Crackdown Eyes Internet Banking Security Certificates

The government yesterday said it will gradually ban the downloading of security certificates to personal computers to prevent hacking in Internet banking.

The Public Administration and Security Ministry and the Korea Information Security Agency will encourage the downloading of the certificates to USBs instead of hard disk drives.

PC storage of the certificates will be gradually reduced from the second half of this year and be banned from hard disk drives in 2013. The ministry and the agency agreed on this after finishing negotiations with the Financial Supervisory Service and banks.

From July this year, a warning will appear when individuals download a security certificate to a hard disk drive for Internet banking. The warning will say, “Security risks will ensue if you download this to a hard disk. Do you still want to continue?”

This warning program will be developed by five public certification organizations designated by the government and developers of electronic signature software.

Park Sang-hwan, a fellow at the agency’s electronic certification team, said, “Quite a number of hacking cases using security certificates for Internet banking have appeared over the past one or two years. People should learn that such certificates should be portable to prevent fraud.”

The Internet banking security certificate debuted in 1999. Twenty million of them were in use last year and 21.57 million as of November last year.

A source in charge of Web banking security said, “If this policy is implemented, the transaction patterns of more than 40 million Internet banking users will change. The value of Internet banking transactions worth more than 23 trillion won (20.5 billion dollars) could also be affected.”

About 74 percent of certificate users store it on their hard disk drives for easy use.

bsism@donga.com