The accounts of customers who use the Klarna payment service while shopping at home can be taken over and misused by third parties.
That says the Consumers' Association, which investigated order fraud at the Swedish company.
With Klarna it is possible to pay afterwards for a product at thousands of web shops in the Netherlands.
When home shoppers choose the payment service, they do not need to enter a password;
filling in some personal data is sufficient.
That's where things go wrong, according to the Consumers' Association.
He discovered last year that it is possible to place an order in the name and account of someone else.
In January, researchers from the Consumers' Association successfully ordered products a further ten times via someone else's account.
The association advises consumers with a Klarna account to keep a close eye on their mail, spam box and Klarna app.
They should also check their bank account carefully for unclear debits.
"We will repeat our investigation in a few weeks to see if the leak has been closed," said Sandra Molenaar, director of the Consumer Association.
Klarna says she will take extra measures
Klarna says it is already able to intercept the vast majority of suspicious transactions based on security measures.
The company is taking additional authentication measures to close the discovered leak.
The company cannot go into details about these measures.
"We don't want to make fraudsters any wiser."
When accounts are misused, consumers can report this to the payment service.
They get their money back.
Klarna says she will immediately initiate an investigation if there is any question of order fraud.