., internal affairs minister Sanae Takaichi said Tuesday.
All of the five firms found improper withdrawals from accounts at Japan Post Bank Co. Among the five, Z Holdings Corp., a subsidiary of SoftBank Corp., said it has found 17 cases of fraudulent money withdrawals totaling ¥1.41 million through its smartphone payment service PayPay.
Tokyo-based startup Kyash Inc. was another company hit by fraudulent withdrawals, according to the bank. The bank declined to disclose the names of the remaining three service firms for “security reasons.”
Similar to the recent scam involving NTT Docomo, in which ¥26.76 million had been confirmed stolen as of midnight Tuesday from more than 10 partnered banks, including Japan Post Bank, third parties are believed to have created unauthorized accounts on the service before linking them to Japan Post Bank accounts to transfer funds.
Japan Post Bank said Tuesday it would suspend new registrations and fund transfers on eight e-money services that have not implemented multiple identification checks, such as a one-time password, to prevent fraud.
In addition to PayPay, the services include Line Pay, Paypal, Wellnet, Rakuten Edy, Billing System, Merpay and You-Me Card.
At a news conference, Takaichi also urged Japan Post Bank users to check their accounts for any unfamiliar withdrawals.
NTT Docomo and the five companies used what is known as an “instant transfer service” to link their payment apps to savings accounts held with the bank.
The Financial Services Agency said Tuesday it has begun questioning all 77 online fund transfer service operators registered as of the end of August in order to check for suspicious activity or fraudulent withdrawals.
The agency called on payment service providers and banks to beef up safety measures, including user verification.
They were urged to check if there is vulnerability in user identification and other systems, and to report to the FSA if problems are found. They were also urged to suspend money transfers from bank accounts to the affected payment services until flaws are fixed.
The service operators and banks were also asked to quickly investigate related damage and offer consultations to customers who fell victim to the hacks.