Value context and insight. lkm@koreatimes.co.kr
'Security key to ensuring success of open banking'
gettyimagesbank
By Lee Kyung-min
By Lee Kyung-min
The success of “open banking” hinges on whether its online platform will protect users from personal information theft, experts said Tuesday.
Under the new financial data management and operating system, using only one app will enable customers to check all their accounts at different banks and wire cash between them in a faster, more convenient way.
Based on an application programming interface (API), an intermediary program that enables various software to interact, the new system will allow both commercial banks and fintech firms to have equal access to financial data regardless of whether they have an online platform.
The Financial Services Commission (FSC) said over 2.39 million people signed up for the system between Oct. 30 and Nov. 28. A total of 5.51 million accounts were opened, meaning one person had an average of 2.3 accounts.
Starting Dec. 18, fintechs will be able to make their services available on the platform.
“The security concern is always present,” said Lee Hyo-seob, senior research fellow at Korea Capital Market Institute (KCMI).
“Once the shared platform is compromised, it will be a matter of seconds that the leak compromises the user data as a whole.”
The IT expert-turned-financial researcher said Korea has no basic security mechanisms such as firewalls among other security precautions, which speaks volumes about how the shared platform is vulnerable to outside attack, especially for low-tier fintechs.
By law, cash-abundant financial groups, and the holding companies of their most lucrative subsidiary banks, are required to allocate around 5 percent of their budgets to maintain a certain level of security for their physical and human resources.
Their small- and medium-sized fintech counterparts simply cannot afford that.
“The problem is that any weak link broken will lead to a breach of all data. Maybe the Financial Security Institute (FSI) or KOSCOM, a developer and operator of the core IT systems in the financial market, could be of some help,” he said.
The most serious issue is that the encrypted data should remain tamper-proof, under which the current system could happen any given moment.
“Maintaining a dual server and hiring a greater number of IT officials could be an option,” Lee said.
The concern comes amid low consumer confidence in the level of data protection, despite the convenience offered.
In an FSI-commissioned survey of 1,200 men and women polled between Aug. 1 and Sept. 30, over 84.1 percent said they were concerned about online financial crimes.
Of the respondents, 87.9 percent said they had used online payment system, while the remaining 12.1 percent said they had never used the system.
Of the latter group, over a third, or 35.6 percent, said they did so because they feared security breaches.
When asked to choose between security and convenience, nearly two thirds, or 64.2 percent, said security was the top priority for using the system while only 35.8 percent prioritized convenience.
Only 15 percent said they believed their financial data was stored and managed safely.
Korea Institute of Finance (KIF) Digital Finance Research Center head Suh Jeong-ho said banks should enhance risk management to effectively deal with IT-related operation and compliance risks.
“Open banking will certainly boost user convenience, but a data breach ― however small they may be ― could lead to the loss of consumer confidence in the system as a whole. Continued monitoring is required on risk management, systemic stability and data protection,” he said.