|Stickers of card firms are seen on a window of a restaurant in this file photo. / Korea Times file|
By Kim Bo-eun
The surfacing of a mass card data theft case last month is raising questions about efforts card firms are taking to prevent payment fraud using stolen data, especially on overseas websites.
In the latest case, a total of 10 million won in payments were made with the stolen data of 617,000 cards by a suspect who attempted to hack commercial banks last year.
While the case reported is presumed to have occurred through data breaches involving card swipe machines known as point of sale (POS) terminals. Most merchants have changed their devices to IC card payment terminals, which are regarded as more secure regarding the possibility of data breach.
Card firms would not be directly responsible for data breaches occurring from card swipe devices but they are in charge of detecting suspicious transactions that take place using such stolen data.
All card companies have fraud detection systems, but the latest case has shown the existing systems are insufficient.
Investigations into the case are ongoing, but payments are known to have been made overseas.
The Financial Supervisory Service alerted card users against possible further damage, advising them to sign up for services with card firms that enable companies to block payments based on information on the user's location.
The existing fraud detection systems that card companies have are devised to track suspicious card payments based on the user's location as well as purchase patterns.
"We monitor the system and contact card users when questionable payments are made and take measures so that the payment is not processed," an official of a card firm, who requested anonymity, said.
Card firms stated detecting payment fraud on overseas websites is more difficult, as payments can be made inside or outside Korea. This is a problem, as making direct purchases via overseas websites has become a popular means for Korean consumers to obtain foreign goods at lower prices.
Payments such as those made on foreign platforms such as the Google app store are also difficult to determine, as these are made here as well as overseas, an official of a card firm said.
"Not only is it difficult to be able to detect fraudulent payments that are made on such platforms, as each payment needs to be verified, these platforms have their own policies which we need to adhere to," an official of KB Kookmin Card said.
"Locally, we are able to request partnering merchants to beef up security, but this is not the case for foreign partners," he said.
The official said "It seems to be the case that foreign businesses are more inclined toward offering convenience for customers, and compensating them when problems occur."
An official of another card firm said "It is difficult for the fraud detection system to catch every fraudulent transaction, because while we continue to upgrade our systems, so do other entities that aim to surpass our system for questionable purposes. The means used by criminals continues to develop as well."
"Looking minutely into a larger scale of transactions can end up badgering customers more, as this would require additional verification processes," she said.
Card firms here have pledged to compensate users who have their stolen card data used for payments in the latest case.
However, consumers state that they undergo inconvenience as, when cases of payment fraud arise, they need to go through the hassle of freezing their credit card and requesting a new one.