Photo/Illutration The balance shown in a NTT Docomo Inc.’s Docomo account, an electronic payment service linked to bank accounts (The Asahi Shimbun)

NTT Docomo Inc. said it has confirmed a total of 25.42 million yen ($240,000) was stolen from customers' bank accounts in 120 cases where its online payment service was exploited.

The company made the new figures public on Sept. 14, after it confirmed more cases of theft.

It marks an increase from the 19.9 million yen reported stolen in 73 cases, which was announced on Sept. 11. 

It said one case of improper withdrawal occurred on Sept. 10, after the unauthorized transactions were reported in the media.

The company apologized for its slow response to the fraud.

Customers with accounts under NTT Docomo’s e-payment service can use it for online purchases and for transferring money to other bank accounts via their smartphones, if they link their bank accounts to the service.

The company allowed customers to open accounts for its e-payment service by giving just their email address and name. No measures were in place to confirm whether the name provided was legitimate.

The carrier’s electronic payment system was initially available only to its own subscribers.

But it expanded the service in September last year to include users of other mobile carriers.

The following month, money was stolen through the service, apparently used to buy goods at convenience stores and major electronic and home appliance stores, NTT Docomo said.

As a new safeguard against future fraud, NTT Docomo said customers of other mobile carriers will be required to present proof of identity, such as a driver’s license, to register for its e-payment service.

The company will not allow users to have their Docomo accounts charged directly from their bank accounts until their identities are confirmed.

Following the revelations of the illicit withdrawals, NTT Docomo is suspending linking new users of its online payment service to bank accounts at 27 of its 35 partner banks.

But it is not ordering a blanket suspension across the service. The company said it believes the security systems of some of the banks are secure enough to stop illegal withdrawals through the service.

In the wake of reports that NTT Docomo’s e-pay system was exploited in this manner, the Japan Electronic Payment Promotion Organization (JEPPO), a provider of a similar service, announced on Sept. 14 it will suspend new registrations for its Bank Pay service, which also links to customers’ bank accounts.

JEPPO said it will halt transactions between Bank Pay and banks that have identity confirmation systems it considers to be too lax.

JEPPO said it has not received any reports of customers’ accounts being compromised in this way.

But a customer can set up an account with its Bank Pay service solely by providing a name and email address, just like with NTT Docomo’s service.

That makes it susceptible to a possible theft in the same way at some banks, if customers’ bank account numbers and their corresponding PIN numbers become compromised, according to JEPPO.

The number of retail shops using the Bank Pay service is limited to about 3,500 across Japan.

Under Bank Pay, customers cannot transfer money to other bank accounts.

(This article was written by Tetsuya Kasai and Tomoya Fujita.)