Phishing and smishing rampant... Damages from non-face-to-face financial accidents, what are the responsibilities and solutions?
Concerns about financial accidents are growing as customer personal information was recently leaked due to the SK Telecom SIM hacking incident. As the scale of information leaks is expected to reach up to 25 million, the possibility of sim swapping using SIM information, creating cloned phones, and stealing text messages or financial authentication information is being raised. Since mobile phones are used as the most important authentication medium in non-face-to-face financial transactions, there is a high possibility that hackers will abuse them for electronic financial transaction fraud. In particular, with the revitalization of Fin-Tech, which combines finance and technology, most financial transactions are currently conducted non-face-to-face. Therefore, the financial industry is often a major target for hackers targeting security vulnerabilities. In fact, non-face-to-face financial accidents appear to occur frequently. For example, in the case of voice phishing, the National Police Agency estimated last year that the total damage amount was KRW 854.5 billion, and the damage per person was approximately KRW 41 million, which is a 91% and 73% increase respectively from the previous year. So who is responsible for non-face-to-face financial incidents such as smishing, pharming, and phishing? To explain this part, we must first look at the legal basis. Pursuant to Article 21 of the Electronic Financial Transactions Act (Obligation to Secure Safety), financial companies, etc. must exercise the utmost care as good managers to ensure that electronic financial transactions are processed safely, and are obligated to comply with the standards set by the Financial Services Commission in relation to the information technology sector and electronic financial services, such as manpower, facilities, and electronic devices for electronic transmission or processing, to ensure the safety and reliability of electronic financial transactions. In addition, in accordance with Article 9 of the same Act, financial companies, etc. are required to comply with the standards set by the Financial Services Commission in relation to electronic financial services, including manpower, facilities, and electronic devices for electronic transmission or processing, to ensure the safety and reliability of electronic financial transactions. If damage occurs to a user due to an accident that occurs during the electronic transmission or processing of a contract or transaction instruction, or an accident that occurs due to the use of an access medium obtained by false or other illegal means by intruding into an electronic device or information and communication network for electronic financial transactions, the user is responsible for compensating for the damage. In other words, unless there is intentional or gross negligence on the part of the user, in principle, the financial company must compensate the user for any damages incurred. What should be done if a non-face-to-face financial accident actually occurs? First, you can report or consult with the Telecommunications Financial Fraud Integrated Reporting and Response Center (112) or apply for damage relief to the relevant financial company. In urgent cases, you can apply by phone and submit the documents later. Once the financial company receives the application, the account will be suspended from payment, and if any damages still remain in the account, procedures will be taken to refund the victim. If you report a financial fraud to the police and obtain an incident confirmation certificate detailing the date, time, and amount of damage, you can use it as evidence or explanatory material in future procedures. You can also consider seeking punishment for criminals from the investigative agency through a criminal complaint. Naturally, the biggest concern from the victim's point of view is recovering the amount of damage. Based on the agreement with the Financial Supervisory Service, first-tier financial institutions will implement 'non-face-to-face financial accident responsibility sharing standards' from 2024 and second-tier financial institutions will implement 'non-face-to-face financial accident liability sharing standards' from 2025, and they will independently calculate the liability ratio for damages and provide corresponding compensation to users. It is also possible to apply for dispute mediation to the Financial Dispute Mediation Committee of the Financial Supervisory Service. For example, in 2022, the committee acknowledged the negligence of a financial institution in suspending payments for voice phishing and decided to compensate for the full amount of causal damage. It is also possible to file a lawsuit against a financial company claiming damages under the Electronic Financial Transactions Act, or to file a lawsuit to confirm the non-existence of debt for an identity theft loan that was not made against the person's will. In relation to this, there have been a number of recent precedents in lower courts favoring the victims. However, the best way is to prevent damage in advance. Do not click on links included in text messages unless you trust the source, and make efforts to regularly remove malware and viruses using security or anti-virus programs. Financial accidents can be largely prevented by using the mobile phone identity theft prevention service of the Korea Association for Information and Communications Technology (KAIT) or, if your personal information has been exposed, by registering it with the Financial Supervisory Service's Personal Information Exposure Accident Prevention System. If actual financial transactions due to identity theft are confirmed or suspected, you can also suspend payments in your name at the Korea Financial Telecommunications and Clearings & Clearings Institute Account Information Integrated Management Service (Account Info) or report your credit cards as lost all at once. It is possible. Account Info also provides a safe blocking service for non-face-to-face account openings, which can prevent additional opening of identity theft accounts. Small and Medium Business Team[View full article]
Phishing and smishing rampant... Damages from non-face-to-face financial accidents, what are the responsibilities and solutions? (Shortcut)