According to the fintech firm, a total of eight unauthorized purchases, worth 9.4 million won ($7,850) were made on June 3 on three online platforms via Toss without permission.
Analyzing data from Viva Republica, the operator of Toss, and conducting on-site inspections, the financial authorities have been examining the case since news about the incident broke out earlier this month.
“An unknown person seems to have gained access to a Toss user’s personal information, including personal identification number, and made payments on some websites,” an official from Viva Republica previously said.
At some of websites compatible with the Toss payment system, only three pieces of information -- user name, date of birth, and a PIN number -- were needed to pay for purchases.
The fintech startup said it has beefed up its system with more layers of security measures for user identification.
The latest payment incident has raised alarms over the security of local payment platforms. The FSS, for its part, declined to comment saying that the probe is still underway.
By Kim Young-won (firstname.lastname@example.org)