Woori Bank gets FSS scrutiny for accounts schemeEmployees at Woori Bank were found to have changed the passwords of roughly 23,000 customers’ bank accounts, as part of a pattern to boost their year-end performances.
Bank officials became aware of the issue in July 2018, a bank spokesman said Thursday, and reported it to the Financial Supervisory Service (FSS) that October, after conducting an internal investigation and implementing measures to fix the problem.
“There were some 40,000 accounts that were suspected to have been affected, but only 23,000 of them were confirmed to have had their password changed by our bankers,” the spokesman said.
The branch employees were found to have exploited a loophole in Woori Bank’s key performance indicators, wherein a change of password on an account that had been inactive for more than a year would appear to be a new account.
The bankers were found to have changed the customers’ passwords between March and May of 2018, according to Woori Bank. No employees have been fired as a result, but the bank eliminated a number of new online accounts from its key performance indicators, and deducted the inflated numbers from its records. The spokesman also said the issue did not financially impact any of its clients.
The Woori Bank spokesman said the FSS had closed its investigation of the matter without penalizing the bank. The FSS, however, has refused to disclose details of the matter, saying the “issue is still ongoing.”
“It is true that an investigation team recently opened an inspection at Woori Bank, but we cannot disclose further details since it is not a closed case,” an employee of the FSS’s IT Fintech bureau, which is directly related to the issue, told the Korea JoongAng Daily.
Under Korea’s Electronic Financial Transaction Act, banks and other individuals may not transfer customer information without his or her consent. Violations are punishable with up to 10 years in prison and up to 100 million won ($84,000) in fines.
Woori Bank may have also run afoul of the Personal Information Protection Act, which prohibits a person who obtained someone’s information to use it for any purpose other than the intended one. Violations of that law are punishable with up to five years in prison and fines of up to 50 million won.
BY JIN EUN-SOO [email@example.com]