By James Lim
Feb. 14 --In an unprecedented response to a payment card data breach, South Korea's financial regulator Feb. 13 announced that it has ordered three domestic credit card companies to stop adding new accounts, extending credit in cash advances and loans and engaging in partnership marketing for three months.
The sanctions against KB Kookmin Card Co., Lotte Card Co., and NH Bank's credit card division, which may cost the companies millions of dollars in lost revenue, will take effect Feb. 17, the Financial Services Commission (FSC) said in a statement. Existing customers will not be affected by the forcible business stoppage, the first such regulatory action since 2002 when surging credit card defaults battered the South Korean credit card industry.
The three out of the country's nine credit card issuers lost personal data belonging to tens of millions of credit card accounts, the Changwon District Public Prosecutors' Office announced in January. Police are investigating an information technology manager, who was contracted by the companies, for stealing the data through simple USB storage devices.
The affected companies are bracing for many millions of dollars in lost revenue, not to mention the cost of handling card replacements and cancellations, which totaled 7.6 million accounts between Jan. 22 and Feb. 11 alone, according to the FSC.
The FSC will also follow up with personnel sanctions against former and current executives and employees held responsible for lax oversight. Top executives at all of the three companies already resigned in January.
The FSC's latest action may force the financial industry “to change the whole mentality of pursuing profits with insufficient regard for data security,” Lee Myung-sik, president of the Korea Credit Card Academic Society, a private think tank, told Bloomberg BNA.
Others cited the need for long-term fundamental solutions. “We are seeing a lot of bashing but not much in the way of how we should deal with the problem fundamentally,” Lee Jae-yon, a researcher at the Korea Institute of Finance, told Bloomberg BNA.
In the wake of the breach, the FSC Jan. 22 announced proposed measures to tighten data security safeguards and stiffen penalties against financial services companies with lax data security .
To contact the reporter on this story: James Lim in Seoul at firstname.lastname@example.org
To contact the editor responsible for this story: Katie W. Johnson at email@example.com
To view additional stories from Privacy & Security Law Report® register for a free trial now