Card firms vow full compensation for damage from illicit use

The financial regulators and credit card companies claim that since the personal information leaked from the firms have not been handed over to a third party, and the original file containing the leaked information has been seized as intact, there is little possibility for secondary damage. However consumers remain concerned about their financial security. In the wake of the fiasco, the card companies have announced a measure not only to compensate their customers for financial damage in full, but also to consider compensating for their mental damage. The following questions and answers are designed to ease consumers’ doubt and worries, including the possibility for secondary damage and compensation.

Q. How will card companies compensate for financial damage and mental damage?

A: The three card firms, namely KB Kookmin Card, Lotte Card and NH NongHyup Card, said they would fully compensate if financial damage incurs, including illegal use and cash withdrawal through counterfeiting and forging of credit cards as a result of the recent personal information leaks. Originally, the duration for compensation for financial damage caused by illicit use of credit cards is specifically defined, but all damage stemming from the recent leaks will be compensated unconditionally irrespective of duration. Also, they are set to compensate for financial damage including that from smishing (fraudulent payment through mobile phone text messages) or voice phishing, if they are confirmed as financial fraud resulting from the recent information leaks. However, the card companies have only expressed their position “to proactively consider” compensating for mental damage. The scope of or standard for compensation has yet to be defined. The card companies will devise compensation plans for mental damage based on similar court rulings or legal grounds.

Q. There are worries over voice phishing and smishing as well.

A. In order to counterfeit, forge, or duplicate a credit card, a con artist needs the credit card’s password or the last three digits of the card number, and these two types of information were not leaked. However, the possibility for illicit use cannot be ruled out for Lotte and NH NongHyup cards whose card numbers and expiry dates were both leaked. Some overseas websites or home-shopping sites allow for payment on credit even with the card number and expiry date only. Even in this case, the three companies have decided to provide text-messaging service to inform the cardholder of credit payment via the mobile phone, and hence the cardholder can instantly learn illicit use of his or her card.

On the contrary, cardholders should be wary of phone calls, text messages or emails that contain specific information, including “Customer XXX, you had your information leaked from XX credit card, right?” Financial institutions or regulatory authorities never ask the cardholder to submit the password of an account, numbers on a security card, or the last three digits of a credit card number. They never send a cardholder text messages or emails containing an Internet URL either.

Q. Victims of personal information leaks are reportedly moving to take collective lawsuit against card firms. Do they have a chance to win?

A. One can sign up with the Internet café that is taking steps for a lawsuit, and transmit 7700 won (7.24 U.S. dollars) to 10,000 won (9.4 dollars) according to the legal council’s instruction to join the suit. The amount includes the cost for official seal and legal administration of lawsuit. When the plaintiffs win the suit, they will likely be paid 100,000 won (94 dollars) to 200,000 won (180 dollars) per person, an amount similar to that paid in the 2006 case against Hanaro Telecom.

Whether they will win or not will depend on whether card companies can be held accountable for mental damage the customers suffer. In the 2008 case over customer information leaks from GS-Caltex Oil, the court rejected the suit seeking damage, saying, “If there was no actual damage, it is (victims’) vague sense of anxiety that their information could be misused or abused.” However, in the case of leaks from SK Communications in 2011, the court ordered the company to pay 200,000 won (180 dollars) per plaintiff, saying, “Even if the plaintiff did not suffer any financial loss, the company should compensate for mental damage.’