[아이뉴스24 이재용 기자] Shinhan Card, which is suffering from measles due to fee conflicts with affiliates, has once again risen to the top of the board due to fraudulent payments. While the police investigation into the cause of fraudulent payment is ongoing, experts are focusing on the security system problem, and there are signs that the Shinhan Card incident will spread to a security problem throughout the card industry.
Shinhan Card “Twenty victims… personal information leakage due to phishing and smishing”
According to the financial industry on the 18th, some Shinhan Card customers received notifications that payments were made at online shopping malls that they had not visited recently. Amounts ranging from tens of thousands to millions of won were paid several times.
Victims immediately notified Shinhan Card, financial authorities, and the police when they became aware of the fraudulent use. Currently, compensation measures are being taken for Shinhan Card, while the financial authorities and police are investigating the case.
Up to this day, Shinhan Card has identified 20 victims of fraudulent use, and the amount of damage is about 39 million won. Shinhan Card said that it was not an accident due to the leakage of internal information, and that customer personal information is still managed safely with a strict level of security.
He also explained that the exact cause must wait for the results of the investigation by the police and financial authorities, but he explained that personal information leaked in advance through phishing and smishing appears to be a crime that led to payment.
A Shinhan Card official said, “Police investigations are underway, and Shinhan Card is also conducting detailed internal process inspections to prevent further damage.”
The financial authorities also plan to conduct separate and frequent inspections on the circumstances and problems of the accidental use of Shinhan Card, and the adequacy of remedies for consumer damage.
Victims who say they have never given an excuse for phishing or smishing… Security expert “There is a possibility of a security system problem”
Victims claim that only 130 victims have been identified so far, and that they have suffered as little as 970,000 won and as much as 17.42 million won each.
Shinhan Card also refuted the cause of the situation. It is said that the victims have never given any excuses regarding the leakage of personal information by phishing and smishing.
It is explained that there were no obvious mistakes or negligence because everyone already had some knowledge about the risks and preparations for smishing and phishing in the media and the Internet.
One victim said, “It is said that the incident was caused by the leakage of personal information from victims by phishing and smishing from Shinhan Card, but most of them are using other app cards other than the Shinhan App Card at the same time. There is no such thing, and it is being used normally.”
He added, “Of course, remedies for damage are important, but we want a clear cause that is not biased to one side,” he said.
Credit finance and information protection experts need to look at several things, but they analyzed that it could be caused by a hacking of the Shinhan Card system or a loophole in the FDS (abnormal financial transaction detection system).
Kyung-ho Lee, a professor at the Graduate School of Information Security at Korea University, said, “I think that we should have caught this because the level of FDS-related technologies such as machine learning is high and the detection of abnormal transactions is quite good.” We have to go, but we need to see if there is a problem with the performance itself that didn’t work well,” he said.
Heung-yeol Yeom, a professor of information security at Soonchunhyang University, said, “FDS is an auxiliary means, not a means to prevent 100%. .
Some suggested that this situation should serve as an opportunity to strengthen security, such as upgrading FDS, in the card industry as a whole. In 2012, the card industry suffered from a massive leak of customer information that amounted to a total of 103 million cases.
Seo Ji-yong, a professor of business administration at Sangmyung University, said, “It is surprising that this fraudulent payment occurred despite the fact that credit card companies have been upgrading their FDSs recently. It should be an opportunity for credit card companies to strengthen their security.”
/ Reporter Lee Jae-yong (jy@inews24.com)
