Korea Credit Information Services (KCIS) has decided to apply a whitelist to its credit information and insurance information inquiry service membership system due to an increase in number of illegal access through one-time e-mails.
Amount of damage has expanded as few GAs (General Agency) and Insurtech companies acted as proxies when joining KCIS’ services without proper notification to their customers. Estimated number of illegal approach approaches 30,000 cases as there had been 300 to 400 illegal attempts daily.
KCIS explained that it came up with a decision to apply a whitelist to prevent any further damage.
According to industries, KCIS recently applied a whitelist to e-mail verification for joining its membership system.
Whitelist separates well-known and safe IP addresses from other addresses and categorizes every e-mail from these IP addresses as safe. By allowing only e-mails from a whitelist, it is possible to prevent one-time e-mails such as spam e-mails and harmful e-mails.
KCIS registered e-mails from 16 businesses such as Naver, Hanmail, Daum, Nate, and others into its whitelist. As a result, other e-mails that are not from these 16 businesses cannot join KCIS’ credit information and insurance information system.
“Even though we manually removed one-time e-mails due to rapid increase in number of attempts to join our system through these e-mails, we reached our limit.” said a representative for KCIS. “We decided to apply a whitelist after we started receiving complaints from consumers and decided to prevent any further damage.”
Previously, KCIS changed its credit information and insurance information inquiry service from non-membership system to membership system because it was concerned about leakage of personal information as GAs, FinTech companies, and Insurtech companies recklessly scrapped personal information for their businesses. Membership system now requires text verification as well as e-mail verification.
When verification process became stricter, some companies started to create one-time e-mails and tried to join KCIS’ credit information inquiry service without having consumers know. They tweaked e-mails slightly and used domains such as never or hammail.
However, it is difficult to inquire information with these e-mails in the future. It will not be a problem if customers remember their IDs or passwords. However, they will never be able to retrieve their IDs or passwords if they forget them since e-mail verification is required. Even if they try to join again, they will only be able to do so once a year is passed from their last use of KCIS’ service.
“Customers may have problems trying to access their information as most of them have become members already without knowing.” said a representative for KCIS. “There is also chance that personal information can be leaked as credit information is made available without customers knowing about it.” This representative also added that KCIS decided to apply a whitelist to protect personal information and that its measure will not create much inconvenience as e-mails on its whitelist are widely used by the people.”
Staff Reporter Park, Yoonho | yuno@etnews.com