The Korea Herald

피터빈트

Outdated security system discourages digital banking

By Korea Herald

Published : June 12, 2014 - 20:29

    • Link copied

Faced with an urgent need to find new sources of revenue to help drive up their sluggish profit, local banks are now focusing on strengthening online and mobile services.

This is mainly because customers are quickly embracing such services, with mobile banking users in South Korea surpassing the 50 million mark in the first quarter of this year, according to data compiled by the Bank of Korea.

Despite these fast-changing trends, most of the major lenders here still use an outdated security system that has been cited as a major factor in the country’s lax data protection, which recently resulted in a string of customer data leaks at financial institutions including banks and credit card issuers.

If the banks hope to hold on to customers against the backdrop of near-zero interest rates, their priority should be enhancing their digital security, experts say.

But it is a tricky issue since despite the spiraling number of mobile banking customers, the daily trading volume is still low ― accounting for only 4.5 percent of all Internet banking transactions. This is because people use smartphone banking mainly to check their account balance and conduct small-sum transactions, the BOK said.

In other words, mobile banking has yet to reach its full potential.

Market insiders say the archaic digital security system used extensively by most Korean banks is one of the main reasons for this.

All online and mobile bank customers here are required to use a digital certificate, known as a “public key,” that is issued by a bank.

Users also must download the ActiveX plug-in, an outdated software framework that is compatible only with Microsoft’s Internet Explorer. They must also download several other plug-ins, which makes the process even more cumbersome.


Security still a major concern

In addition to efficiency issues, another major concern is security. The problem with ActiveX controls, security experts say, is that due to several weak points they are vulnerable to hacking.

Mobile banking users therefore do not feel comfortable making large-sum transactions, mainly due to security concerns, a local bank official said.

The official added that rapid development of mobile carriers and mobile operating systems are another obstacle blocking widespread mobile bank services.

“There are so many types of mobile phones and OSs (operating systems) that are updated every now and then, and our mobile app just can’t keep pace.”

On the instructions of President Park Geun-hye, financial authorities recently changed the rule and made the digital certificate no longer compulsory for online shoppers.

Yet there are no plans on the horizon for changing the regulations for online and mobile banking as banks have yet to find a better alternative.

Some insist that abandoning the digital certificate completely is neither a cost-efficient nor a practical approach.

“If (authorities) scrap the current digital certificate system, financial institutions will need to develop new security systems. But it is a huge financial burden and quite risky for them,” said Kim Jong-hyun, a research fellow at Woori Finance Research Institute.

He suggested that instead of completely abandoning the digital certificate, banks could restrict ActiveX’s functions.

“The possible solution (for banks) could be changing security frameworks to use the digital certificate without ActiveX,” he added.

By Oh Kyu-wook (596story@heraldcorp.com)