PayPay Card Simplifies Online Payments: Eliminates One-Time Passwords to Combat Phishing

Photo: ITmedia
Quick answer
PayPay Card is replacing SMS-based one-time passwords with in-app authentication to combat phishing and accelerate online payments. The new system will launch in July 2024.
Japan’s PayPay Card payment service has announced a shift to a more secure and convenient authentication system for online transactions. Starting July 2024, users will confirm transactions via the PayPay mobile app instead of receiving traditional one-time passwords sent via SMS.
The primary driver behind this change is the rising number of phishing attacks targeting SMS codes. Cybercriminals often trick users into revealing one-time passwords, leading to unauthorized fund withdrawals. The new system eliminates this risk by enabling direct app-based payment confirmation without requiring manual code entry.
Beyond enhanced security, the update simplifies the payment process. Users will no longer need to wait for SMS messages or manually enter codes—simply confirming the action in the app will suffice. The phased rollout of the new system begins in July and will cover all PayPay Card customers.
Common questions
- Why is PayPay Card abandoning SMS codes?
- SMS codes are vulnerable to phishing attacks where attackers intercept messages. App-based authentication is both more secure and user-friendly.
- How will the new authentication system work?
- Users will confirm payments via push notifications in the PayPay app instead of entering one-time SMS codes, eliminating manual input.
- When will the new system be implemented?
- The transition to app-based authentication begins in July 2024 and will roll out gradually to all PayPay Card users.
Dzen feed: /feed/dzen.xml · RSS: /feed.xml