

Phishing and smishing rampant... Damages from non-face-to-face financial accidents, what are the responsibilities and solutions?
2025-06-10

Concerns about financial accidents are growing as customer personal information was recently leaked due to the SK Telecom SIM hacking incident. As the scale of information leaks is expected to reach up to 25 million, the possibility of sim swapping using SIM information, creating cloned phones, and stealing text messages or financial authentication information is being raised. Since mobile phones are used as the most important authentication medium in non-face-to-face financial transactions, there is a high possibility that hackers will abuse them for electronic financial transaction fraud.
In particular, with the revitalization of Fin-Tech, which combines finance and technology, most financial transactions are currently conducted non-face-to-face. Therefore, the financial industry is often a major target for hackers targeting security vulnerabilities. In fact, non-face-to-face financial accidents appear to occur frequently. For example, in the case of voice phishing, the total damage amount estimated by the National Police Agency last year was KRW 854.5 billion, and the damage per person was approximately KRW 41 million, which is a sharp increase of 91% and 73%, respectively, compared to the previous year.
So who is responsible for non-face-to-face financial incidents such as smishing, pharming, and phishing? To explain this part, we must first look at the legal basis. In accordance with Article 21 (Duty to Secure Safety) of the Electronic Financial Transactions Act, financial companies, etc. must exercise the utmost care as good managers to ensure that electronic financial transactions are processed safely, and are obligated to comply with the standards set by the Financial Services Commission in relation to the information technology sector and electronic financial services, such as personnel, facilities, and electronic devices for electronic transmission or processing, to ensure the safety and reliability of electronic financial transactions.
In addition, in accordance with Article 9 of the same Act, financial companies, etc. are responsible for compensating users for damages caused by accidents resulting from forgery or falsification of access media, accidents occurring during the electronic transmission or processing of contract conclusion or transaction instructions, and accidents resulting from the use of access media obtained by false or other illegal means by intruding into electronic devices or information and communications networks for electronic financial transactions. In other words, in principle, financial companies must compensate users for damages incurred unless there is intentional or gross negligence on the part of the user.
What should you do if a non-face-to-face financial accident actually occurs? First, you can report or consult with the Telecommunications Financial Fraud Integrated Reporting and Response Center (112) or apply for damage relief to the relevant financial company. In urgent cases, you can apply by phone and submit the documents later. Once the financial company receives the application, the account will be suspended from payment, and if any damages still remain in the account, procedures will be taken to refund the victim. If you report a financial fraud to the police and obtain an incident confirmation certificate detailing the date, time, and amount of damage, you can use it as evidence or explanatory material in future procedures. You can also consider seeking punishment for criminals from investigative agencies through criminal charges.
From the victim's perspective, the biggest concern would naturally be recovering the amount of damage. Based on the agreement with the Financial Supervisory Service, first-tier financial institutions will implement 'non-face-to-face financial accident responsibility sharing standards' from 2024 and second-tier financial institutions will implement 'non-face-to-face financial accident liability sharing standards' from 2025, and they will independently calculate the liability ratio for damages and provide corresponding compensation to users. It is also possible to apply for dispute mediation to the Financial Dispute Mediation Committee of the Financial Supervisory Service.
For example, in 2022, the committee acknowledged the negligence of a financial institution in suspending voice phishing payments and decided to compensate for the full amount of causally related damage. It is also possible to file a lawsuit against a financial company claiming damages under the Electronic Financial Transactions Act, or to file a lawsuit to confirm the non-existence of debt for an identity theft loan that was not made against the person's will. In relation to this, there have been a number of recent precedents in lower courts favoring the victims.
But the best way is to prevent damage in advance. Do not click on links included in text messages unless you trust the source, and make efforts to regularly remove malware and viruses using security or anti-virus programs. Financial accidents can be prevented to a large extent by using the mobile phone identity theft prevention service of the Korea Association for ICT Promotion (KAIT) or by registering it with the Financial Supervisory Service's Personal Information Exposure Accident Prevention System if your personal information has been exposed.
If a financial transaction due to identity theft is confirmed or suspected, it is possible to suspend payment of all accounts in one's name at the Korea Financial Telecommunications and Clearings & Clearings Institute Integrated Account Information Management Service (Account Info) or report loss of credit cards all at once. Account Info also provides a safe blocking service for non-face-to-face account openings, which can prevent additional opening of identity theft accounts.
Small Business Team
[View full article]
Phishing and smishing rampant... Damages from non-face-to-face financial accidents, what are the responsibilities and solutions? (Shortcut)Do you have more questions?
In-Person Consultation Booking
If you have legal concerns, consult with a specialist attorney at the nearest office.
