Inside IT
Differences between Korean and Global Financial Security Technology through FinTech!

FinTech is receiving a lot of attention in the finance and IT markets. FinTech is a combination of finance and technology. This means that financial services are delivered through IT solutions to allow customer to receive more convenient financial services. People in Korea have already had a significant amount of experience with FinTech. The most prevalent examples of FinTech in Korea are Internet Banking and Internet shopping.

Other countries around the world are not actively using Internet banking and Internet shopping as much as Korea. It’s not too much to say that this goes for the services offered as well. But Internet banking and online shopping do not make up the entire scope of FinTech. The FinTech solutions we have discussed up until now are technologies such as Alipay, PayPal and Apple Pay used by companies such as eBay and Amazon. LG CNS’s MPay is also a FinTech technology. Today we will discuss financial service security technologies while examining differences between Korean and global transaction methods.

Mobile payment

Korean and Global Verification and Transaction Methods

Consumers with experience making purchases with online shopping sites such as Amazon and eBay will feel that Korean transaction methods are quite complicated. This goes not only for purchasing items online but also for Internet banking. The process in Korea is so complicated because ActiveX security modules must be installed on a PC before a transaction is made. Verification certificates, keyboard security, encryption modules and other security modules are required.

These modules help in creating a secure data flow between the user’s PC and the server (Internet banking, online shopping servers) that is providing the service by removing customer information and managing transactions to prevent attacks from hackers. These are issues that would not occur when a transaction is done in person. So, of course, the modules are installed for safety but there is no way to avoid a bit of inconvenience. Also, there is a bit of irony in the installing of these programs for safety.

제목 없음-1

So, how are transactions made around the world? As discussed above, the transaction process for online shopping sites such as Amazon and eBay is very simple. This is because these convenient payment systems have been standardized. Let’s take a look at Amazon as an example. When you sign up on Amazon, you also enter your card information. In Korean, you must enter your card information for each transaction made in order to protect personal information and prevent secondary harm from account or card information being exposed.

When making a transaction on Amazon, the card information entered when the account is registered is used so there is no need for a card information security process when making a transaction. Also, since the data is acquired within the server, there is no need for keyboard security. Because of this process, there is no need to install additional security programs when making a transaction on Amazon. Amazon also has omitted the verification certificate process. In Korea, individual verification certification is implemented and a verification certificate module is built in and SSL (Secure Socket Layer) transmission is used.

Changes in Transaction Methods Following Revision to Korean Law

In Korea last May, an electronic commercial law was repealed that required verification certification for online purchases of all products over USD 300. The Korean parliament also made revision to electronic commercial law that was repealed further requirement of verification certification. So, it seems that all requirements for verification certification will be repealed all together by the end of 2015. While we have discussed the repeal of verification certification laws, the need for other certification and transaction technology is still possible.

150112_fintech_04

LG CNS MPay, Transaction Registration Process

So, LG CNS MPay is an example of a solution that can replace the current transaction system. As far as verification is concerned, there is ARS certification and SMS certification along with certification through OTP. Also, since there are already various devices with which smartphone users can verify their information as with ARS and SMS, other existing verification methods are being standardized other than verification certification. When using these methods, further discussions are needed for strengthening security and those discussions have still not begun.

Convenient Payment Systems that Prevent Wrongful Use Through Pattern Analysis

I mentioned that global verification systems are very simple in comparison to Korean systems. But is it possible to provide a secure service with such a simple process. Analysis of user patterns in the global market supplements information for a simplified verification process. For example, data is collected on categories of products purchased by users, average product prices, PC terminal specs and purchase location through recording and analysis of user purchase patterns.

With this analysis process, purchasing patterns are discovered and purchase tracking is done when purchases or transactions are made different from these patterns. Tracking in this way allows for a secondary verification process that goes beyond the purchase or transaction step. The secondary verification process is carried out with steps such as asking the user to answer a question designated by them. When the user makes a purchase that fits into their typical purchase patterns, they are able to complete the purchase with no further verification necessary.

150112_fintech_05

4 Elements of the Fraud Transaction Detection System (Source: Financial Security Research Center Fraud Detection System Technology Guide)

The verification method being used by eBay and Amazon is currently the FDS (Fraud Detection System) is currently being introduced through various types of mediums and development is also being done in Korea. Let’s take a look at the FDS being developed in Korea.

The current Korean Financial Security Research Center has published FDS technology guide. In the guide, 4 FDS functions (data collection, analysis and detection, response, monitoring and auditing) are outlined.

Data Collection is the collection of data on user environment and types of accidents that occur through the collection of user information and behaviors. Analysis and Detection is the process of detecting abnormal behaviors by examining patterns and analyzing the relationships between different transaction types for each type of user. Response is a function for preventing wrongful charges by cancelling transactions and requiring additional verification when fraud is detected. Monitoring and Auditing is a function that involves audits for various types of system violations based on the aggregate finding of the previous 3 functions.

In order to make up FDS, many big data and data warehouse technologies are implemented with data collection, integration and analysis from various sources. Pattern analysis is the core of FDS. With this system, typical user transactions are analyzed and each individual user pattern is included. So, FDS performs the role of blocking transactions that are detected as fraud when they are deemed to be outside of a user’s typical transaction pattern. This is similar to the services provided globally as described above. Also, all of this is done on each server after the user has completes an action. Since the security process is done on the servers, there is no need for each user to install security modules. Various services are being developed based on this model.

Korean Convenient Pay System is Settle along with Korean Legal Revisions

One of the reasons the transaction system is so complicated only in Korea is due to the current Korean laws. Specialists in the field asserted they must continue to support the current system until the current laws are revised and so fintech development in Korea has been difficult. This is especially important for the client in the current Korean verification certification system where many programs must be installed and revision of the service in desperately needed. The burden on the individual user needs to be reduced and security should be handled on the servers to allow the simplification and ease provided by FinTech. Much more convenient financial services would be made available by strengthening the security on the servers themselves with robust data security.

This issue is true starting to take form in the business world. So various convenient transaction systems are being developed and even released in Korea as well. Since it is expected that the verification certification requirement will be repealed all together, there is a lot of activity in this sector. But the most important factor in the development of a convenient transaction system is convenience itself. Security must follow convenience.

LG CNS MPay is now being recognized as the most convenient and most secure system. Endless consumer pattern research and analysis and MPay will prove to be the most secure and convenient transaction service in the global market.

Written by Hakjun Lee (http://poem23.com/ Pen Name: ‘Hakjuny’)

Post navigation

'Inside IT' Category Post
  • IoT
  • Cloud
  • Big Data
  • Security
  • Data Center
  • e-Government
  • Transportation
  • Energy
  • Manufacturing
  • Finance