Alipay upgraded its security procedures following complaints its current system allowed payments to be made without having to enter a password, The Global Times reported.
In a statement seen by the news website, Alipay confirmed it had raised the security levels on its platform to fix the vulnerability and improved its verification processes for password retrieval.
The announcement follows complaints on social media exposing a flaw which, users said, allowed people with specific information on a user to log-in and make payments without the need to enter a password.
Alipay’s security upgrade means users who forget their passwords must enter a verification code sent by text message in addition to completing its original security checks. According to the report, password retrieval was previously available by successful identification of a user’s friends and recently purchased items.
The company said its two-stage password retrieval was only available in “certain situations” and, under the new measures, it would “evaluate the risk” in the instance a customer could not receive a text message or had changed their mobile phone number since registration.
Alipay has 450 million users, mostly located in mainland China, and is widely recognised as the being the market leader in mobile payments in the country. Last week reports emerged the company was looking to partner to enter the South Korean market.