[ISN] Lawmakers: Banks Should Be Responsible for Hacking Damages

InfoSec News isn at c4i.org
Thu Sep 22 01:33:30 EDT 2005


SEPTEMBER 22, 2005
Starting next year, financial companies should offer compensation to
customers for damages caused by electronic financial transactions,
including transactions using the Internet, telephone, and automatic
teller machines, even if the companies were not at fault.

So far, financial companies have rejected compensation requests,
saying that they are not responsible for losses of cash caused by

Also, it is expected that users of prepaid cards will have an easier
time changing the balance of their cards into cash.

The Ministry of Finance and Economy and the Finance and Economy
Committee of the National Assembly said on September 21 that a bill on
e-finance transactions was recently submitted to a subcommittee
responsible for deliberation of finance bills.

The bill was automatically canceled due to delayed deliberation after
it had been submitted to the 16th National Assembly in August 2003.

Park Jong-keun, Grand National Party representative and head of the
finance and economy committee, said, "There is high chance that the
bill would be approved by this regular session of the National
Assembly, since a public hearing was held in June this year, and there
is no diverging opinion between the ruling and opposition camps."

The bill stipulates that financial companies shall take responsibility
for financial accidents caused by identity (ID), password and prepaid
card hacking, starting next January 1, even if the companies were not
at fault.

Currently, financial companies and customers conform to contracts
which state, "Companies shall compensate only when they made a
mistake." However, it is hard for customers to receive compensation
for damages when neither companies nor customers are responsible for
the accidents.

This June, when a hacker withdrew 50 million won by getting a
customer's bank account number, ID, password and security card number
using a hacking program, the bank refused to compensate, claiming that
it was not responsible. It quickly shifted its stance and paid damages
due to a public outcry over the incident, but the fact remains that
there is no legal protection for victims.

If the e-finance transaction law is approved, banks will be obliged to
pay damages and interest to customers if neither bank nor customer is
at fault in case of financial losses such as those due to hacking.

But customers will still be responsible for their own losses if they
are at fault, such as leaking their passwords or carelessly keeping
their security cards used in cash transaction. Banks should secure
consent from customers by making a new contract according to a
Presidential decree scheduled to be written early next year.

Furthermore, the bill states that banks shall pay cash when users of
prepaid cards, such as gift cards that banks are currently selling,
want to receive their balance in cash after spending more than 80
percent of their reserve money. Banks currently only offer the balance
money option to customers when 90 percent of their reserve money is

Chung Yun-seon, a senior researcher at the Korea Customer Protection
Board, said, "The introduction of the law will enhance the rights of
customers who have had a hard time verifying the faults of financial


More information about the ISN mailing list