my timesThe Korea Times
  1. Business
  2. Banking & Finance

Open banking reveals poor security of fintech firms

Listen
By Park Jae-hyuk
  • Published KST
  • Updated KST

gettyimagesbank

By Park Jae-hyuk

The official launch of the open banking service this month has revealed security risks prevail in the nation's fintech industry, as most startups have failed to win approval to operate the service due to their inability to protect users from data theft.

Open banking refers to a new banking system under which a user can check all their accounts from different banks using a single mobile application.

According to industry sources, Tuesday, 133 fintech firms have applied for licenses to operate open banking services, but only seven large fintech firms ― including Viva Republica, Finnq and KakaoPay ― and 24 open platform providers received approval.

It was initially expected that the full-fledged operation of open banking will heat up competition between major lenders and fintech startups.

Most small- and medium-sized enterprises (SMEs) that applied for open banking licenses, however, could not pass the security check-ups.

According to the Korea Financial Telecommunications and Clearings Institute (KFTC), applicants for the open banking service must pass through several stages to get the approval.

They should submit their written business plans to the KFTC, and if those are approved their services must undergo functional tests to look into whether account registration and remittance services are available on their platforms.

If they pass this test, the Financial Security Institute (FSI) checks their security vulnerabilities before they receive final approval from the KFTC.

Industry sources said more than 40 among 48 fintech SMEs approved for their business plans were rejected on the basis of security check-ups as they were not equipped with the minimum level of security.

“Given that the open banking service providers deal with financial assets, stricter security is inevitable for them. However, most fintech startups have been vulnerable to security risks, although they have had more innovative ideas than conventional banks,” KFTC spokesman Kim Jeong-hoon said.

“If they improve their security, they can apply for the open banking license again. I think this will be a good opportunity for fintech firms to rethink their security management.”

He said fintech SMEs cannot afford to hire security managers and establish control procedures.

In addition, the open banking service demands higher costs, because service providers should spend their money on stricter security management and put down a certain amount of deposit for safer remittance.

Although the Fintech Center Korea covers 75 percent of the costs that firms incur for security check-ups, a growing number of fintech startups are giving up hope of operating open banking services.

“Because cybersecurity regulations on financial services companies are stricter than those on ICT firms, most small fintech companies will face difficulties in starting the open banking service,” said Chun Kil-soo, the senior director general of IT & Fintech Strategy Department at the Financial Supervisory Service.

Mentioning the issue of security as key to ensuring the success of open banking, the former Korea Internet & Security Agency director said the financial authorities will tighten their vigilance against security risks.