SINGAPORE: Last week, local food and beverage firm Koufu said that it had suspended credit card services on the Koufu Eat app in the wake of unauthorised payments allegedly connected to the app beginning from late last year.
Reports of the unauthorised transactions began as early as October 2024. Koufu, in turn, informed the police about these transactions, and the police said they were investigating the matter.
One man whose credit card was linked to a third-party Google Pay account after he had linked it to the Koufu app to pay for a meal later found out that his card was used to pay nearly $2,000 in unauthorized transactions outside of Singapore, reported Mothership on Tuesday (Feb 4).
Reports of unauthorised payments linked to the Koufu Eat app first appeared in reviews on the Google Play Store in late October. One user said that while they had added their credit card details, this did not reflect in the app, although they found out later that their card had indeed been added to Google Pay. They lodged a police report after that happened. Meanwhile, other users said in December that their credit cards were used in fraudulent transactions after they added them to the app.
Mothership said that one of the people who experienced this was a 40-year-old man named Mr Teh, who had used the app to pay for a food order at Koufu Gourmet Paradise at Oasis Terraces on Dec 7, 2024.
Mr Teh linked his POSB credit card to the app to avail of a 10 per cent discount on his order. In the process of doing so, he received a message with a One-Time Password to add his card to a Google Pay account.
He realized afterwards this should have been a red flag. And when he tried to order a meal using the app, he found he could not do so. He then tried to link his card again and received other messages via SMS to facilitate the process. The second time he did so, he was successful, and he could place an order via the app.
However, on Dec 20, DBS informed him that a pair of transactions overseas with a total of $1,530 had been charged to the credit card he had linked to the Koufu Eat app. Upon checking the card’s transaction history, he found other unauthorised payments outside Singapore worth $350.
Mr Teh cancelled the card and his bank account online at once, reported the transactions to the police and reached out to Google Pay and Koufu. He had not known that others had the same experience with Koufu app and told Mothership he felt “quite stupid” that he had gotten scammed.
While he has contested the charges made on his card overseas, the bank has not ruled in his favour “pending the outcome of the investigation,” which is ongoing.
He told Mothership, however, “If I clicked on a phishing link or an online shopping scam, then yes, it would be my fault. But all I did was link my card to the Koufu app, and something happened.”
Koufu has told the media that no security or data breach had been detected in initial investigations into the unauthorised transactions.
On its part, DBS told Mothership, “When a card is added to a mobile wallet, it is akin to having the card on hand. For this reason, subsequent card payments made via the mobile wallet cannot be disputed.” /TISG
Read related: Koufu Eat app credit card services halted amid probe of unauthorised transactions