South Korean Efforts to Move Away From ActiveX

Happy face

In a nation where many aspects of life are driven by the phrase “quick quick” (bbali bbali), South Korea’s infrastructure for digital payments can come across as an anomaly. Whereas most services in the country get completed in a breeze, digital financial services such as online banking or shopping are usually held back significantly by extra security procedures. These curious procedures largely form a trio consisting of Microsoft’s ActiveX, Public Key Certificates (Gong-in Injeungseo), and third-party ID-verification and encryption software. And since the early days of digital payments in the country, they have asserted an indomitable presence in the e-finance space.

These software components are usually inescapable requirements on PCs and mobile devices for online transactions, and can add an extra 15 to 20 minutes to online purchases and banking transactions (the worst-case scenario happens for first-time transactions, where users need to install everything all at once). To make matters more inconvenient, they only run exclusively on Internet Explorer and Windows operating systems.

Over the years, South Korean Internet users have come to develop a strong aversion to the collection of OS/browser-restrictive software packages. They are now seen as nuisances that slow down the speed of transactions and provide only minimal security benefits. This explains the massive amount of public attention drawn by the release of mobile payment platforms such as Daum Kakao’s Bank Wallet and KakaoPay, which got rid of the lingering system requirements.

Administrative efforts to fix the problem have been continuing for some time. In 2011, government agencies like the Korea Communication Commission began publicly announcing plans to reduce dependency on ActiveX applications. The agency went on to fulfill its plans in 2012 by promoting HTML5 standards that steer away from ActiveX and Internet Explorer apps (original sources are in Korean).

Most recently on Jan. 19, the country’s Financial Services Commission announced that it will eliminate a clause within the e-finance regulation article that mandates the installation of security programs for online transactions. The measure is expected to free consumers from having to install various third-party software to make online transactions, as well as shift the responsibility for fraud protection onto the transaction-processing corporations, such as banks. In other words, it will be up to the banks themselves to figure out how they would prevent and redress online fraud, without requiring consumers to install multiple security software packages.

While this recent act is a major step toward opening ways for fast and convenient payment systems, many believe that restrictive software applications will linger at least temporarily. For instance, companies still maintain an option enabling ActiveX-powered applications. After all, security software packages have simply been eliminated as a requirement, and have not been entirely outlawed. Furthermore, many critics doubt that corporations possess robust in-house fraud detection systems, leaving a long way until complete independence from third-party security applications.

For both legal and technical reasons, South Korean corporations are having difficulty switching fast. Only the public remains frustrated.


Leave a Reply

Your email address will not be published. Required fields are marked *