More than 500 individuals have been arrested for using Didi’s ride-hailing platform for fraudulent activity using stolen personal data.
In a work report released Thursday on WeChat (in Chinese), Didi confirmed Chinese police apprehended suspects in 25 cases during 2018, the latest in a series of measures to ensure compliance on its platform. “Security, rather than growth, has been the most crucial target for Didi,” the company said in the report.
The perpetrators allegedly took advantage of a system that Didi uses to pay its drivers prior to receiving payment from customers. The suspects registered for Didi user accounts with stolen personal information, including mobile phone numbers that weren’t tied to an ID and fake payment credentials. They then posted ads online offering Didi trips at reduced prices. Internet users respond to their postings and paid the fraudsters for the trip, though no money ever reached Didi.
The arrests follow Didi’s claims that it removed nearly 140,000 fraudulent driver accounts from its platform in 2018. The ride-hailing giant said the unqualified drivers had posed “severe threats to users’ safety.” Previously, Chinese media reported that individuals with criminal records could register to be drivers on the platform using fake driver’s licenses and IDs, which could be bought for RMB 1,000 (around $150).
The cleanup forms part of a larger move as Didi seeks to go “all-in” on security. The company has revamped its platform following the murder of two passengers using its carpooling service Hitch last year. Since the incidents, Didi has faced mounting public pressure and government scrutiny and halted its Hitch service indefinitely.
In response to the concerns, Didi launched or upgraded a host of security features, including a panic button and driver-passenger blacklisting function. Didi’s mobile application has been updated 15 times since September. By March, more 138 million people had added an emergency contact to their app, Didi said.
Correction: This article has been corrected to reflect that the suspects used stolen personal data to register for Didi accounts. They did not sell Didi user data as was previously reported.