SK Telecom cyberattack fuels data breach concerns in finance sector

gettyimagesbank

A growing number of commercial lenders, card companies, insurance firms and brokerages are strengthening user authentication systems in response to a recent cyberattack on SK Telecom, which partially exposed customers' universal subscriber identity module (USIM) data, market watchers said Tuesday.

They say at least two additional steps beyond telecom carrier-mediated user verification are needed to authorize mobile financial transactions, including cash remittances.

The USIM data will therefore not be enough to sign in or change personal information online, they added.

Many financial companies are adding face recognition features for better data protection. Fraud detection systems are also being strengthened to identify unauthorized financial transactions.

According to KB Kookmin, Shinhan, Hana and Woori banks, facial recognition will be required for SK Telecom users for ID verification.

This will apply to users seeking to issue new digital certificates or attempt to complete mobile financial transactions on a new cellphone.

“An attempt to wire money, for example, will be denied without a face ID,” a Woori official said.

“Also, we are operating an emergency response task force to address customer concerns over data privacy and transaction security.”

Hana is taking a similar step for SK Telecom users. Its fraud detection team is closely monitoring suspicious activities.

“Accounts will be immediately frozen if fraud attempts are suspected. We hope the added layer of user verification will help ease customer anxiety,” a Hana official said.

Brokerages are also strengthening user verification in their mobile trading systems, even though the leaked data does not compromise their service security.

Some will deny transaction requests, including the issuance of mobile one-time passwords from SK Telecom users.

Insurers and capital firms are also suspending mobile verification for SK Telecom users.

Other financial service providers are advising SK Telecom users to subscribe to USIM protection services, replace their USIM chips and use authentication methods other than text messages.

Later in the day, the Financial Services Commission (FSC) and the Financial Supervisory Service announced emergency response measures aimed at strengthening consumer protection and financial system stability.

The measures include launching a public awareness campaign to provide precautionary guidelines and promoting subscriptions to bank-operated fraud prevention services.

The financial authorities also established customer hotline centers for reporting incidents.

In addition, the FSC is scheduled to hold an emergency response meeting on Wednesday.

Customers line up in front of an SK Telecom store in Seoul, Tuesday, the second day of the firm's free USIM replacement service, which was launched after its subscriber USIM data was stolen. Yonhap

Meanwhile, a growing number of customers are turning to fraud prevention protection services, whereby unauthorized requests will be denied.

Included will be opening online accounts, taking out loans and issuing new credit cards.

Once consumers sign up, their information is registered with the Korea Credit Information Services with all related services denied.

The services will be canceled only when users make the request during an in-person visit to the bank.

However, many do not mind the short-term inconvenience, the lenders said, since their data protection needs are a bigger priority.

Over 2,000 Shinhan Bank customers, for example, opted for the service over the past two days, far exceeding the daily average of 613 this month.