To shield data, government turns to i-PIN
Marketing loans via short message service, or SMS, will also be banned.
The Financial Services Commission, the Financial Supervisory Service and the Ministry of Security and Public Administration reported the plan to lawmakers yesterday in a national probe of the recent personal data leaks by three credit card companies, the country’s worst personal data leaks in history. The data was pilfered to be used by loan marketers.
The Security Ministry wants to bring the i-PIN system into the offline world in order to help prevent pilfering of residents’ registration numbers.
“The government will find ways to make the online-based i-PIN system available offline,” Minister Yoo Jeong-bok said, “in order to reduce illegal distribution of resident registration numbers.”
The ministry plans to revise the personal information protection law to allow the i-PIN to be used more widely by the end of the year.
It wants community centers in every neighborhood to be able to issue i-PIN numbers.
First introduced in 2006, i-PIN numbers have been issued by five private credit information institutions and the ministry’s public i-PIN centers. Internet users who are reluctant to type in their resident registration numbers when signing up for some service online can use their i-PIN numbers instead. An i-PIN is also comprised of 13 digits, but it doesn’t contain as much personal information as the resident registration numbers. It identifies the issuing institution and whether the Internet user is an adult or not.
The Korea Credit Bureau is one of the five i-PIN issuers. An employee of the bureau was responsible for stealing the personal data from the three major credit card companies, involving as many as 104 million accounts.
When an individual applies for an i-PIN, he or she gets a username and password linked to an i-PIN. The user doesn’t need to remember the 13-digit number because he or she only needs to use the username and password.
But when i-PINs are used offline, people will have to remember their 13-digit numbers.
The financial watchdog reported to lawmakers that it will restrict financial companies to collecting up to 10 kinds of customer information. The essential information will include a name, identity number, home address, phone number, occupation and nationality. Three or four types of additional information will be allowed to be collected depending on the product or service.
For example, when a consumer wants to create an asset-accumulation account at a commercial bank, he or she will have to reveal his or her annual income because such an account is only offered to people who earn 50 million won ($46,000) or less a year.
A new standard form for subscriptions to financial products and services will be introduced across the industry.
Within a financial holding group, subsidiaries will still be allowed to share customers’ information, but to do so, the group’s board should approve the information sharing if it is proved to be convenient for consumers. But they should stop doing so if consumers raise the issue, the commission said.
“From scratch, financial companies will be given limited access to essential information of their customers, and provision of customer information to third parties will be strictly restricted,” FSC Chairman Shin Je-yoon said.
The FSC plan also includes banning all kinds of loan-marketing short message services. In cooperation with the Korea Communications Commission, numbers that are suspected of sending such text messages will be shut down.
BY SONG SU-HYUN [firstname.lastname@example.org]