I think the answer itself is clear to me: SK bit the bullet much earlier than most other countries, having implemented a nationwide ADSL infrastructure by circa 2000. The same thing happened to Japan for example, where early mobile services were so successful that they essentially stagnated further development until SoftBank's introduction of iPhone.
Active-X was AFIK a common requirement for banking e.t.c. during crypto export restrictions but once they where lifted almost everyone switched to https. What different about SK is the laws which keep their IT security in the past.
One answer is internet banking being way more cumbersome and less advanced in other countries. At that time spending time on the phone or have the customer come spend a miserable time at the agency was the prefered way from the bank's perspective.
To this day many banks won't allow all operations from the online interface.
15-20 years ago Chinese banking website did exactly same things. Maybe they got the idea from SK, don't know. It only ended with widespread adoption of mobile phones and Chrome.