[Financial Insider] "If You Dare, Try Hacking"… White Hackers Protecting Toss

Lee Jong-ho, Leader of the Toss Security Technology Team

The importance of security is growing day by day in the financial sector. With the widespread use of mobile applications (apps), convenience has increased, but hacking threats lurk everywhere. Especially for financial companies handling customers' 'money,' security capabilities have become a crucial competitive advantage. This issue is even more sensitive for fintech companies, which have a strong IT company character. For Toss, used by about 15 million people monthly, creating the perception that online is safer than offline is a matter of survival. For this reason, Toss employs 10 white-hat hackers. At the center of this team is Lee Jong-ho, a world-renowned white-hat hacker famous for 'Hellsonic,' who leads Toss's security technology team.

In a recent interview with Asia Economy, this leader said, "Toss is confident enough to directly challenge every hacker in Korea to 'try hacking Toss.'" Toss holds an annual public 'bug bounty' event, inviting attacks and rewarding those who find vulnerabilities. He explained, "We have done a lot in terms of security, and we hold this event to showcase our confidence."

This leader is a world-class white-hat hacker who was the first in Asia to win the Defcon CTF, known as the hacking Olympics. He chose Toss because the founder, Lee Seung-geon, CEO of Viva Republica, was genuinely committed to security. Having worked in the security industry for 10 years, he initially declined the offer to join Toss. However, after meeting CEO Lee, his mind changed. He said, "Other companies often try to form white-hat hacker teams as a trend rather than taking security seriously. But CEO Lee had done so much market research that he didn't even need advice, which gave me confidence."

This leader explained that Toss has the highest security level in the industry among first-tier financial institutions, including major commercial banks. To maintain this security level, Toss employs 10 white-hat hackers. They are divided into 'red teams' and 'blue teams' and conduct attack-defense training as if in real situations to enhance Toss's security. The red team learns the latest hacking techniques and attacks Toss, while the blue team monitors and maintains the monitoring and defense systems. This approach is difficult for other financial companies that do not have a white-hat hacker 'team.' Toss plans to expand the white-hat hacker team further in the future.

Toss's white-hat hackers also focus on security from the customer's perspective. With the recent increase in voice phishing incidents through malicious apps, Toss has developed measures to protect users. The leader explained, "For example, malicious apps contain voice guidance files from various banks or the Financial Supervisory Service. We identified and studied these characteristics to develop malicious app detection technology. When the Toss app runs, it scans all apps on the smartphone and blocks any detected malicious apps."

The leader said it is unfair for Toss to be misunderstood as 'less secure because it is easier to use.' Users feel inconvenienced by security program installations at commercial banks but believe they are safe. However, as technology evolves, it has become possible to conduct financial transactions safely without going through such security measures, and researching this is the role of white-hat hackers. Especially since hackers' attacks evolve with technological advancements, white-hat hackers are essential in the financial sector to keep up technically.

The leader emphasized, "Traditional banks have old infrastructures, so their security systems are built by layering on top rather than rebuilding. Toss has security infrastructure with the latest technology from the start, so its security is superior in that regard."

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.