Financial Supervisory Service Conducts Document Inspection of Naver Pay and Toss Until the 23rd
Due to Document Inspection Limitations, On-Site Inspection to Begin from the 26th
Inspection Opinion Delivered to Kakao Pay...Disciplinary Procedures Initiated
As the financial authorities continue their investigation into Kakao Pay, which has been embroiled in controversy over the mass leakage of personal information to China's Alipay without consent, the Financial Supervisory Service (FSS) is launching on-site inspections of other major payment service providers, Naver Pay and Toss Pay.
According to the financial authorities on the 26th, the FSS will begin on-site inspections of Naver Pay and Toss Pay from today to verify whether customer personal information was provided to overseas payment service providers without consent. Previously, the FSS conducted document-based inspections of major payment service providers until the 23rd, following the intensification of the Kakao Pay personal information leakage controversy. However, judging that there were limitations to the document inspections, they decided to proceed with on-site inspections for a more detailed examination.
An FSS official explained, "There are details that cannot be accurately understood through document inspections alone, so it is necessary to directly verify the contents," adding, "We will examine the procedures through which customer personal information was provided and specifically what personal information was exchanged."
The FSS Foreign Exchange Supervision Department detected that Kakao Pay had provided over 54.2 billion pieces of personal credit information?including Kakao account IDs, phone numbers, emails, subscription and transaction details?of more than 40 million customers to China's Alipay, which was entrusted with overseas payment gateway (PG) services, from April 2018 until recently, without customer consent. Under Article 23 of the current Credit Information Act, when providing personal credit information, the provider must confirm whether the recipient has obtained consent from the individual for the provision and use of credit information. In particular, the recipient of personal credit information is prohibited from providing the information to third parties.
If similar cases are confirmed during the on-site inspections of major payment service providers Naver Pay and Toss Pay, there is a possibility that various inspections and investigations will expand across the entire industry handling overseas payments. There are 63 PG companies registered with the FSS as foreign exchange business handling institutions.
The FSS reportedly delivered an inspection opinion report to Kakao Pay on the 23rd and has entered the formal sanction process. After Kakao Pay submits its explanation following receipt of the inspection opinion report, the FSS plans to finalize the specific violations and determine the level of sanctions accordingly. Financial companies that violate the Credit Information Act may face institutional and personal sanctions from the financial authorities and the Personal Information Protection Commission, as well as large-scale fines.
If the FSS's judgment that the Credit Information Act was violated is confirmed, given the scale of the personal information leakage reaching over 54.2 billion pieces, it is expected that fines and other sanctions will reach record levels. Kakao Pay continues to argue, "This personal information transfer was conducted under a processing consignment method based on the business consignment relationship among Kakao Pay, Alipay, and Apple, which does not require user consent."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
