Development of Korea's First Uniform Management Platform of Biometric Information for Financial Institutions--Accelerating Fintech Technology through Implementation of Secure and User-friendly Financial Services

While Korea is rapidly implementing Fintech as a nation, financial institutions are being required to provide safe and reliable authentication systems. To respond to this demand, the Korea Financial Telecommunications & Clearings Institute (* hereafter “KFTC”), which acts as an intermediary for capital settlement and other processes between banks, has developed together with Fujitsu Korea’s first uniform management platform of biometric information for financial institutions. This biometric authentication-based system has made it possible for financial institutions to provide safe and high-quality services without having to bear the individual risks of managing private information.

Strengthening Fintech Technology as a Nation
The Increasing Demands for Secure Settlement Services

KFTC is an institution specialized in capital settlement that acts as a capital settlement and information intermediary. It was established with joint investment by major banks, including the Bank of Korea, the nation’s central bank. KFTC’s mission statement is “Making a better future with secure and convenient financial payment services.” Based on this mission, it has provided a wide range of capital settlement services such as check clearing, CD/ATM networks, and Giro (bill payment system).
As part of a larger plan that includes these services, KFTC has now developed a biometric authentication-based system for financial institutions. Im Chan Hyuck of KFTC explains, “What has led to these developments began with deregulation with regard to real-name financial transactions back in 2015. This deregulation has led to increased demand among financial institutions for biometric authentication as a new authentication method.”
Korea ranks as one of the most advanced nations in the field of ICT and its application. However, with regards to the financial industry, strict regulations have prevented new services such as Fintech from gaining ground, leaving Korea behind nations in the West. To address this problem, the Korean government has relaxed regulations, such as by allowing non-face-to-face financial transactions under certain conditions, and has developed a policy towards promoting Fintech industries.
This move by the government dramatically increased the availability of Fintech-related services in Korea, such as non-face-to-face real-name transactions using ICT. In the past, Korea had a real-name transaction system in place, which required many financial transactions and operations to be carried out through face-to-face personal identification based on officially issued information, even for electronic transactions. This was not necessarily convenient for users.
What changed this situation were the deregulation measures implemented in December 2015, after which most bank transactions could be made through non-face-to-face methods, as long as certain conditions were met. The conditions required the use of two or more types of personal identification methods out of five specified by the government, including scanned data of actual certification, deposit and withdrawal records from an existing bank account, and biometric authentication.

A Heavy Burden Placed on Companies Due to Revised Privacy Laws
Implementation Risks Reduced for Financial Institutions by KFTC’s Platform

In January 2014, Korea experienced major leak incidents of private information from three major credit card companies that led to heightened concerns regarding the protection of private information. As a result, telecommunications laws were revised and enforced in November 2014.
According to the revised laws, harsher penalties were imposed against institutions and businesses that bear the main responsibility when private information leaks occurred. For instance, financial penalties of 3% or less of related sales amounts were imposed on financial institutions, regardless of whether or not they properly had in place the mandated technical and operational measures. Furthermore, if private information was lost, stolen, or leaked, consumers could legally sue for damages of up to 3 million won, even if the actual amount of damage or loss was never revealed.
Since biometric authentication not only uses regular personal information, but also unique and unchanging attributes of an individual, financial institutions—especially small and medium-sized businesses and startups—are very apprehensive about keeping biometric information. As a result, implementation of biometric authentication has not seen any progression.
To respond to this problem, KFTC developed a biometric authentication platform. The biometric information (registered template) of each customer is divided into two parts and kept by KFTC and the respective financial institution. When a transaction occurs between KFTC and the financial institution, the parts are matched for authentication. If a financial institution did not create its own authentication system, it could contract KFTC to create it. This resulted in the ability to efficiently process biometric authentication.

Provision of the System Platform Together with the Authentication Application
Proven Record of Success by Major Korean Bank Became the Deciding Factor

FUJITSU UNIX Server SPARC M10

KFTC has adopted a biometric authentication system that includes Fujitsu’s palm vein authentication system. At the same time, it has also created security guidelines outlining best practices for safekeeping and transferring authentication information, and has proceeded with system development that conforms to these guidelines. The hardware used in the authentication system platform is Fujitsu’s UNIX server, “SPARC M10.” Using this platform, they have begun operating biometric authentication applications including palm vein authentication. Other than palm vein authentication, the application was also designed to be compatible with fingerprint and iris recognition.
Im Chan Hyuck has stated “We’ve had experience developing a pilot system for palm vein authentication with Fujitsu in 2014.” Through this experience, Fujitsu gained an understanding of the challenges KFTC faced and what their requirements were.
Based on KFTC’s decentralized data management techniques, Shinhan Bank, one of the Korean megabanks, started a digital kiosk (unattended bank teller) service using palm vein authentication in December 2015. After Shinhan Bank's started this service, Kookmin Bank and Woori Bank started non face-to-face channel services also using palm vein authentication. .

Expanding Biometric Authentication to Industries Other Than Financial Institutions
Contributing to the Development of a Safe and Secure Society

KFTC developed Korea’s first uniform management system for biometric authentication information that can be used in cooperation with financial institutions. This technological ecosystem will doubtlessly spread secure payment services on a national scale, and accelerate the development of Fintech-related services, which is a goal of the government.
Biometric authentication systems are projected to become more ubiquitous as electronic payment services become more commonplace. There are also various possible fields in which this technology can be applied outside of personal identification in banks, such as in medical care, education, and local governmental services. If services that allow users to easily and conveniently register, access, and change their information, such as individual private information and usage history, are implemented in various areas of society, the demand for biometric authentication will certainly continue to grow. Outside of the public sector, there is also potential for biometric authentication to be applied in the private sector, such as when logging in to internal networks and servers of companies.
KFTC aims to contribute to the development of a safe and secure society by expanding services into a wide range of fields, with a core focus on financial institutions that are yet to implement biometric authentication systems.

[Customer profile]

  • Official name of client: Korea Financial Telecommunications & Clearings Institute
  • Lines of business: Payment settlement services (Provision of services such as CD Network, IFT Network, Interbank Home/Firm Banking Network, Check Clearing, Giro, and Accredited Certification as well as development and operation of financial infrastructure)
  • Business scale.
    • Payment settlement size: 7.3 billion transactions, totaling 30 quadrillion, 133 trillion KRW (FY 2016)
    • Number of offices: 6 offices
    • Established: June 1986