From
Send to

FSS inspects Payco’s signature key leakage case

Dec. 7, 2022 - 22:28 By Song Seung-hyun By AFP
Tech giant NHN’s mobile financial service Payco (Payco)

South Korea’s top financial watchdog on Tuesday launched an on-site inspection of NHN’s mobile payment service Payco after news that its signature key was leaked broke the day before.

This key is a tool that app developers use when registering and distributing their apps on app stores. It certifies that an app is developed by a certified company—in this case, Payco. Apps that used this signature key are considered safe and not detected as malicious by security programs.

Back in August, Payco found out that its key was leaked, but did not make any public announcement about the issue.

The leakage was revealed on Monday when security solution company Everspin sent out a notice to its clients, including KB Kookmin Bank and NH Nonghyup Bank, warning them to be careful of downloading malicious apps that may be developed and distributed with Payco’s leaked key. The security solution company also added that it has detected 5,144 apps that are created with the leaked key between Aug. 1-Nov. 30.

The financial watchdog will mainly look into whether there was any managerial liability on Payco’s part that led to this leakage. If the payment service is found to be responsible, there will be a further inspection conducted by the FSS.

The FSS also warned customers only to download apps from official app markets and not access them through URL links that are spread through channels like social media.

Meanwhile, the NHN on Wednesday apologized to its service users, adding that it is cooperating with a security solution company to monitor apps that were created with the leaked key and looking for a way to classify them as malicious apps.

The company added that it finished updating its service using a new signature key as of Tuesday night.

The payment service provider also said that there are not any victims from this leakage incident so far, and stressed that no personal information of its clients had been leaked.