By Kim Bo-eun
Leading financial services platforms' announcements of measures to protect consumers that fall victim to fraud are raising questions about whether fintech services expose users to greater security risks.
After Toss saw stolen data of its customers used for payments last month, it implemented a system to compensate customers for such cases. It claimed the system will also provide compensation for victims of voice phishing when this involves the platform.
KakaoPay said earlier it was seeking to introduce a system under which victims of similar crimes will be compensated after internal investigations are concluded. This means victims will be compensated before police investigations come to an end.
The company declined to share details but conceded KakaoPay has also seen cases in which stolen data was used to make payments.
The case involving Toss was regarded as a blow to the firm after media reports. Toss lost customers following the incident in which 9.38 million won in payments were made with the stolen data of eight customers.
The simplified payment system may inevitably give rise to accidents, as this only requires a few personal details and a simple password.
After the incident, Toss changed its web payment system to an application payment system that verifies whether the actual owner of the account is making the payment. KakaoPay said it does not apply web payment systems and that all of its payments are made via application payment systems.
Yet if payments can be made with stolen data, this points to the need for tech firms to have more advanced fraud detection systems. The Toss incident showed its system had not been effective.
Toss has pledged to upgrade its system to be able to detect a wider range of activities.
KakaoPay said it set up a big data and artificial intelligence-based fraud detection system in 2015. The company also stated it has become the first fintech firm to receive a certification from the Financial Security Institute in managing personal information and protecting data. But given KakaoPay has also seen payments being made with stolen data, this shows that its system is also failing to detect each of the cases that arise.
"Fintech companies do need to have more sophisticated fraud detection systems," an official of a platform firm said.
Regarding the systems, the FSS official said, "Fintech firms are not required to have fraud detection systems and unless we conduct an inspection into existing systems, we cannot know how they are managed."
Jung Yoo-shin, chief of Fintech Center Korea, said it is unrealistic to expect that all incidents can be prevented and claimed how the government deals with the issue is more important.
"Easy payments can give rise to security issues and this means security needs to be beefed up," he said.
"However, what is important is how this is done. Digital, contactless and mobile transactions are a trend that we cannot defy. If the security issues of fintech are resolved through more regulations and government policies, this will kill innovation. What the government should instead seek is to foster an industry that deals with fintech security."