Photo/Illutration NTT Docomo Inc. Vice President Seiji Maruyama, center, apologizes to victims for illicit withdrawals made through the Docomo e-payment system at a news conference in Tokyo’s Chiyoda Ward on Sept. 10. (Toshiyuki Hayashi)

NTT Docomo Inc. will compensate customers who had money stolen from them through its electronic payment system linked directly to their bank accounts.

The compensation comes in response to a spate of illicit bank account withdrawals made through Docomo accounts that resulted in the theft of millions of yen.

NTT Docomo Vice President Seiji Maruyama announced the company’s response plan to the exploitation of its payment system at a news conference in Tokyo on Sept. 10.

Victims recently discovered illicit withdrawals from their accounts. In total, the thefts were documented at 11 out of 35 banks partnered with the major mobile carrier’s electronic payment service.

Fraud was uncovered in 66 cases, in which 18 million yen ($169,500) in total was cleaned out of customers' bank accounts.

All the thefts occurred in or after August, and the largest amount withdrawn in one case was 600,000 yen.

The victims did not set up their Docomo account themselves and some of them did not use NTT Docomo as their mobile service carrier.

Customers with a Docomo account can use it to withdraw money directly from their bank accounts for online shopping or for making electronic payments via their smartphones, called a “d payment.”

Thieves are believed to have obtained the bank account numbers and corresponding four-digit pin numbers of victims, and assumed their identities to set up the Docomo accounts. They were then able to siphon money out of the bank accounts.

Maruyama admitted the company’s user identification system proved insufficient in preventing illicit use of other people's bank accounts.

“We sincerely apologize to the victims,” he said.

Bank account holders will need to check their deposit and withdrawal records to confirm whether money was stolen from them, the company said.

When the money is transferred from bank accounts under the Docomo payment system, it is recorded as such in the expenditure section of a customer’s bank passbook. If customers do not use the system, but find that either “Docomo account” or “d payment” are written in their transaction records, it is very likely they are victims of fraud.

NTT Docomo has halted linking Docomo accounts to customers’ bank accounts, as of Sept. 10.

The mobile carrier plans to implement new security measures so the problem does not happen again, such as by adopting a two-step verification process. It plans to only resume linking accounts at least one month later.

The company is not completely suspending the service in the meantime. It will still allow people to make charges through Docomo accounts already linked to their bank accounts.

Docomo accounts were also exploited through fraudulent withdrawals from bank accounts at Risona Bank Ltd. in May last year. That was a separate instance from the theft at the 11 banks recently compromised through the service.

In September last year, NTT Docomo started allowing non-subscribers to set up Docomo accounts to increase the number of people using its electronic payment system.

The company relaxed requirements for setting up an account to the point where all customers needed was a name and an e-mail address. Illicit withdrawals at the 11 banks occurred after the requirements were loosened.

The Financial Services Agency is asking NTT Docomo and banks to provide reports over the matter, and police are investigating the thefts.

Related News