Unnecessary Credit Information Transmission Detected in FSC Inspection
Kakao Pay "Normal Provision According to Credit Information Act"
The Financial Supervisory Service (FSS) has uncovered that KakaoPay transmitted domestic customers' personal credit information to Alipay, a subsidiary of Ant Group (Ali), the largest fintech (finance + technology) company in China. The FSS plans to proceed with disciplinary measures after legal review and conduct inspections on similar cases.
According to the FSS on the 13th, a field inspection of KakaoPay's overseas payment division from May to July confirmed that KakaoPay provided personal credit information to a third party without customer consent. When Apple requested customer-specific credit scores (NSF scores) necessary for the unified payment system from Alipay, Alipay requested customers' credit information from KakaoPay under the pretext of calculating NSF scores. The FSS pointed out that KakaoPay did not provide only the credit information of customers subject to NSF score calculation but instead provided credit information of all customers. The cumulative number of personal credit information cases provided by KakaoPay since April 2018 is approximately 54.2 billion cases (40.45 million people).
The FSS also highlighted that KakaoPay unnecessarily provided personal credit information in overseas payments. When a payment occurs at an overseas merchant, KakaoPay only needs to share order and payment information. However, since November 2019, KakaoPay has cumulatively provided 550 million cases of overseas payment customers' credit information to Alipay. The credit information provided by KakaoPay includes Kakao account IDs, masked emails or phone numbers, order information, and payment information. The FSS stated that KakaoPay did not transfer overseas payment customers' credit information to Alipay during the initial partnership phase.
Furthermore, it was confirmed that KakaoPay misrepresented Alipay's purpose of use. The FSS explained that KakaoPay listed the purpose as "electronic payment agency (PG) services (payment approval and settlement)" and did not properly notify customers. Additionally, even though overseas payments can be made without customer consent, KakaoPay mistakenly obtained consent as a mandatory agreement rather than an optional one.
An FSS official stated, "We will promptly proceed with disciplinary procedures after thorough legal review and conduct inspections on similar cases. We will continue to strictly respond to illegal business practices through inspections to protect financial consumers."
In response, KakaoPay released an explanatory statement denying any illegal information provision. KakaoPay explained that the information transfer for Apple App Store payments was conducted under a business consignment relationship among KakaoPay, Alipay, and Apple, and according to the Credit Information Act, consent from the information subject is not required when personal credit information is transferred through processing consignment. KakaoPay also claimed that encryption methods are applied when providing information, making it impossible to identify users, and that the information cannot be used for purposes other than detecting fraudulent payments.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
