Hello, readers! Have you ever bought things online in Korea? If so, you might have experienced some inconveniences with the payment system at least once. The so called ‘public key certificate’ has been the culprit that complicates the online payment. The public key certificate can be referred to as a cyber ID that verifies the user’s identification. It is so widely used in various electronic financial transactions in Korea that sometimes payment cannot be made without it. With fourteen years of history, it has settled as Korea’s main electronic transaction system and contributed a lot to the development of Korea’s online commerce. However, it has revealed some serious problems which brought about the debate whether to abolish it.
The public key certificate is vulnerable to cyber security because it is stored in particular folder called NPKI and uses “Active X” platform. Having one particular folder named NPKI, all the public key certificate holders are exposed to hackers who try to steal the cyber ID. Also, the public key certificate system is based on Active-X platform since its introduction which is now turned out to be insecure and has been replaced with other platforms. Active X is very vulnerable to malicious codes but Korean online consumers cannot switch to another platform since we need Active X to make payments. Adding to Active X platform problem, online shoppers are confined to a single web-browser, Microsoft Internet Explorer since other web-browsers do not support Active X. The reason why Korea is being ranked as one of the heaviest Internet Explorer users is because Korean online commerce requires the public key certificate which is based on Active X and Internet Explorer is the only browser that supports it.
But now? The problems related to Active X platform, Internet Explorer, and the public key certificate are on the verge of becoming things of the past. Korea’s consumers might have been accustomed to inconvenient online payment methods but foreign consumers are not. To encourage more foreign consumers and to simplify the online payment system, the Financial Services Commission abolished requirements for the use of public key certificate in May. Moreover, the Ministry of Trade, Industry & Energy established an online shopping mall for foreigners only named ‘Kmall24’ to help foreigners easily buy products without Active X. But still, domestic online consumers were having difficulties with online payment system because credit card companies or online shopping malls still required the public key certificate due to security issue. To simplify online payment procedures, the FSC with other relevant government bodies established an improvement plan.
First, as mentioned above, foreigners can shop at foreigner-only shopping malls which don’t require the public key certificate and Active X. Large online shopping malls opened their own foreigner-only online shops whereas small and medium sized ones sell their products through Kmall24. Foreigners can shop more conveniently and domestic sellers can broaden their customer base.
Second, replacement technology for the public key certificate is under development. Up to now, the public key certificate could only be issued by government authorities but online shoppers can adopt various payment technologies only the payment system meets security technology conditions. Moreover, when making payments worth more than 50 dollars, a free text message will be sent to the customer to confirm the order.
Third, simple online payment services will be introduced. PG(Payment Gateway) companies, which are online application service providers that authorize credit card payments for electronic businesses, are trying to forge a partnership with credit card companies and use their information to establish one-click payment service like Paypal. However the government will strengthen regulatory scrutiny on those PG companies to protect customer information.
Fourth, domestic Internet environment will be improved. Since Active X is not a standard technology, it hinders foreign users to access domestic services. However, we cannot throw public key certificate away all at once. Non-Acvice X-based public key certificate will be developed and introduced. Also, experts are trying to adopt global standard HTML5 in Korea.
Improving the public key certificate, promotion of simple online payment service, and development of various authentication methods are the efforts that are expected to improve Korea’s e-commerce environment in general.