Online authentication reforms in the offing

What does it take for both domestic and foreign consumers to log in and buy items on Korean e-commerce sites?

The answer is "patience."

There are about a dozen steps to go through to download security programs, set up personal authentication functions and enter personal information, and on some low-end computers this can take ages.

Furthermore, they need to agree to a long list of conditions and hand over sensitive data such as resident registration numbers before typing in their credit card numbers to make the actual purchases.

This cumbersome process legally requires downloading ActiveX by Microsoft, software that has recently become embroiled in renewed controversy.

ActiveX was introduced in the late 1990s, and embedding this so-called public authentication system only via Windows' Internet Explorer has made Korea the "Hermit IT Kingdom," according to some.

They argue that overregulation over such certification systems has not only hindered innovation and investment in online security but also widened the security loopholes, making the closed IT society vulnerable to hacking and data theft.

"Companies were too focused on spending money to maintain the systems under the regulatory environment, instead of allocating their resources to real important things such as creating advanced encryption software for security," said an industry source in the mobile sector.

The long process of authenticating their ID and downloading ActiveX still leaves personal records that hackers can get ahold of while users type in their data and move on to the next step.

"Amazon has a one-click system allowing consumers to easily purchase items without having to rerecord their credit card information (as it is allowed to store such data through protective software)," another source said.

Amazon also does not require Social Security numbers for any users.

"But Korean sites make consumers retype their card numbers whenever they try to purchase goods, while keeping their registration numbers in their database."

The Park Geun-hye administration is seeking to overhaul this widely outdated system that has only made Korea's Internet sector less competitive than foreign players and more vulnerable to online theft.

The plan calls for the mobilization of key government agencies including the Ministry of Science, ICT and Future Planning; the Ministry of Trade, Industry and Energy; and the Prime Minister's Office to draw a roadmap to remove and ease about 20 per cent of regulations by 2016.

This would include fine-tuning and refining the ID authentication and ActiveX systems to allow foreign online consumers to purchase Korean goods worth over 300,000 won (S$354) using just their credit cards, even through different browsers.

Foreigners currently need a foreign registration number issued by a financial institution to use an e-commerce site in Korea via Windows' IE browser.

This restriction has led to only a small amount of domestic online purchases by foreign consumers, while boosting Korean visits to overseas sites. Foreigners bought online goods worth only 200 billion won in Korea last year. In contrast, Koreans spent about 1 trillion won on overseas online shopping in 2013, according to media reports.

Sources reiterated that regulations should be reformed by concentrating on whether the online sector is upholding data protection measures through improved software capability, instead of keeping it in check through authentication and ActiveX system operations.