[Exclusive] FSS Launches On-Site Investigation into Coupang Pay...Payment System Under Review

The Financial Supervisory Service (FSS) has launched an on-site investigation into Coupang Pay, the fintech (finance + technology) subsidiary of Coupang, in connection with the recent Coupang hacking incident. After conducting an internal investigation at the FSS’s direction, Coupang Pay reported that "there is no connection to the Coupang hacking incident." However, the FSS decided to directly verify Coupang Pay’s explanation.

According to the financial industry and Coupang on December 2, the FSS sent a one-week on-site investigation advance notice to Coupang Pay that morning. A Coupang official stated, "We received a verbal notification of the on-site investigation from the FSS the previous day and received the official notice today."

According to The Asia Business Daily’s reporting, the FSS instructed Coupang Pay during the third weekend of last month to investigate whether there was any connection between the hacking incident at Coupang’s headquarters and the leakage of payment information. On November 28, Coupang Pay reported to the FSS that its internal inspection found no relevant issues related to the incident. Coupang headquarters also stated that payment information and credit card numbers were not exposed. However, the FSS determined that it could not forego its own investigation based solely on Coupang’s report and decided to proceed with an on-site investigation.

During the on-site investigation, the FSS plans to focus on inspecting the payment information processing and management system. The agency will also examine compliance with the Electronic Financial Transactions Act’s security obligations and check for any violations of financial regulations. This process is intended to check for any leaks in the payment system, marking the initial stage of investigation similar to the recent cyber incidents at Lotte Card and BFL Pay.

The FSS has reportedly not identified any signs of customer information, such as payment records, being leaked, as reported by Coupang Pay. The FSS received a response from Coupang Pay stating that no information had been leaked, and it reconfirmed the relevant facts immediately after Coupang’s investigation results were announced last weekend.

However, if the on-site investigation reveals that damage has occurred, including the specific number of victims, the scale of the damage, or problems in the payment management system, the FSS may shift to a full-scale investigation into potential violations of the Electronic Financial Transactions Act.

Furthermore, if any connection to the Coupang hacking incident, the possibility of payment information leakage, or signs of a cover-up are identified, the investigation could be immediately upgraded to an ad hoc inspection, similar to the Lotte Card case. This is because potential violations of the Credit Information Act and the Personal Information Protection Act by Coupang Pay must also be examined. In such cases, the process could escalate to institutional sanctions, including review by the FSS Sanctions Review Committee and deliberation and resolution by the Financial Services Commission.

An FSS official stated, "At this point, it is difficult to predict whether the investigation will be upgraded to an ad hoc inspection," adding, "We will only know about the connection to the incident and whether any damage has occurred once we begin the inspection."

If any violations are uncovered during the Coupang Pay investigation, it is expected to cause a significant impact, including possible institutional sanctions. The head of the financial supervisory authority is also taking the issue of cybersecurity at financial companies very seriously. At a press briefing the previous day, FSS Governor Lee Chanjin commented on the Coupang incident, saying, "When you look at the hacking incidents at Lotte Card and Coupang, our investment in security systems is not even comparable to the United States and is extremely poor even by international standards," adding, "This must be reflected in costs."

Meanwhile, according to figures released by Democratic Party lawmaker Kim Hankyu during the National Assembly’s Political Affairs Committee audit in 2022, Coupang Pay had 24,538,000 subscribers. Coupang did not disclose the current number of Coupang Pay customers or its transaction volume. Coupang Pay’s annual revenue stands at 1.1248 trillion won. A Coupang Pay official stated, "We will faithfully cooperate with the FSS’s on-site inspection."

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.