Banks, regulators look to instate 6-digit codes

Passwords used for credits cards and bank account access in Korea may be changing from four digits to six digits in the near future as financial institutions review the plan in a bid to enhance information security.

According to industry sources, officials at the Financial Services Commission, the Korea Federation of Banks and the Credit Finance Association of Korea have recently discussed increasing the number of digits used in passwords in the wake of financial information breaches that have recently hit the nation.

“It is true that we are reviewing extending password digits as an idea to reinforce information security for the long term, but nothing has been determined yet,” said an official from the FSS. “However, what’s certain is that the task will not be completed soon and will probably take more than three years.”

For example, the task of changing from magnetic strip cards to integrated circuit cards, which prevent card duplication, began in 2008 but is still not complete.

The Korean financial industry previously tried to increase the number of digits in a password, but could not find a convenient method to execute the plan. For example, banks would need to update their ATM programs, a process that is expensive and time consuming.

But following the recent hacking of a point-of-sale (POS) system widely used by restaurants and retailers to manage card payments, it seems that the password change is being considered anew.

Police said last week the hackers didn’t get credit card passwords from the POS system, but pulled out four-digit codes from customers’ “OK Cashbag” cards - a customer loyalty program from SK that gives certain points when buying products.

They then used that information to withdraw cash from ATMs and create false credit cards.

BY JOO KYUNG-DON [kjoo@joongang.co.kr]