'500,000 Won Sseuk' SSG Pay Identity Theft Reports Continue...Company "Discussing Countermeasures" (Comprehensive)
SSG Pay Customer Center Receives Multiple Victim Reports
Company States "Discussing Compensation and Security Enhancement Measures"
[Asia Economy Reporter Wondara] Customer complaints have been mounting that cash was stolen and used for payments without user approval on SSG Pay, the simple payment service of Shinsegae Group. On the 8th, it was confirmed that three cases of identity theft reports were received at the SSG.com customer center. All involved about 50 Starbucks coupons that consumers did not purchase being sent to a specific number.
Mr. A received a message on the 5th saying, "An SMS necessary for exchanging the ordered product was sent to 84** and 9 others." The total payment amount was 500,000 KRW. Thinking it was voice phishing, Mr. A checked the SSG Pay usage history just in case and confirmed that a gift certificate was actually purchased on SSG.com. However, the SSG Pay customer center only responded, "We can only accept the report if we receive a police investigation cooperation letter." The only answer from the payment agency customer center was that "there are 70 such cases, so it is difficult to grasp."
Earlier, on the 4th, Mr. B experienced the same issue. After receiving a message that 500,000 KRW was charged to his SSG Pay, he inquired at the SSG customer center and filed a case with the police cyber investigation team. The police asked for evidence and told him to "obtain the IP address at the time of payment," then sent him back, while the SSG customer center repeatedly said, "We cannot provide it due to personal information." He also asked the card company, but they said it was under SSG Pay's jurisdiction. Mr. A expressed frustration, saying, "The fact that such an incident occurred even the day after Mr. B reported it to the customer center means SSG Pay took no action."
Mr. C also reported the same case to the customer center on the 4th but only received the reply, "Refunds for the amount lost are not possible. We cannot assist." SSG Pay cited their security program that locks the account after five incorrect password attempts as the reason for no compensation.
This is not the first payment accident involving SSG Pay. In September last year, 1,000 cases occurred where payments were made with cards different from those registered by users. At that time, SSG Pay explained, "It was only a data misconnection during the transmission of payment information from SSG.com to SSG Pay and unrelated to hacking or personal information leakage." Regarding this case, SSG Pay also stated, "It is not hacking," and explained, "It seems to be 'credential stuffing,' a method of randomly inputting personal information exposed on other sites." They added, "We have reported to the Financial Supervisory Service and are discussing compensation measures."
Fintech Rapidly Growing with Government Support Expands Financial Market
Frequent Incidents Due to Relatively Weak Security Management
The financial industry views this as a predictable outcome. Fintech companies like SSG Pay are entering the financial sector, but security verification is relatively lax, overshadowed by the government's new industry promotion policies. An industry insider said, "It is unreasonable to assume IT-based companies are always weak in security, but since they are new businesses, most do not even have response manuals when incidents occur." This explains why SSG Pay gave different answers to identity theft complainants, such as "There is no fault," "There are no compensation regulations," and "We can only accept complaints with a police investigation cooperation letter."
Other payment companies have also frequently experienced identity theft incidents. In June last year, the mobile financial service 'Toss,' with 18 million subscribers, was embroiled in controversy when its 'Toss Money,' a credit usable like cash, was used without users' knowledge. At that time, Toss explained, "The attacker logged into merchant sites where web payments are possible using user information obtained externally and made payments with Toss Money." They clarified that user information was not leaked through Toss. Tmon Pay temporarily suspended its service in 2018 after repeated identity theft incidents.
Hot Picks Today
!["Rather Than Endure a 1.5 Million KRW Stipend, I'd Rather Earn 500 Million in the U.S." Top Talent from SNU and KAIST Are Leaving [Scientists Are Disappearing] ①](https://cwcontent.asiae.co.kr/asiaresize/93/2026051914165468840_1779167814.png)
"Rather Than Endure a 1.5 Million KRW Stipend, I'd Rather Earn 500 Million in the U.S." Top Talent from SNU and KAIST Are Leaving [Scientists Are Disappearing] ①
- "Not Jealous of Winning the Lottery"... Entire Village Stunned as 200 Million Won Jackpot of Wild Ginseng Cluster Discovered at Jirisan
- "I'll Stop by Starbucks Tomorrow": People Power Chungbuk Committee and Geoje Mayoral Candidate Face Criticism for Alleged 5·18 Demeaning Remarks
- "Chinese AI Models Cannot Defeat U.S. Big Tech"...Goldman Sachs Forecast
- "How Did an Employee Who Loved Samsung End Up Like This?"... Past Video of Samsung Electronics Union Chairman Resurfaces
A Financial Supervisory Service official in charge of simple payment regulations said, "We cannot comment on this matter as it would mean acknowledging the incident." However, they added, "Due to frequent incidents involving simple payment companies, we sent guidance letters last year to strengthen identity verification procedures."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
