By Cho Jin-seo
Staff Reporter

The Broadcasting and Communications Commission (BCC) said Thursday that it will make Web sites adopt complex personal verification systems called iPIN and gPIN, instead of identifying users with their resident registration numbers.

The presidential commission is also to make Internet users to use at least eight-digit passwords on sites and to change them every three months to thwart hackers, said Cho Young-hoon, the BCC's manager of private information protection.

The BCC has come up with these measures in response to several massive customer information leaks from the databases of several Internet and telecom firms this month.

The new plans immediatly faced criticism.

``The BCC doesn't have any idea of what is causing this mayhem,'' said Chun Eung-hwi, director of the National Council of Green Consumers, a prominent NGO. ``South Korea is the only country in the world that requires resident registration numbers or iPINs or other identification when buying products from Web sites, while the rest of the world uses credit cards for the purpose.

``Commercial transactions should be based on credit, not identification,'' he said.

A number of information leaks have occurred this year from firms such as Auction and Daum after the government allowed and even encouraged Web sites to collect excessive private information.

The incidents are a blow to the inaugural Chairman Choi Si-jung and the reputation of the BCC, which is to host a meeting of OECD ministers in June on the global Internet economy. Choi is now attending an OECD meeting in Thailand, lauding South Korea's role in the IT industry.

The BCC said it is consulting with various government agencies to encourage firms to enhance their Web securities systems, but it won't be able to submit a revised bill to the National Assembly before September's regular session, said Cho, the BCC's manager.

South Korean Web sites are notorious for requiring detailed and mostly unnecessary private information from their users, and illicitly using it or selling it to telemarketers. A person has to give their 13-digit resident registration number, phone number, mobile phone number and home address to buy a movie ticket at a cinema or to leave a comment on a news Web site, for example.

Massive amounts of private information is thus accumulated in databases of Internet firms, and hackers from all over the world prey on it. Phone numbers and resident registration numbers of Korean citizens have been traded on black markets on the Internet at dirt-cheap prices to telemarketing fraudsters based in Korea and China.

Even the BCC's own Web site demands resident registration number, address, home phone number, mobile phone number and e-mail address from visitors before allowing them access.

``I believe our Web site is collecting this information because it is needed for administrative purposes,'' Cho, the BCC manager, said. ``I don't think that identifying Internet users conflicts with the issue of privacy protection.''

``The BCC should not dabble in this issue anymore. That is the best solution,'' said Chun of the green consumers' network.

indizio@koreatimes.co.kr