S. Korea financial sector to step up user authentication

Financial regulator instructs companies to authenticate users through SMS or automated response systems if the requested withdrawal amount exceed US$2,757, amid a rise in cyber fraud in the country.
Written by Ellyne Phneah, Contributor
Previously, users of most financial companies accessed their Web sites for online transactions through an online authentication certificate, and a single password.

Financial companies in South Korea will increase their identification process for online users in a bid to prevent further cyber fraud.
According to regulator the Financial Supervisory Service (FSS), starting September 26 2013, online users of banks, insurers, brokerage firms and savings banks in the country will have to identify themselves through a text message or automated response systems, The Korea Herald reported on Monday.

An online banking user will receive an authentication number from the financial company he or she wishes to log into, and the number must be typed in correctly for the user to get online access to the desired account.

Financial companies must also ask online users to go through the same verification process if the requested withdrawal amount exceed 3 million won (US$2,757) per day, the regulator said.

Previously, most financial companies, other than major banks enabled users to access their Web sites for online transactions through an online authentication certificate, accessible with a single password.

The new measures came amid a rise in cyber fraud such as voice phishing becoming prevalent in the country, the report noted. Hackers would design a malicious code, which is automatically downloaded onto a user's personal computer from the bank's Web site and steal account details from the user to withdraw money.

South Korean regulators have been making efforts to beef up the security of financial institutions. In July, the regulators instructed local financial firms to disclose details in the event of a security breach, including the reason it happened, as part of efforts to beef up network security. Regulators also instructed local banks to separate their network systems into two, for internal and external usage, and pushed for the set up of a consolidated backup center.

Editorial standards