Is Yuchogin’s emergency interview, “Two-Factor Authentication, I Was Asking The Payment Company” True? – Keitai Watch



[ad_1]

Unauthorized deposit withdrawals that have been discovered by many smartphone-friendly financial institutions and payment services, triggered by the discovery of NTT Docomo’s “docomo account.”

Yucho Bank, one of the financial institutions that suffered the damage, held an emergency meeting on the evening of the 16th, and Mr. Susumu Tanaka, Executive Representative and Vice President, spoke about the situation of the damages at this time and future measures .

Vice President Tanaka

Vice President Tanaka commented: “We had asked payment service providers to introduce two-factor authentication, but we could not reach an agreement.” In the near future, he expressed his intention to introduce it soon and take action.

On the other hand, payment service providers have said that they have never received such a request and Yucho Bank’s explanation is marked with a big question.

Damage situation

Yucho Bank has stopped linking (new account registration and withdrawal) with 10 payment services such as Docomo account, Kyash and PayPay.

If you look at the materials distributed by Yucho Bank at the meeting on the 16th, you can see the amount of damage and the number of damage for each service. Also attached is the number of registered accounts and smartphone payments, and you can see that the order is PayPay, LINE Pay, Melpay, PayPal and docomo account (d payment). At the same time, the time to enter two-factor authentication is also displayed.

Docomo has the highest number of cases, with 82 cases amounting to 15.46 million yen. The number of cases linking docomo accounts and Yucho Bank accounts is 136,909, which is relatively small among other payment services, but the amount of damages announced by docomo (26.76 million yen, 0:00 of the 15th)), which represents more than half. At the meeting on the 14th, Docomo said: “At the moment, I think there were not a lot of attacks, but they were located and linked,” and the damage seems to support the explanation. It is a sittuation.

Yucho Bank also claims that there were two cases of fraudulent use on LINE Pay. On the other hand, on the LINE Pay side, the case is based on a person close to the victim, which appears to be different from other damage cases.

The number and amount of damages are basically a compilation of reports from users, with the majority of them said to have occurred in 2020.

In the NTT Docomo interview, the docomo side could not confirm whether the deposit was illegal and the information from the bank side was trusted. At this meeting, Yucho Bank also explained that while it is monitoring, it depends on the user’s declaration if it is an unauthorized use. The damage was shown to be difficult to fully understand if the user did not notice it.

About measurements

Most of the currently uncooperative payment services are scheduled to introduce two-factor authentication when registering an account before September 17. The two-factor authentication prepared by Yucho Bank itself is said to be IVR authentication using voice calls (introduced in January 2019) and authentication that requires entry of the bank book balance (May 2020).

This two-factor authentication is positioned as an important preventive measure for fraudulent deposit withdrawals for Yucho Bank, but so far, two-factor authentication on Yucho’s side has not been used in many payment services.

Why has it not been submitted until now?

“I asked him forcefully” “No request” Disagree

Mr. Tanaka from Yucho Bank explained: “I have urged the settlement companies to introduce two-factor authentication, but did not reach an agreement.” “We asked, but was it enough? We also have some points to ponder,” he said.

LINE Pay, one of the payment service providers, responded to this magazine’s interview, saying, “When Yucho Bank introduced two-factor authentication, we recognize that there was no request in the first place.” LINE Pay also explains: “We are proud to have focused on security measures. If there is such a request, we will consider it positively.”

Furthermore, in this magazine, several payment companies responded that “there was no such request” and “there was an idea of ​​a plan to introduce two-factor authentication over the phone, but it was not discussed after that.” Acquired. One of these companies, Melpay, said: “It was the last communication that included two-factor authentication.”

Also, PayPay, which has around 4.5 million Yucho bank accounts registered, is much more than other companies. “Other regional banks were asked to introduce two-step authentication, and then it was really introduced. I want to improve security. There is no reason why I can’t get in because I don’t want to,” comments this magazine.

In the question and answer session of the emergency meeting on the 16th, a reporter who participated noted that “there was a voice from the side of the payment service that there was no such request.” To this, Mr. Tanaka from Yucho Bank replied, “Our power was not enough.”

Mr. Tanaka also spoke about its importance, saying, “The basic recognition is that by including two-factor authentication, it will improve security considerably.”

However, based on the responses from the settlement companies, I wonder if Mr. Tanaka’s “heavily requested” consultation actually took place. At the very least, it is clear that there is a large gap between Yucho’s perceptions and the settlement business, and that situation has been neglected.

Do not share information with other financial institutions

Regarding the criminal’s method, Yucho said: “We are investigating the route to obtain information such as passwords. We can detect the act of trying the password directly in Yucho’s system, but this time it is not. It is very difficult to see the movement.” It’s hard. “Since it comes in through the paid service, it is difficult to detect the attack.

Whether it happens in another financial institution or if there was a problem only with Yucho Bank, Mr. Tanaka said: “I only know about other banks through the media, but I don’t think we had any special mechanisms. There it is.”

After that, are you exchanging information with the Financial Services Agency and other financial institutions to solve the problem? The question only said, “There is an outbreak” and revealed that no clear move has been made regarding this unauthorized use.

The Yucho Bank meeting on the night of the 16th presented the current situation and steps towards a solution, such as the fact that the damage situation was released for the time being and the introduction of two-factor certification. However, until Sanae Takaichi, Minister of General Affairs, said on the 15th: “I heard from Yucho Bank”, I continued to conceal that there had been fraudulent use of smartphone payment services other than docomo accounts. The Takaichi minister even left an unusual comment at the final meeting following Abe’s cabinet resignation on the 16th, saying: “The Financial Services Agency and Yucho Bank should take responsibility for disclosing correct information.”

A case where all users who have an account can be harmed even if they are not using a smartphone or a smartphone payment service. Mr. Tanaka also said that as an initiative for the elderly and people in unpopulated areas where accounting is difficult, measures such as the creation of a special team this time “have not yet begun”, and Yucho’s explanation and efforts was a I find that it left the impression that it was insufficient.



[ad_2]