Kakao Pay, Toss introduce up-front compensation policies
After years of complicated certification systems and security software, Korea took its first steps into modernizing consumer finance with the launch of mobile payment systems. But these useful apps that allow people to send money with the tap of a button have their flaws, with millions of won disappearing through fraudulent transfers.
Two mobile payment giants, Kakao Pay and Toss, recently announced that they would take stronger responsibility for fraudulent payments and promised to offer up-front compensation.
Kakao Pay said Sunday it will repay all damages for those who fall victim to fraudulent transactions. More than 20 million users use the mobile transaction service.
“After some preparation, we plan to apply the policy around next month. When a user reports fraudulent transactions, we will investigate the case on our own and compensate the loss first,” said an official from Kakao Pay.
Following Kakao Pay, rival Toss announced Monday it will give full compensation for damages that occur from identity theft and voice phishing scams starting on the day of the announcement.
The fintech app, owned by Viva Republica, has more than 17 million subscribers in Korea. It raised security concerns in June after a total of 9.38 million won ($7,800) was wrongly moved from eight users' accounts by three websites.
Kakao Pay and Toss are the first fintech companies to offer immediate compensation for unauthorized payments made through their platforms.
Previously, victims were not guaranteed any form of compensation. This is because Korea’s Electronic Financial Transactions Act stipulates that consumers are liable to prove their damages when a fraudulent transaction occurs.
It also took months for them to receive their money back. Under the current system, compensation is only made after an investigation from the prosecution or the police is finalized, which can take on average six months or more.
Both Kakao Pay and Toss plan to put together their own investigation units to determine whether compensation is necessary or not.
Kakao Pay said it will offer compensation for unauthorized payments made by hackers or information leaks. After the perpetrator is identified through an investigation, the payment service will claim indemnity for the losses to government authorities.
If the customer is found out to have been at fault, they would have to pay Kakao back. A user disclosing their personal information or PIN number on their own could be considered responsible. Kakao said detailed compensation limits will be decided later.
In the case of Toss, users will have to report an incident to the company within 30 days. Compensation will cover all fraudulent payments, with the exception of those where the user voluntarily told others important information or identity theft from their close family or acquaintances.
“In Korea, if the customer is found out to have had a huge fault to unauthorized payments, they can not claim redemption,” said Kim Seung-joo, a professor at the Korea University Graduate School of Cybersecurity.
“The bigger debate is how far and what acts will the companies define as a ‘major fault’ of the customer.”
More than 218.4 billion won of transactions occurred on average every day through mobile payment services last year, according to the Bank of Korea. When annualized, the transaction volume can amount to more than 80 trillion won. The number has exponentially increased in past years, with total transaction volume increasing 120 percent from 2018 to 2019.
With such growth followed demands from the public to strengthen security. People have been citing laws regulating credit card companies, which make it mandatory for them to compensate the full amount upfront for damages that occur due to leaked card information.
There are efforts coming from the National Assembly. Lawmakers are preparing to push forward legislation that will force mobile payment services like Toss and Kakao Pay to have the same liability as financial institutions for voice phishing scams. If this law passes, fintech companies will be mandated to establish stronger prevention methods for financial scams.
Compensate first and receive later is already a common policy for international easy payment services. The American mobile payment app PayPal is said to have paid back around $1.1 billion, giving around 0.15 percent of its operating profit as compensation last year.
According to experts, easy payment companies are willing to offer compensation upfront because it helps alleviate security concerns from users without actually having to beef up security.
“If these companies add another layer of security [to alleviate concerns], they can no longer call themselves an easy payment service,” said an official from the IT industry. “Instead of making the transactions process complicated, they are strengthening their compensation policy for users."
“It is important for easy payment services to maintain their convenience and earn the user’s trust. They want to assure that customers at least don't lose their money using their services.”
BY JUNG WON-YEOB, KANG JAE-EUN [firstname.lastname@example.org]