Mobilepay users who contacted Helsingin Sanomat are concerned about a possible data security risk.
Helsingin sanomat newspaper says that two Mobilepay users who contacted the delivery suspect a possible data security risk in the application updated in January.
The concern stems from a problem that dawned on users only on the day the new app was rolled out.
Since unacknowledged payment requests were not transferred from the old application to the new one automatically, users have had to inquire about open transactions from Mobilepay’s customer service.
HS says that the users who have contacted them are concerned about how the company ensures that a customer requesting open information by e-mail is actually requesting their own information.
Readers reported that they requested payment transactions with their real names and numbers, but with email addresses they had not registered as users of the application. The company provided both with the information they requested.
This is how Mobilepay responded to HS
Helsingin Sanomat asked Mobilepay if just the name and phone number are enough to get the information. Then, in principle, anyone could request anyone’s payment information using their name and phone number.
Director of Communications at Vipps Mobilepay Miranda Falk stated to HS that the company does not comment on individual cases. He assured that the company would make an “overall assessment of sufficient identification information in relation to the customer service request”. However, Falk did not want to publicly reveal the detailed criteria for identification.