Park Jae-hyuk is a seasoned journalist who has provided comprehensive coverage of South Korea's corporate dynamics, economic policies, industry challenges and the global positioning of Korean companies. Based on the articles he has written since joining The Korea Times in 2016, his investigative approach has helped readers understand corporate governance, economic trends and business strategies shaping South Korea’s economy.
Samsung, Google biometric flaws mar fintech innovation

Users try to unlock Samsung Electronics' Galaxy S10 and Note 10 smartphones with a persimmon peel (left) and a stylus pen in this file photo. / Korea Times file
By Park Jae-hyuk
A series of errors found recently in biometric software in Samsung and Google smartphones have dealt a blow to the nation's financial industry which has sought innovation through authentication technology using biological characteristics, according to industry officials, Wednesday.
In line with the trend of digital transformation, financial services companies here have enabled their customers to utilize fingerprint or facial recognition systems when making financial transactions on their mobile devices.
Rapid-growing mobile payment service providers especially have allowed customers to make payments or send money by using biometric authentication only, without requiring additional verification.
In addition, the nation's financial authorities have pushed ahead with more use of biometrics in financial transactions, regarding the technology as one of the safest identification methods.
The Financial Services Commission (FSC) announced in June it would allow financial transactions using fingerprints or vein patterns, instead of identification cards, if customers' identities had been initially verified by banks a single time.
In October, the financial regulator designated Shinhan Card's facial recognition-based payment system as an innovative financial service.
A Google Pixel 4 smartphone is on display at a launch event in New York in this Oct. 15 file photo. / AP-Yonhap
The trend, however, is facing a huge obstacle as Samsung and Google have shown that the use of biometrics is an imperfect identification method which still has a long way to go.
Samsung Electronics' Galaxy S10 and Note10 smartphones have been embroiled in controversy, since their in-screen fingerprint scanners were found to be vulnerable to unauthorized access because of the attached screen protectors retained an imprint of the owner's finger, thus allowing anybody to then access the phone by touching the protective screen lightly. Doing this tricks the scanner into reading the imprint on the protector not the fingerprint of the person touching the scanner.
Google's recently released Pixel 4 smartphone was also found to have a major privacy weakness, as its face unlock system allowed access to the device even when its owners had their eyes closed.
Although the two global tech giants promised software updates to address the security issues, those who have made financial transactions via their smartphones using biometrics have become concerned about possible losses through such “unauthorized” access.
Amid growing concerns, banks in the U.K., China and Israel, as well as Chinese mobile payment service providers, have begun disallowing the use of fingerprint authentication on Samsung's smartphones.
Korean banks, card issuers and brokerages, which have fostered fintech innovation in biometrics, also recommended their customers to use patterns, passwords or authorized certificates for their transactions.
Some of them have stopped temporarily allowing fingerprint authentication.
FSC Chairman Eun Sung-soo told lawmakers during a National Assembly audit Monday, “We will monitor both Samsung and financial companies, so that no one suffers losses.”
The Financial Supervisory Service's IT & fintech strategy department is also looking into the problem to fully assess the risks.
Experts point out that domestic financial firms have been overly dependent on device makers' biometric technologies, despite the potential security flaws.
“Just like other authentication methods, errors can occur in biometric technologies, so the basic principle of any security system design is layered security, which refers to a system using multiple measures,” said Kim Seung-joo, a professor at Korea University's School of Cybersecurity.
“For example, if fingerprints are used to check bank accounts on a mobile app, remittances should use other methods, such as patterns or passwords. If not, the banking app can be said to have a flawed security design.”