Why Did South Korea’s Public Certification System Need to Be Abolished?

In this blog post, we’ll examine the problems with South Korea’s public certification system and explore alternative authentication methods.

 

The public certification system, which had been the subject of constant controversy since its introduction in 1999, garnered renewed public attention following the massive popularity of the drama “My Love from the Star.” The limitations of the system were highlighted when it became known that overseas viewers of the drama who attempted to purchase South Korean clothing, cosmetics, and fashion accessories were unable to complete their payments due to the public certificate requirement. However, such cases are now a thing of the past. In 2020, South Korea abolished the public certificate system through an amendment to the “Electronic Signature Act” and restructured the system to allow the use of joint certificates and various private electronic signature services. Nevertheless, to understand the evolution of online authentication methods and electronic payments, it is still worth examining the problems associated with the public certificate system at the time. In this article, we will explore the issues with public certificates and examine the various authentication methods that have replaced them.
Public certificates were a means of electronic authentication used in e-commerce to verify identity, prevent document forgery and tampering, and prove the fact of a transaction. At the time, they were issued through certified certification authorities and were virtually mandatory for online financial transactions exceeding a certain amount. However, obtaining a digital certificate was not easy for people overseas, and foreigners residing in South Korea often faced inconveniences due to the need to undergo identity verification, submit various documents, and undergo in-person verification. These inconveniences also acted as a significant constraint on the expansion of overseas use of South Korean online shopping sites.
Above all, the biggest problem with public certificates was that they operated on the basis of “ActiveX.” ActiveX is a technology developed by Microsoft to enable existing applications to integrate with the web. However, since it was primarily supported by Internet Explorer, web accessibility was significantly compromised. Even when using other web browsers such as Chrome or Firefox, users often had to launch Internet Explorer to complete a payment. Furthermore, using these services was even more inconvenient on operating systems other than Windows, such as Linux or macOS. And even when using Internet Explorer, the payment process was far from simple. Users had to install multiple ActiveX programs to complete a payment, and the complicated installation process and the need to repeatedly run security programs caused significant inconvenience. This system was consistently criticized when compared to the simple payment methods offered by overseas online retailers.
There were also limitations from a security perspective. The ActiveX components required for using digital certificates were repeatedly cited as having security vulnerabilities, and various attack techniques exploiting these flaws emerged. Furthermore, since digital certificates were stored directly by individuals on hard drives, USB storage devices, smartphones, and other devices, there was a risk that they could be used on other devices simply by copying the file. In particular, as smartphone usage expanded, the number of cases where certificates were stored on mobile devices increased, and the risks associated with loss or malware infection grew accordingly. It was consistently pointed out that an authentication method created for security was actually giving rise to new security problems.
Given these issues, there was no reason for South Korea alone to continue relying on digital certificates. At the time, many countries were already using various authentication methods—including SSL and OTP—instead of digital certificates. SSL is a security protocol that encrypts information transmitted over the internet to protect personal data; it had the advantage of being compatible not only with Internet Explorer but also with various web browsers such as Chrome, Safari, and Firefox. Furthermore, OTP (One-Time Password) is an authentication method that generates a one-time password for each login or financial transaction, offering higher security than methods that reuse the same password. This approach eliminated the need to install a separate ActiveX component, thereby reducing user inconvenience while providing a high level of security.
The greatest advantage of various authentication methods, including SSL and OTP, is that they are not dependent on specific operating systems or browsers. Even at that time, various devices—including IPTV, smartphones, and tablets—were rapidly becoming widespread, but services based on digital certificates failed to adequately adapt to this environment. In contrast, authentication methods that could be used regardless of the operating system or device were able to further expand the scope of online financial services and e-commerce. In fact, as various authentication technologies were subsequently introduced, the mobile financial services and simple payment markets grew rapidly.
Amid these changes, the South Korean government also took steps to reform the system. With the 2020 amendment to the “Electronic Signature Act,” the public certificate system was officially abolished; the system moved away from mandating a specific authentication method, and joint certificates and private electronic signature services were recognized as having equal legal validity. Furthermore, the ActiveX-based payment environment has largely disappeared, and various identity verification methods—such as biometric authentication, simple passwords, and mobile certificates—are now widely used. Users can now choose the authentication method that best suits the characteristics of a given service, and online payments and financial transactions have become much simpler and more convenient than in the past.
Of course, the improvement of the electronic signature system does not mean that all security issues have been resolved. While authentication methods continue to evolve, cyberattacks targeting them are simultaneously becoming more sophisticated. Therefore, rather than relying on a single technology, it is important to continuously develop a variety of authentication technologies that balance both security and convenience. The abolition of the public certificate system has served as a catalyst for the development of South Korea’s electronic financial environment toward a more open and international direction, and authentication technology will continue to evolve in a way that enhances both user convenience and security.

 

App icon

Type // !
Focus an input and type your dropdown trigger to search shortcuts.

App icon

Type // !
Focus an input and type your dropdown trigger to search shortcuts.

About the author

Cam Tien

I love things that are gentle and cute. I love dogs, cats, and flowers because they make me happy. I also enjoy eating and traveling to discover new things. Besides that, I like to lie back, take in the scenery, and relax to enjoy life.