Overhaul online financial security

A common notice we find on local credit card company Web sites is an assurance of online security. They boast that their Internet payment system is accredited by the Financial Supervisory Service with firewalls and other protections against hackers. Many users make payments of less than 300,000 won ($275) through online settlement systems with absolute faith in their so-called impenetrable security systems. But such trust has been shaken by a series of cyberattacks on these operations. Hundreds of customers using the online payment systems of KB Kookmin Card and BC Card have been hacked more than 800 times.

The investigation is still underway, but according to police findings so far, the suspect hacked into a customer’s computer network and stole money. He may have used the new hacking method of “pharming,” where a hacker redirects the traffic of Web site, for example the National Tax Service site, to another bogus site in order to collect users’ financial information like credit card and national identification numbers. The identity theft and security breach has not happened due to server defects in the online payment systems. It instead highlights the vulnerability of online financial transactions in general. The industry as well as the financial authorities should not take this incident lightly.

This is certainly not the first time the security of online payment systems has come into question. Similar cyberattacks have occurred twice before, but credit card companies have not taken sufficient action against sophisticated criminal threats using techniques like pharming.

They must warn clients that its online payment systems cannot protect them fully against hacking while simultaneously enhancing security procedures. Police and financial authorities also should take more concrete and aggressive measures to raise awareness of new types of deceptive social engineering crimes in cyberspace.

The two credit card companies learned that their online payment systems had been violated early last month. But they only recently informed the police and victims of the trouble and failed to warn the rest of their customers of potential security breaches. Both said they did not want to “cause unnecessary anxiety.”

However, if they were genuinely concerned about their clients, they should have notified the public of the incident and warned all clients of the potential dangers, including what measures to take if they fall prey to hackers. The authorities meanwhile need to re-examine security systems of the financial Web sites.