The five major banks conducted a total of 10 cases of voluntary compensation for damages related to non-face-to-face financial incidents, such as 'voice phishing.' Considering that there were over 20,000 cases of voice phishing reported last year, the actual number of compensations provided was less than 1%.
According to data submitted to National Assembly member Kim Sang-hoon of the People Power Party (Daegu Seo-gu, Chairman of the Party Policy Committee) by the Financial Supervisory Service on the 12th, the five major banks—KB Kookmin, Shinhan, Hana, Woori, and NH Nonghyup—have completed compensation in 10 cases related to non-face-to-face financial incidents, including voice phishing scams, from January of last year to last month. The number of voice phishing victims reported last year was a total of 20,839, including both non-face-to-face and face-to-face fraud, with the total damages amounting to 854.5 billion won.
Previously, the Financial Supervisory Service implemented a voluntary compensation system where financial companies share part of the responsibility when non-face-to-face financial incidents occur, starting from January 1 of last year. Non-face-to-face financial incidents refer to cases where a third party executes deposit transfers or loans without the user's consent, such as voice phishing and smishing (personal information hacking via text messages).
Despite the fact that a year has passed since the system was implemented, the poor performance in compensation is due to the limited eligibility of victims. Most voice phishing incidents occur when victims are coerced into directly transferring money, and such cases are excluded from compensation eligibility. Cases that qualify for compensation are limited to those where personal information is leaked by clicking on a link (URL) in smishing text messages, or when voice phishing perpetrators withdraw money using bank applications.
An official from the Financial Supervisory Service noted, "The intention of the system is to compensate victims who have suffered financial losses due to non-face-to-face transactions against their will," adding that "many victims of voice phishing cases are not eligible for compensation because they have been coerced into directly transferring money."
The total amount claimed for compensation (the amount lost from bank transfers) was 825.26 million won, of which the amount actually compensated was 155.13 million won. The average compensation rate was 12.8%. Claims ranged from as low as 8.5 million won to as high as 450 million won, with compensation rates varying from 2% to 19%. Financial authorities had expected the banks' compensation rate to be determined between 20% and 50% of the loss, but the actual compensation was provided at a lower level.
The compensation rate is determined based on the criteria for sharing responsibility. According to guidelines, the degree of fault on both sides is assessed to determine the compensation rate. For example, if the victim had stored their identification card photo or password on their smartphone, the compensation rate would decrease. Conversely, if the bank failed to implement malicious app detection and abnormal transaction detection systems, or if the identity verification process was inadequate, the compensation rate would increase. Financial authorities do not intervene in the negotiation process, and the bank notifies the compensation rate after completing its preliminary investigation.
A representative from the commercial bank said, "All banks have implemented systems to prevent non-face-to-face financial incidents, and the identity verification process has also been made more stringent, making it difficult to reach the maximum compensation rate (50%)."