Hacker News new | ask | show | jobs
by palant 1262 days ago
Disclaimer: I am the author of this article.

I think that this issue is really universal across all banks in Korea. I was told (but couldn’t confirm) that this is a liability question. Supposedly, there was a court ruling that held a bank liable for a customer’s losses due to lack of security precautions. So now all of them implement “security precautions” to avoid liability.

Thank you for the hint, I fixed the typo. Not being a native speaker, I had to ask a search engine what I did wrong in this sentence. :-)
3 comments
yongjik 1262 days ago
> Supposedly, there was a court ruling that held a bank liable for a customer’s losses due to lack of security precautions.

You already wrote as much in the article, but (AFAIK) the reality is even worse: there were court rulings that exonerated banks, as long as they followed the standard "security practices." Some hacker from China could access the bank's website from a suspicious IP, drain all the money from a poor guy's account, but the bank has zero obligation to do anything as long as it mandated that all users install half a dozen security plugins all the time.

link
xorcist 1262 days ago
> security plugins

A contradiction in terms of epic proportions.

link
acchow 1262 days ago
Thanks for the writeup.

Do you think getting out of this mess could be as simple as government regulationL: banking (and government and other necessary websites) are not allowed to require installation of plugins or other software to log in.

link
palant 1262 days ago
That’s in fact what I suggest in my blog post. But I am pretty certain that it is far from simple. I’m told that the previous Korean government already tried to tackle this issue and failed. It’s a huge and complicated mess.
link
csydas 1262 days ago
My information here may be outdated, but when I was in Seoul for awhile, it wasn't limited to just banking apps, many services had similar requirements for specific plugins, even requiring Internet Explorer 11 and a bunch of plugins for that.

I remember trying to get tickets for an event, and it was not possible within MacOS at the time due to the various Windows only requirements. I remember even having to re-download another version of Windows 7 as Tiny7 had various Windows Services removed that for some reason the plugins/apps relied on.

My cynical guess is that the plugins/apps include user data/telemetry that the companies get a cut for, but of course this is just supposition. It's entirely possible it's just some liability thing that has become entrenched in Korean IT, who knows.

But the practice was everywhere.

link
JAlexoid 1261 days ago
Well... Over a decade ago Korea was known as the land of IE and ActiveX. It was a weird place at the time.
link
palant 1261 days ago
Yes, I’ve seen references to online gaming that also required these “security applications.” In this case it was likely to aid tracking users and to prevent cheating.
link
0xCMP 1262 days ago
aside: I think the year on the dates is wrong :)
link
palant 1262 days ago
Ah, yes. Fixed. :-/
link