Humans Explains Unauthorized Card Charges via Paylov Service

Tashkent, Uzbekistan (UzDaily.com) — Humans has commented on recent cases of unauthorized charges on users’ bank cards through the Paylov payment service, citing a technical vulnerability in the infrastructure of partner service Octagram.

“All fraudulent charges occurred outside the service’s application. Users did not enter confirmation codes (OTP), while attackers sent automated requests directly to the Paylov API using card tokens and keys, which are under the responsibility of the service itself,” Humans said in a statement.

The company noted that after the first wave of attacks, access from unauthorized IP addresses was not restricted, allowing a second wave of charges. The incident affected not only Humans’ clients but also users of other banks and payment organizations.

Humans has already provided all technical materials to regulators and law enforcement. “Refunds to affected users will be handled in accordance with the law, and full and transparent compensation is the only acceptable way to resolve the situation,” the company added.

All other Humans services, including mobile communications, the HUMANS Market marketplace, and the HUMANS Yaxshi food delivery service, continue to operate normally.

Previously, social media users reported large unauthorized charges on their cards, including repeated transactions, and that notifications were not always received. Following complaints, the Central Bank temporarily suspended P2P transfers via Paylov in the Humans app.