7-eleven has suspended its new mobile payment app in Japan after an appalling security lapse led to the loss of $530,000 from 900 accounts within a day of its launch.
Inspired by the Japanese government's goal of raising cashless payment levels to 40% of all transactions, the 7pay app enabled users to pay for goods and services instore by scanning a barcode and debiting funds from a user's stored debit and credit cards.
However, the app had a password-reset function that enabled anyone to request the posting of a new password to a different email address to the one that was used to set up the account.
To achieve this, thieves needed to just enter the genuine 7pay user's email address, date of birth, and phone number. Furthermore, if the user didn't enter their date of birth, the app would use a default of January 1, 2019, according to a report in Yahoo Japan.
As customers flocked to Twitter to complain about money being drained from their bank accounts, 7-eleven was forced into a humiliating shut down. The company has promised to refund all customers who lost money due to the attack.