Hundreds of Samsung App Card users have sustained damages stemming from stolen identities.
According to the card industry on May 11, number 2 local card company Samsung Card reported to the police and finance authority 300 cases where Samsung Card app card users sustained financial damages.
The app card, after its debut in May last year, saw the first case of financial incident this time, and the damage amount of the 300 cases reached 60 million won (US$58,511).
The app card is a next-gen payment option where a user’s credit, check, or prepaid card is registered with smartphone app, so that it can be used at online and offline affiliated stores.
The card giant, after its in-house investigation, relayed that the stolen identity case this time basically stems from smartphone smishing, a term that refers to scammers attempting to acquire sensitive identity information from potential victims via text messaging or email. If a person gets a text message and clicks the Internet address in the message, malignant code gets installed so that the person’s personal and financial information gets leaked.
Samsung Card’s Fraud Detection System (FDS) caught a phenomenon where a group of smishing criminals sent text messages via iPhone, after which the customers’ money was transferred via 11 game sites.
The card company’s associate said, “As of now, we estimate that smishing attackers used the stolen information to open up an app card on another smartphone and used it for payment.”
The app card hack this time set off another alarm in the card industry, on the heels of the massive card info leak scandal at the beginning of this year.
Five local card companies, (KB, Lotte, Samsung, Shinhan, and Hyundai) earlier jointly developed the app card, got the green light from the watchdog, and commercialized it from September last year.
The app card saw vertical growth as its total payment amount per day surged from 1 billion won (US$976 million) in September last year to 9.5 billion won (US$9.2 billion) in three months. The financial watchdog undertook a probe in case another card company’s app card may have a similar incident, but no similar cases have been confirmed so far.
The Financial Supervisory Service associate said, “Samsung Card uses an authentication certificate for registering the app card, while the other five card companies use the card number inputting method. We can only guestimate as to how the incident broke out, so we will summon card industry executives and analyze the cause.”