Online retailers unprepared for the end of an era
Kim purchased a 40-inch Samsung Electronics high-definition LCD television for $359.99 on Thursday. All it took was a click to put the TV in his shopping cart and follow the payment process.
It was that simple because he had already registered information such as his name, email, password, credit card numbers and address for a previous purchase.
When he has to buy something on a Korean online shopping mall, it’s a different story - a long and complicated one.
Whether it is Auction, Gmarket or 11th Street, a long series of self-authentication procedures await Kim after logging in and selecting a product. Smaller windows pop up asking him to install payment-related software. Then he has to download a self-authentication plug-in, required for credit card payment, as well as download and install three execution files written in English. After checking the authentication certificate, which confirms that he requested a purchase, the payment process is finally completed.
Although Amazon is not available in Korea, these two scenarios vividly display the competitiveness gap between the American retail giant and Korean online retailers.
In fact, local industry insiders have been talking about the possibility of Amazon’s arrival in Korea. Yum Dong-hoon, former CEO of Google Korea, became head of Amazon’s Korean office in January. The company’s headquarters had an open contest to hire marketing staff while starting preparations for a shipping network in Korea by selecting a delivery service company. Amazon says such moves are in preparation for an expansion of its cloud-based web retail service in Korea, but the company has obtained URL addresses (www.amazon.co.kr and www.amazon.kr). It now redirects customers to the American site translated into Korean.
Experts say Korean authentication certificates and other security systems based on ActiveX have become outdated.
ActiveX is Microsoft’s Internet content utility technology that Korean Internet users must install to make online financial transactions of more than 300,000 won ($289). The technology recently has been exposed to various security threats because hackers distributed fake ActiveX programs to paralyze people’s computers.
In addition to security issues, the government has begun to address ActiveX. At a ministerial meeting for deregulation on March 20, President Park Geun-hye strongly urged her administration to come up with a solution, mentioning a coat that became popular after being shown on the drama “My Love From the Star.”
“I heard that many Chinese viewers who watched the drama accessed Korean online shopping malls trying to purchase a coat worn by Cheon Song-yi, the main character, but ended up failing to finish the payment process due to the authentication certificate,” said the president.
The Ministry of Science, ICT and Future Planning also announced on Monday it will develop a system that enables an authentication certificate without installing a security plug-in like ActiveX. The ministry recently ordered the Korea Internet and Security Agency to develop such technology by the end of October.
Meanwhile, retailers and financial institutions are starting to prepare security mechanisms for online payment without authentication certificates or ActiveX.
Local online shopping malls are not directly affected too much because their average transaction amount is as low as 15,000 won.
In Korea, about 80 percent of people use Microsoft’s Internet Explorer, which includes ActiveX.
The real problem arises with foreign shoppers who use other search engines such as Safari, Firefox, Chrome and Opera.
Some industry insiders fear that lifting the authentication certificate requirement may help foreign online retail giants like Amazon dominate the Korean market.
“It is like the government, which so far has been the online malls’ protector, is suddenly changing its stance to hand the gatekeeper role to the malls by ordering them to guard their homes by themselves,” said a source from Interpark, another online mall.
“I mean, it’s good to hear that we don’t have to use the authentication certificate, but at the same time, [the security mechanisms we have to prepare] are becoming a big concern.”
Another limitation occurs to the FSC’s abolition of the authentication certificate requirement. Because the change only applies to online shopping malls, government agency websites, where many people take care of civil services online, and financial institution sites will still use the certificate.
“Coming up with an alternative to the authentication certificate cannot be done by shopping malls alone,” said an official from Auction. “The solution has to be developed in cooperation with credit card companies and electronic payment service providers.”
“All the shopping malls do is to connect product providers and customers,” said an official from SK Planet, the online platform company that runs 11th Street. “When it comes to the authentication certificate, card companies and payment service providers should come together and be in more of a hurry to develop a non-certificate payment technology.”
“If Amazon enters the Korean market in this situation, local online malls will be severely impacted,” said another industry insider.
In the United States and Europe, individual corporations manage customers’ personal information and develop their own payment systems. There are no government-led standardized security systems. Instead, companies take full responsibility when problems occur, like information leaks and fraudulent payments.
Some pointed out that in Korea, both the government and industry are responsible.
“It was understandable a decade ago when online shopping and banking first started, but the authentication certificate system that only relies on ActiveX has reached its limit due to threats of massive information leaks and other hacking activities,” said Kim Kee-chang, a professor at Korea University Law School. “The industry should stop relying on the government and start investing in development of various security solutions.”
By choi joon-ho [firstname.lastname@example.org]