Around the world, billions head to the office every day with one goal in mind: earn a living. Those wages are then deposited in financial institutions around the globe where citizens use those funds to pay bills, take holidays, and plan their retirement. However, as the world changes, so does the criminal mind. This month, I’m taking a look at how Korea is using technology in the 21st Century. In this first story, I’m focusing on how Korean banks keep your money safe.
According to In Defense of Data, since 2005, nearly 600,000 data breaches have occurred in the United Sates alone. When factoring in global institutions, the number is far larger. These attacks have led to identities stolen and placed the account holders finances at risk. That’s a scary thought, given how hard one works to earn a living. Imagine coming come from work, logging into your bank account only to find the balance being zero… it’s enough to make you want to run to the bank, pull out all your money, and stuff it in your mattress.
In the United States, where I am from, my bank uses a two-tier method of establishing my identity when I log into their system. It asks me for a Login ID and a password, which is then followed by a challenge question if I am accessing my information from a new IP address (Internet location). Once I have supplied the appropriate answers, I have full access to my account. For the most part, the system provides sufficient security; however, if a hacker were able to obtain all the relevant password and challenge question data, then they could have their way with my money. Thankfully, in Korea (as well as other nations), there’s an extra layer of protection: the security token.
A security token may be a physical device (or software enabled device) that an authorized user of computer services is given to gain access to accounts. These tokens are used to prove one’s identity electronically in addition to or in place of passwords to prove a customer access level. The token essentially acts like an electronic key to access something. These devices are not new, as I had routinely used them during my previous career in the IT industry, but it wasn’t until I came to Korea, that I began using them for banking. As cyber crime increases, more and more institutions are using such keys – even online money transfer site PayPal has the option of securing one’s account with a security key.
Korean Banking Security Keys
Korean financial institutions have enabled a number of electronic safeguards to protect their customers’ money. When attempting to access account information without an ATM or bank teller, a security token must be used. The token takes the form of a software program that is installed on a device, which then turns the selected device into a dedicated security key.
Customers have three options for selecting the destination of their security token, based on their needs. Individuals may opt to have a personal computer registered as the token. If this is the case, only that individual computer can be used to access the desired financial account. Another option, and much more common, is to install the token on a USB drive. With this option, the customer can insert the USB drive into any Windows computer and launch the security key program when prompted by the bank’s website. Because USB drives are small and portable, it allows the customer to perform banking almost anywhere. Finally, with the prevalence of smart phones today, many banks have created security keys for them as well. This also allows the customer to access their financial information wherever they have Internet access.
Because the security token is registered with a single account and account holder, when the customer inputs the correct password to the security key, and that key connects to the bank account, customer identity can be confirmed to a higher degree of certainty than with a simple stored password on a remote server. It’s an added layer of security that certainly puts ease to my mind; however, Korean banks don’t stop there – they have an additional security precaution: the password card.
Usually referred to as the bo-ahn card (보안 카드). This is a special numbered card given to the account holder when they sign up for Internet banking. Before any transaction is approved, the account holder not only has to log in using the security token, but also completes a challenge by the bank to ensure the person logging into the bank has the authority to do so. Typically the bank requests the user to input specific number sets from the card – meaning if the user doesn’t have the card, they cannot complete the transaction.
Overall, I feel significantly safer making online transactions in Korea because of these security enhancements. What about you? How does your bank guard your financial information? Next week, I’ll take another look at how modern technology is being implemented in Korea.