One of the scarier things about this is that 7-Eleven isn't a convenience store here -- it's a retail chain owned by 7&i Holdings and closely associated with Seven Bank.

They also provide various things like health, car, and automobile insurance.

So you'd really expect a conglomerate of this size to have financial things down.

As a Seven & I shareholder, things have been going poorly for a while now. It’s a shame because this company has a chance to be truly great. Luckily, I hedged on FamilyMart, too.

It’s possible they skipped any QA steps in an effort to launch before Family Mart — another convenience store that just launched its own payment app. I’m not sure QA would have helped though — their point card website would email you your plain text password until only a few years ago.

I have their card(as it was free withdrawal but now it's restricted to certain hours).

Anyone know of any decent babks over here? One I can withdraw cash without paying at a lot of locations would be preferable -.-

from a japanese article i read, one of the things that caused this was executives pushing hard for a quick release of something to meet the competition... typical...

it’s getting insane here with all the stupid electronic payment services btw

According to Katsunori Shigeta [1], 7-Eleven belatedly removed the target email address... using CSS (`display:none`). The summoned official had also said that one has no knowledge about the multi-factor authentication [2].

[1] https://twitter.com/shigezo/status/1146700322460463104

[2] https://twitter.com/shigezo/status/1146944325684621312 (the initial tweet had an error on this)

The BBC references a ZDNet story, but never links to it. Here it is: https://www.zdnet.com/article/7-eleven-japanese-customers-lo...

There's also been two arrests made, per ZDNet. Source: https://www.sankei.com/affairs/news/190704/afr1907040036-n1....

Well, this thing happens frequently when every _websites_ want to throw their "apps" to the customers. But their actual "apps" are out-sourced by cheap MSP somewhere. That explains the lack of security effort.

>The 7pay mobile app was designed to show a barcode on the phone's screen when customers reach the 7-Eleven cashier counters. The cashier scans the barcode, and the bought goods are charged to the user's 7pay app and the customer's credit or debit cards that have been saved in the account.

Why is this app even needed? Is EMV contactless not a thing in Japan? Did 7/11 want to join the mobile pay bandwagon?

Japanese 7-11 take contactless just fine, even Apple Pay works. I guess they just wanted to add their own "flavor" to the already maddening mix of available payment and loyalty card options.

> Is EMV contactless not a thing in Japan?

Not really, at least as we know it. Contactless in Japan is very popular, but doesn't use EMV. Most terminals in Japan use a Sony-derived standard called Felica (also known as NFC Type F), which is different to EMV (Type A and Type B). Felica is used both for transit systems (Pasmo, Suica, etc) and payments.

EMV readers do exist, but are typically used solely by international travelers and thus are commonly found at airports or restaurants. Square readers are quite popular for this purpose.

Writing software is easy.

Japan has an effective justice system and police force.