Refer Report
Poor manpower compared to commercial banks
12 people at KB Kookmin Bank manage 700 locations
Mutual finance, short-term temporary employment
Saemaul Geumgo is operated by another company.
Poor system… lagging response
There are also 51 ‘minimum’ crime scenarios.
Woori and Shinhan Bank operate approximately 250 to 300 branches
There is no penalty when opening a cannon account.
The total number of damages decreases.
Number of damage to unit agricultural cooperatives increases for 2nd year
The government also has no proper sanctions.
Ultimately, the problem must be solved by increasing the budget and manpower.
#Team leader Choi, who was looking at the monitoring screen, clicked the ‘Stop Payment’ button with the mouse without hesitation. As soon as a 74-year-old customer canceled a 50 million won term deposit that was far from expiring, ‘1 won’ was deposited into the customer’s other account for identity verification. This is a typical voice phishing technique.
“Are you a banker? “Aren’t you a police officer?” Team Leader Choi’s wife’s face-mongering on the way to work has always followed him since five years ago when he left the product development team and joined the voice phishing monitoring team.
His work actually resembled that of a police officer, and on the other hand, he was reminiscent of a ‘fisherman’. We analyze voice phishing crime patterns that are prevalent each time and construct over 100 virtual scenarios based on this. Team Manager Choi’s job is to cast a net (scenario) to catch criminals in order to filter out ‘abnormal transactions’ that fit the crime scenario among the tens of thousands of normal transactions that occur in real time at the bank.
The combination of ‘elderly customer-deposit cancellation-1 won verification’ is also a voice phishing method caught in the net. The criminal would have canceled the customer’s deposit using stolen personal information. The mobile phone would also have been turned into a ‘zombie’ state and blocked calls. And the intention was to transfer the money to a new account at another bank in the customer’s name, opened with ‘1 won authentication’. Fortunately, Team Manager Choi protected the customer’s precious money by freezing the account.
Team Leader Choi says that he lives ‘a life of being possessed by a criminal.’ We are preventing damage by creating crime scenarios that may appear when new government policies and financial products are introduced. The brain game between the banker and the phisher continues.
Financial institutions have their own ‘monitoring teams’ to prevent damage from voice phishing. If each branch carries out traditional preventive activities to prevent the opening of bank accounts at the counter, the headquarters monitoring team uses a machine learning-based Abnormal Financial Transaction Detection System (FDS) to prevent crimes. FDS is a crime prevention technique that inputs crime scenario values likely to be used by voice phishing criminals into the device and suspends account payments when the same transaction occurs.
Unit Agricultural Cooperative, ‘10’ monitoring personnel take charge of ‘4,700’ branches
Last year, a phishing method was created to use Starbucks cards by exploiting the blind spot of being able to recharge to an account under someone else’s name. Shinhan Bank prevented crime by installing this crime scenario into its monitoring system. Recently, voice phishing attempts using Starbucks have disappeared as other commercial banks have also blocked this scenario.
These are the words of Mr. A, a monitoring manager. “These days, voice phishing organizations have emerged in place of organized crime groups. We have up to 10 to 20 times as many people studying crime patterns. “We also develop crime scenarios in real time by possessing criminals, and then input those values into the system to defend against them.” Ultimately, the performance of voice phishing prevention is directly related to how skilled personnel are assigned to this team and how many scenario values are loaded into the system.
The Kyunghyang Shinmun conducted a thorough investigation on the 29th on the status of voice phishing monitoring team personnel and computer systems for the five major commercial banks and three mutual financial institutions. As a result, the human resources management of commercial banks was relatively upgraded, but mutual financial institutions such as regional agricultural cooperatives, credit unions, and Saemaeul Geumgo lagged far behind.
The number of people monitoring the five major banks was Shinhan (17 people), NH Nonghyup (16 people), KB Kookmin (12 people), and Hana and Woori (11 people each). On the other hand, the human resources management of mutual financial institutions was relatively poor. Unit Nonghyup, a second-tier financial institution, has 10 employees and over 4,700 branches. This is in sharp contrast to KB Kookmin Bank, which has 12 people managing over 700 branches nationwide. Saemaul Geumgo and Korea Post (Post Office Savings) are no different. The monitoring team consists of 8 people from Saemaeul Geumgo (3,200 branches) and 10 from the Korea Post (2,400 branches), which is a very small number of people compared to the number of branches.
There was also a big difference in skill level. All commercial banks had full-time employees, and the average tenure of the monitoring team was 3 to 5 years. On the other hand, all 10 people at the unit agricultural cooperative were irregular workers with less than 2 years of service. In order to avoid conversion to full-time employees, personnel are replaced for less than two years. The average work experience at the Korea Post was less than 13 months. Saemaul Geumgo was out of the direct management of the head office as the team itself was outsourced to another company. The industry says that if the monitoring task force cannot keep up with the skill level of phishers, there will be a big hole in its monitoring role.
“Voice phishing crimes are also popular. Because people who have been working for a long time know past patterns, they can easily modify prevention scenarios to respond to crimes when patterns that were popular the year before last reappear. However, it is difficult for someone with short experience to respond in that way.”
Manpower is also directly related to the inadequacies of the system. The more scenario values are input, the more detailed FDS becomes and the more abnormal transactions can be caught. However, if the number of operating personnel is small, it becomes impossible to handle many scenario values. This is because it is realistically difficult to press stop payment one by one and then call the customer to confirm the abnormal transaction. Accordingly, financial institutions operate monitoring teams with only the number of scenarios that meet the minimum standards (51) set by the authorities.
Among commercial banks, Woori Bank and Shinhan Bank were operating about 250 to 300 scenarios. On the other hand, Korea Post and Saemaeul Geumgo only maintain the minimum level of the financial authorities’ baseline (51). This is not enough to combat criminals who frequently enhance their criminal methods to capture large sums of money. These are the words of Mr. B, a current monitoring employee. “Criminal organizations try several scenarios to see if they will work or not at this bank. If one area is breached, that is where they will focus their attention. The reason the number of scenarios is important is because the number of victims can increase uncontrollably. “There was a bank where the number of voice phishing cases decreased by 90% in one year as soon as the number of monitoring agents was increased from 4 in 2019 to 12 the following year.”
Mutual financial institutions also had loopholes in their branch systems that prevented the opening of bank accounts or the withdrawal of suspicious large sums. Saemaul Geumgo and Korea Post do not have a performance penalty deduction system (KPI) that imposes some kind of penalty on branches when something like this occurs. This is in contrast to the strict management of both commercial banks and local agricultural cooperatives based on KPI.
One bank employee said, “It has such an absolute influence on the work management of employees that there is a joke among bankers that if it is reflected in the KPI, the unification of North and South Korea can be achieved.” He added, “If it is not reflected in the KPI, even if a customer tries to create a suspicious bank account, it will be rejected.” “There is no incentive,” he said.
According to data from the Financial Supervisory Service that the Kyunghyang Shinmun received through the office of Democratic Party lawmaker Kang Hoon-sik, the total number of voice phishing victims as of June this year was 8,352. The scale is calculated based on the number of fraudulently used accounts into which the victim’s money was directly deposited. We need to look at six more months of the second half of the year, but considering trends such as 29,909 cases in 2021, 28,644 cases in 2022, and 21,401 cases in 2023, there is a possibility that the number of damage cases this year will be less than 20,000 cases. The number of voice phishing victims itself is decreasing.
However, this mainly applies to commercial banks. Mutual financial institutions with poor monitoring operations and KPIs are seeing an increase in the number of voice phishing victims. While commercial banks recorded 17,332 cases per year last year and 6,177 cases as of June this year, mutual financial institutions recorded 3,601 cases last year and 1,985 cases as of June this year. If this trend continues, the total number of damage cases in the mutual financial sector this year is likely to exceed last year’s figure. This is big.
In particular, unit agricultural cooperatives increased for two consecutive years to 2,639 in 2021, 2,683 in 2022, and 2,704 last year (Democratic Party Rep. Yoon Jun-byeong’s office). Typically, you might think that unit agricultural cooperatives suffer a lot of voice phishing damage because they have a lot of elderly users, but the reality is different. Rather, the number of voice phishing victims among Nonghyup users in their 30s or younger last year totaled 991 cases, nearly tripling compared to the previous year (356 cases).
An official from the unit agricultural cooperative said, “The overall number of damages has not increased much, and the damage to those in their 30s or younger has increased as fraud under the guise of loans has increased.” In response to an inquiry from the Kyunghyang Shinmun, Saemaul Geumgo did not disclose any statistics and simply answered, “Neither the increase nor the decrease can be said to be correct.”
In the industry, there is talk about the possibility that the mutual financial sector’s FDS was not operated properly. When commercial banks discover a crime scenario, they share it with other banks. This is in accordance with the public-private joint response system introduced by the Financial Supervisory Service last year. However, it is difficult for organizations with insufficient manpower to load and operate scenarios even if they are shared with other companies. Scenarios such as ‘30s + Starbucks + card recharge’ may not be transplanted to the unit agricultural cooperative system.
Mutual financial institutions say it is unfair. The scale of mutual finance varies greatly by cooperative, and small cooperatives lack the capacity to pay attention to internal control. Due to the lack of budget allocation for voice phishing prevention at the central association level, even large unions with assets exceeding 1 trillion won are experiencing lax internal controls. An employee of the mutual finance monitoring team said, “Our team received six awards this year alone. “Nevertheless, the increase in the number of damages is ultimately a matter of manpower and budget,” he said.
The government’s position is that there are no appropriate sanctions. According to the Telecommunications Fraud Damage Refund Act, if damage to a financial institution increases beyond a certain level, an improvement plan must be submitted to the Financial Supervisory Service. However, this alone does not provide a timely and effective alternative. An official from the Financial Supervisory Service said, “The law itself focuses on ex post relief and refund procedures, so the law needs to be revised for prevention.”
For now, we have no choice but to expect mutual financial institutions to increase their budgets and fill the monitoring team with skilled personnel. Another problem is that although the number of victims is decreasing, the amount of damage per person is increasing. A commercial bank official said, “Banks’ capabilities have reached their limit. “Whether we change the law or create a new organization, we need a completely new voice phishing response system,” he said.
Source: Korean