Russian Payment Co. Downplays Breach

Qiwi Ltd., Russia's largest payment-service operator, is denying last week's reports in local media that hackers easily could access its payment terminals to steal money from customer accounts.

Although the company on Feb. 20 detected a virus that potentially could do such harm, Qiwi said it reacted immediately to ensure that its network was safe.

"We didn't record any thefts," Qiwi spokeswoman Aleksandra Vysochkina said. "None of our clients were affected or complained."

According to a March 16 announcement by the online security firm Doctor Web Ltd., which is based in Moscow, the virus "Trojan.PWS.OSMP" was discovered inside payment terminals. The virus could potentially could do a great deal of damage, the firm said.

"The new version, which appeared in February, allows whoever uses it to steal money through a fake online terminal," Sergey Komarov, head of Doctor Web's anti-virus development department, said. "As far as we know, it is unique right now" to Russia.

Local media, including the official Russian news agency Itar-Tass, picked up on the story. But according to Qiwi, the story was overblown, and the potential risks were misrepresented.

"Our whole network is functioning as usual," Vysochkina said. "We have issued a special official statement to reassure our clients that there is no threat to their money."

More than 80 million consumers use Qiwi's payment service each month, she said. "We serve over 100,000 terminals in Russia. None of them is infected. We are the leader of this segment on the market, and we pay special attention to security issues."

For reprint and licensing requests for this article, click here.
MORE FROM AMERICAN BANKER