Lawmakers: Banks Should Be Responsible for Hacking Damages

Lawmakers: Banks Should Be Responsible for Hacking Damages. September. 22, 2005 07:44. legman@donga.com.

Starting next year, financial companies should offer compensation to customers for damages caused by electronic financial transactions, including transactions using the Internet, telephone, and automatic teller machines, even if the companies were not at fault.

So far, financial companies have rejected compensation requests, saying that they are not responsible for losses of cash caused by hacking.

Also, it is expected that users of prepaid cards will have an easier time changing the balance of their cards into cash.

The Ministry of Finance and Economy and the Finance and Economy Committee of the National Assembly said on September 21 that a bill on e-finance transactions was recently submitted to a subcommittee responsible for deliberation of finance bills.

The bill was automatically canceled due to delayed deliberation after it had been submitted to the 16th National Assembly in August 2003.

Park Jong-keun, Grand National Party representative and head of the finance and economy committee, said, “There is high chance that the bill would be approved by this regular session of the National Assembly, since a public hearing was held in June this year, and there is no diverging opinion between the ruling and opposition camps.”

The bill stipulates that financial companies shall take responsibility for financial accidents caused by identity (ID), password and prepaid card hacking, starting next January 1, even if the companies were not at fault.

Currently, financial companies and customers conform to contracts which state, “Companies shall compensate only when they made a mistake.” However, it is hard for customers to receive compensation for damages when neither companies nor customers are responsible for the accidents.

This June, when a hacker withdrew 50 million won by getting a customer’s bank account number, ID, password and security card number using a hacking program, the bank refused to compensate, claiming that it was not responsible. It quickly shifted its stance and paid damages due to a public outcry over the incident, but the fact remains that there is no legal protection for victims.

If the e-finance transaction law is approved, banks will be obliged to pay damages and interest to customers if neither bank nor customer is at fault in case of financial losses such as those due to hacking.

But customers will still be responsible for their own losses if they are at fault, such as leaking their passwords or carelessly keeping their security cards used in cash transaction. Banks should secure consent from customers by making a new contract according to a Presidential decree scheduled to be written early next year.

Furthermore, the bill states that banks shall pay cash when users of prepaid cards, such as gift cards that banks are currently selling, want to receive their balance in cash after spending more than 80 percent of their reserve money. Banks currently only offer the balance money option to customers when 90 percent of their reserve money is used.

Chung Yun-seon, a senior researcher at the Korea Customer Protection Board, said, “The introduction of the law will enhance the rights of customers who have had a hard time verifying the faults of financial companies.”