• The Journal of Society for e-Business Studies
• /
• v.19 no.4
• /
• pp.119-134
• /
• 2014

Financial companies are providing electronic financial transactions through a variety of user terminals for non-face-to-face services such as Internet banking, smart phone banking, or etc. However, in these services users' security awareness and the limitations of technical responses has frequently caused the financial loss so that fundamental protection measures are required from financial authorities. Accordingly, financial industry is planning and establishing systems that block unusual financial transactions by comprehensively analyzing and detecting user's electronic information, access information, transaction information, and so on in accordance with "Guide for building Unusual financial transactions detection system" to prevent the financial loss that happens in electronic financial transactions. In this paper, we analyze case studies of unusual financial transactions detection and prevention system that is built and operated in financial companies and current operating status and propose effects of the accident prevention and security measures later.

• Knowledge Management Research
• /
• v.16 no.4
• /
• pp.35-45
• /
• 2015

Fintech, which means the convergence of finance and information technology, becomes a hot topic in the financial sector. Through innovative activities on financial services, ICT(Information and Communication Technology) is integrated into the overall financial industry, and a new form of financial services could be expected to improve the existing financial system. On the other hand, fintech services are relatively vulnerable to security issues. Due to the process simplication and the channel fusion, the leakage of personal and financial informations, authentication bypass, phishing, and pharming are getting more concerned. In this study we investigated the security risk of fintech services in the viewpoints of service provider, technology adoption, and security policy. The possible countermeasures to reduce those risks are suggested because security is an important criterion for selecting financial services. This study basically offers quantification of the potential security risks and step-by-step control measures about business processes in the fintech services. The suggested security model includes user authentication, terminal security, payment information protection, API(Application Programming Interface) security, and abnormal transaction monitoring. This study might contribute to an understanding of the security risks and some possible measures for mitigating those risks on the practical perspective.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.17 no.4
• /
• pp.209-218
• /
• 2017

In order to efficiently and preemptively respond to financial security threats that are becoming more sophisticated and intelligent, and to enable financial users to receive financial services safely, financial information security professionals are needed. However, as of 2015, the number of financial IT security personnel was 4.9%, which is slightly lower than the previous year, but still low. In this study, it is expected that the number of experts in financial security will increase gradually. In order to verify the minimum performance of financial security professionals and enhance the security consciousness, the subjects of the existing security qualification system, Curriculum and inspection techniques to analyze the necessity of introducing information security specialization specialized in financial sector.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.4
• /
• pp.145-154
• /
• 2010

End-to-End(E2E) encryption is to encrypt private and important financial information such as user's secret access numbers and account numbers from user's terminal to financial institutions. There has been found significant security vulnerabilities by various hacking in early E2E encryption system since early E2E encryption is not satisfied the basic security requirement which is that there does not exist user's financial information on plaintext in user's terminal. Extensional E2E encryption which is to improve early E2E encryption provides confidentiality and integrity to protect user's financial information from vulnerabilities such as alteration, forgery and leakage of confidential information. In this paper, we explain the extensional E2E encryption technology and present considerable security issues when the extensional E2E encryption technology is applied to financial systems.

• Management & Information Systems Review
• /
• v.6
• /
• pp.163-186
• /
• 2001

A venture business plays important roles in the economy of a developing nation. It makes highly value-added product, increases employment and improves the industry structure. The objective of this study is to derive the financial and non-financial characteristics from venture businesses, which determine a highly successful business group or a less successful business group. The firm characteristics are composed of 21 financial(liquidity, leverage, cash flow, activity, productivity, and etc) and 34 non-financial characteristics(manager, technology, marketability and credibility variables), which have been considered as the key characteristics for venture business by the existing literature. All financial ratios and non-financial characters play a role of making discriminations between a highly successful and a less successful group. Because there are not generally accepted definitions, classifying a highly successful and a less successful venture business is a very difficult problem. Operational definitions have many problems but we have no choice in current stage.

• International Commerce and Information Review
• /
• v.8 no.1
• /
• pp.417-435
• /
• 2006

A Systematic Wealth Management Framework (SWMF) was developed as a private banking management tool to enable more integrative personal finance management of personal wealth. It is a reference model that provides an unified framework for development, operation, and management and makes provision for personal financial services in today's complex financial environment. This study suggested some practical results from banks and insurance companies that have established SWMF as the differentiation business strategy for wealthy customers. The focus of this manuscript is on capturing the methodological approach most financial institutions in Korea adopted to execute new e-finance planning and implementation based on the SWMF. The alignment between the wealth management business goals and information system architecture at an organization constitutes the main theoretical basis of the study. Relevant discussions are made on the wealth management framework as a general business model for financial industry, on the functional relationship between new information systems and business organizations. Finally, lessons learned from the SWMF implementation are discussed.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.11
• /
• pp.4163-4183
• /
• 2021

As measures for protecting users and ensuring security of electronic financial transactions, such as online banking, financial institutions in South Korea have implemented network segregation policies. However, a revision of such domain-centered standardized network segregation policies has been increasingly requested because of: 1) increased demand for remote work due to changes resulting from COVID-19 pandemic; and 2) the difficulty of applying new technologies of fintech companies based on information and communications technologies (ICTs) such as cloud services. Therefore, in this study, problems of the remote work environment arising from the network segregation policy currently applied to the financial sector in South Korea and those from the application of new ICTs such as fintech technology have been investigated. In addition, internal network protection policies of foreign financial sectors, such as those of the United States, United Kingdom, European Union, and Russia, and internal network protection policies of non-financial sectors, such as control systems, have been analyzed. As measures for the effective improvement of the current network segregation policy, we propose a policy change from domain-based to data-centric network segregation. Furthermore, to resolve threats of hacking at remote work, recently emerging as a global problem due to COVID-19 pandemic, a standard model for remote work system development applicable to financial companies and a reinforced terminal security model are presented, and an alternative control method applicable when network segregation is not applied is proposed.

• Asia pacific journal of information systems
• /
• v.22 no.1
• /
• pp.53-77
• /
• 2012

Financial firms, especially large scaled firms such as KB bank, NH bank, Samsung Card, Hana SK Card, Hyundai Capital, Shinhan Card, etc. should be securely dealing with the personal financial information. Indeed, people have tended to believe that those big financial companies are relatively safer in terms of information security than typical small and medium sized firms in other industries. However, the recent incidents of personal information privacy invasion showed that this may not be true. Financial firms have increased the investment of information protection and security, and they are trying to prevent the information privacy invasion accidents by doing all the necessary efforts. This paper studies how effectively a financial firm will be able to avoid personal financial information privacy invasion that may be deliberately caused by internal staffs. Although there are several literatures relating to information security, to our knowledge, this is the first study to focus on the behavior of internal staffs. The big financial firms are doing variety of information security activities to protect personal information. This study is to confirm what types of such activities actually work well. The primary research model of this paper is based on Theory of Planned Behavior (TPB) that describes the rational choice of human behavior. Also, a variety of activities to protect the personal information of financial firms, especially credit card companies with the most customer information, were modeled by the four-step process Security Action Cycle (SAC) that Straub and Welke (1998) claimed. Through this proposed conceptual research model, we study whether information security activities of each step could suppress personal information abuse. Also, by measuring the morality of internal staffs, we checked whether the act of information privacy invasion caused by internal staff is in fact a serious criminal behavior or just a kind of unethical behavior. In addition, we also checked whether there was the cognition difference of the moral level between internal staffs and the customers. Research subjects were customer call center operators in one of the big credit card company. We have used multiple regression analysis. Our results showed that the punishment of the remedy activities, among the firm's information security activities, had the most obvious effects of preventing the information abuse (or privacy invasion) by internal staff. Somewhat effective tools were the prevention activities that limited the physical accessibility of non-authorities to the system of customers' personal information database. Some examples of the prevention activities are to make the procedure of access rights complex and to enhance security instrument. We also found that 'the unnecessary information searches out of work' as the behavior of information abuse occurred frequently by internal staffs. They perceived these behaviors somewhat minor criminal or just unethical action rather than a serious criminal behavior. Also, there existed the big cognition difference of the moral level between internal staffs and the public (customers). Based on the findings of our research, we should expect that this paper help practically to prevent privacy invasion and to protect personal information properly by raising the effectiveness of information security activities of finance firms. Also, we expect that our suggestions can be utilized to effectively improve personnel management and to cope with internal security threats in the overall information security management system.

• Journal of Digital Convergence
• /
• v.13 no.5
• /
• pp.31-39
• /
• 2015

In the modern society, as development innovative technology consumers could access various information. It make consumers empower in the market, and information asymmetry problem were solving more and more. In the technical information, however, there are still information asymmetry because technical information is very difficult to understand, and those are related with professional knowledge such as financial information. This study used the dataset which was collected to track Korean consumers consumption index by KCA(Korea Consumer Agency) which included consumer's problem experience at financial field. The results are followings. Firstly, consumers want to get exact and important information to decide purchase or not and comparative information in technical information area. Secondly, age is the influence variable to experience more problems in technical information section. Thirdly, consumer's subjective financial competency is major influence factor to reduce problem experience.

• Journal of Family Resource Management and Policy Review
• /
• v.3 no.2
• /
• pp.17-32
• /
• 1999

The purpose of this study is to investigate bases on the employed wives’family financial management types according to family financial management types according to family financial management project and performance. And it’s related variables will provide the basic information for the program which aids in the improvement of the employed wives’family financial management skills and family financial counseling. The major findings were as follows: 1) The total mean score of respondent’s family financial management was 3.54 out of 5. And the mean score of project and performance was respectively 3.42 and 3.62. 2) Among family financial management types, effective type, project-centered type, performance-centered type, ineffective type were respectively 38.7%, 16.4%, 13.2%, 31.7%. 3) The family financial management type of the employed wives was affected by information utilization the degree of communication, type of occupation, and job attitudes.