On May 31, KCC (Korea communications commission) in collaboration with the Prime Minister's Office, Finance Committee, including relevant government ministries, finalized the safety guidelines for authentication methods which can be used as qualification certificates on e-banking transactions.
This is the follow-up of the "deregulation plan for authorized certificate obligations with e-banking transactions" which Government and Grand National Party consulted together for last March. They both agreed that current official certificate regulations were too difficult to apply to the new internet environment especially for Smartphone and have been trying to establish safety guidelines for convenient access.
Subsequently, KCC organized the public-private consultative council for collecting opinions from relative experts and stake holders. And after consulting with relevant government ministries, finally "safety guidelines for e-banking authentication methods " were affirmed.
Micro-payments (less than KRW 300 thousand) can be made without having an authorized certificate since last April. And from the second half of the year, e-banking over KRW 300 thousand payments will be able to applied with authentication methods aside from the official certificate.
This guideline sets down the technical safety requirements in electronic financial transactions. It consists of 5 sectors from user checks, server authentication, communication channel encryption, tampering preventions and transaction non-repudiation features.
In addition, financial institutions and e-financiers can self-apply the technical qualifications by considering each transaction type or a security risk. Therefore, when the required conditions such as user authentication, server authentication and the communication channel with encryption are stocked, financial institutions and e-financiers are able to provide various services without using the user authentication through evaluation by an Authentication Methods Evaluation Committee.
The committee will found Financial Supervisory Service (FSS), but is operated objectivly and transparently by private experts' involvement and disclosing the detailed evaluation criteria. Also, if you have been certified at a public agency FSS designated, the committee's valuation can be omitted, and the security review will simplify on authentication method which went through evaluation.
The Financial Supervisory Commission and Financial Supervisory Service will finalize revision of the e-banking supervisory regulations and electronic banking regulation in June, from July they will fully-prepare in order to evaluate authenticate methods specifically which financial institutions are requested.
Source: KCC
