Online Banking in Korea -
Issuance and Usage of Banking Certificates
Because of its convenience, Internet banking - also known as electronic, online, e- or virtual banking - has become increasingly popular in recent years. Online banking offers both private and corporate customers of a bank the possibility to carry out financial transactions online, using any type of electronic device with Internet access. In addition to performing such transactions, customers can also monitor their accounts more easily - 24 hours a day, seven days a week. This permanent access to bank information allows them to easier detect fraudulent, thus helping to minimize the risk of fraud-related financial losses.
Although there were already more than 115 million online banking accounts in Korea by 2015, digital banking services were only used by about half of the account holders. This discrepancy between online accounts and actual users could be due to the complicated handling of digital banking services in Korea. Unlike in the DACH countries, the security and software requirements for online banking in Korea go beyond the widespread use of a TAN (transaction authentication number).
As most of the necessary software and user interfaces are only available in Korean, the language barrier is a further obstacle for foreigners when setting up and using digital banking services.
This article is intended to give a first insight into the requirements and the application process for subscribing to electronic banking services in Korea. Furthermore, the necessity, issuance and use of so-called digital security certifications will be explained as well as their scope of usage for online banking services.
The subscription for using online banking services requires a personal visit to a bank (where an account is held). The applicant must decide whether he/she wishes to use only online information services or also payment services. The application procedure can be carried out either by a representative of the company or by an authorized representative (with appropriate authorization). In both cases, an official photo ID for identification purposes is required. Furthermore, an applicant must fill out the respective application form for electronic financial services of the relevant bank and finally seal it with the registered seal of at least one, but usually all, representative directors (managing directors, board of directors). In addition, a seal impression certificate of the, or all, representative director seal (which must not be older than 3 months) and a tax number certificate must be provided. The subscription process for online services, including the supplement for payment services, requires the respective account to be determined and registered as a withdrawal account. Moreover, it is required to apply for an OTP generator (OTP = One-Time-Password), which is needed for processing any sort of online transactions. An OTP generator is needed by both private and corporate customers in order to use their online banking services.
When subscribing to online banking services, an individual User-ID and a password are set up to log into your account on your bank's website. Instead of these access data, a digital certificate can also be used for login (see below "Digital banking certificates - Issuance and Scope of use").
The setup of online banking is usually free of charge. Only the initial issue of an OTP generator costs about KRW 5,000, depending on the bank. This OTP generator is a time-based digital code generator that usually generates a six-digit OTP which can be used for verification and/or identification within 10 seconds after generation.
In addition to a subscription for online banking services, a few other parameters need to be taken in to account.
Since (most) banking and governmental websites in Korea only work with Microsoft Internet Explorer, it is highly recommended to use this browser for online banking services. When using other browsers, such as Safari, Chrome, or Opera, it is likely that you may experience problems when using a Korean bank's website.
To ensure a smooth use of the website or the online services offered by a bank, it is also necessary to install several programs on the device used. One of these programs is an "Active X" program, which – for security reasons – is legally mandatory for websites of Korean banks. In other countries, however this program is no longer used because of its vulnerability to malware. It must be installed each time the website is accessed. Other programs vary from bank to bank. Usually, users can download and install a package containing all the essential programs the first time they access the respective website. Due to the obligation to use Active-X, and in consideration of other banking software, we recommend using an extra computer for all online transactions, which should not be connected to other company equipment in any way.
The four-digit PIN code, which was set up at the initial application for a bank account and is generally used for any type of activity with the bank card, is also required for online banking services.
Furthermore, a digital (security) certificate – for the use of Korean online banking and various services on government websites – is required. The certificate is an accredited digital key that can be loaded on any type of storage medium. It is probably most convenient to store this digital key on a password-protected USB flash drive. The issuing of such a certificate is explained below.
Digital Banking Certificates – Issuance and Scope of Usage
An accredited certification is issued by an accredited certification office approved by the Government under the Electronic Signature Act. When using online banking services, both the digital certificate and the OTP generator are required.
To issue a digital certificate, it is required to log into one's own account on the website of the respective bank using User-ID and password. Usually the bank’s website offers a ‘certification center’ in English, which offers various services on the subject of digital certificates - including the issuing of certificates. After clicking on the corresponding button, the user is asked to choose the scope of usage of the certification, which should say ‘bank usage’. To complete the issuing process an OTP, generated by the OTP generator, is required. A password for the certification must also be set. The issuance is completed after the certification is stored on the hard drive or any other (portable) storage device. Upon completion, the registered withdrawal account is charged with KRW 4,400.
A digital bank certificate can usually be used with several banks, regardless of which bank initially issued it. A bank's digital certificate can also be registered with the certification authority of another bank.
The applicability of digital certificates goes beyond the sole usage of online banking services. The digital banking certificate allows the holder to access his or her online banking, the National Tax System (NTS) as well as other government websites. There is furthermore a special eVAT certificate for eVAT invoice issuance (KRW 4,400) which also gives access to the NTS. If a user needs all these services, it is possible to register for an eCertification for general purpose (KRW 110,000). Lastly, special purposes certificates, for example for insurance system access or chamber of commerce access, may be issued.
A digital certificate usually expires 12 months after issuance and can be renewed at a bank's online certification office or at the bank's counter.
Since online banking is a rather complex matter in Korea (especially for foreigners), it is not unlikely that problems will arise in setting up or using online services. Many banks offer so-called ‘live remote assistance’ to solve any problems that may arise. This service allows a bank’s customer service representative to temporarily view or even control a user's computer via the Internet in order to solve problems and help with problems the customer is dealing with. However, due to data security reasons, we do not advise companies to use this service.
In case an ID, password or PIN is forgotten, it is possible to contact the customer service department of your bank directly. Security and account passwords can usually be updated or changed on the bank's website.
If a password, a PIN or an OTP is entered incorrectly between three to five consecutive times, the user's account will be blocked and will no longer be accessible until the account holder appears at the appropriate bank in person and requests the account to be unblocked.
Kyong-ae, C. (2015) “Internet banking subscribers hit 115 million”, http://www.koreatimes.co.kr/www/news/nation/2017/03/488_191097.html (15.07.2020)
Ahreum Kim, ABK Ltd. - firstname.lastname@example.org
The information provided within this article is for general informational purposes only. While we try to keep the information correct and up-to-date, there are no representations or warranties, expressed or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the information, products, services, or related graphics contained in this article for any purpose. ABK does not assume and hereby disclaims any liability to any party for any loss, damage, or disruption caused by errors or omissions, whether such errors or omissions result from accident, negligence, or any other cause. Any use of this information is at your own risk.