As a result of the Coupang personal information leak incident, anxiety over unauthorized card payments is spreading among consumers. If an unwanted card payment has been made, there is a system that allows you to report the fraudulent use to the credit card company and receive a refund. However, some analyzes say that in situations where it is unclear whether payment information has been leaked, such as the Coupang incident, it may be difficult for consumers to receive relief even if card fraud occurs.
According to the financial sector on the 6th, concerns are growing about secondary damage such as card fraud due to the recent Coupang incident in which personal information of 33.7 million accounts was leaked. Consumer anxiety is rapidly spreading as reports emerge that unauthorized payments have actually been made overseas with cards registered to Coupang.
If an unwanted card payment has been made, you can use the ‘Report Fraudulent Use’ function to the credit card company. Originally, this function was used when unauthorized payments occurred after the card was stolen or lost. The card company that receives the report of fraudulent use conducts an investigation to confirm the facts and decides whether to cancel or refund the payment.
Additionally, according to Article 19 of the Credit Finance Act, PG companies (payment agencies) must comply when a consumer requests a transaction cancellation or refund. In fact, during the ‘Timon/WeMakePrice non-settlement incident’ last year, PG companies refunded payment amounts to consumers based on this provision. From a legal perspective, Coupang Pay, Coupang’s PG subsidiary, is also obligated to respond to consumer refund requests.
However, it is pointed out that this information leak situation is different from that of Timon and WeMakePrice. At the time, the damage and responsibility for ‘non-payment of goods’ were clear, but this time, Coupang claims that “passwords or payment information were not leaked,” so the area of responsibility is unclear. The analysis is that it is difficult to expect an unconditional refund in a situation where it is not confirmed whether the fraudulent use was due to information leakage or personal carelessness.
First, the credit card company must investigate whether there has been fraudulent use, and the cooperation of the affiliated store is essential in this process. An official from the card industry explained, “Just as customer consent is required when making a card payment, when canceling a payment, consent from the merchant, who is obligated to return the money, is required. Since the card company cannot know whether the transaction is normal or stolen, a payment cannot be canceled based on the customer’s claim alone, so a mutual confirmation process with the merchant is necessary.”
He continued, “If illegal use is confirmed and there is a reason attributable to the affiliated store, such as information leakage, it will be concluded with compensation. In reality, it is very difficult to prove that part, so if there is room for dispute, it does not seem easy to get a refund.”
G Market, where an unauthorized payment incident occurred around the same time as the Coupang information leak, provided refunds and compensation to all affected customers. An inquiry was received from G Market requesting cancellation of payment, saying, ‘Payment was made for a mobile gift certificate that was never purchased.’ About 60 customers were affected, and the amount per person was around 30,000 to 200,000 won. However, in this case, it is analyzed that preemptive compensation was decided quickly considering the seriousness of the case rather than considering legal merits and demerits.
Another credit card company official said, “In the case of G Market, it may have been an uphill battle if there was a liability dispute with the credit card company, but in the end, it appears that compensation was preemptively provided to those who were at fault.”
