A hacker managed to steal 100,000 won ($75) from a local bank by exploiting the online banking verification system which confirms a person’s identity through deposits of 1 won. The suspect is accused of making 100,000 verification requests over the course of a week, swindling 1 won with each request.
According to a report from local media outlet Edaily, the suspect, whose identity is being withheld, appeared to have employed an automated program, given the substantial number of ID verification requests made.
As per the Korea Federation of Banks, the 1-won deposit system is used as one of the authentication methods for the online verification process for opening a new bank account. It involves making a money transaction via another bank, where a code is embedded in the sender's name. The recipient is then required to submit this code following the transaction, thereby verifying themselves as the owner of the account.
The 1-won deposit is one of five verification options deployed by local banks. People seeking to open an account must choose two out of the five. Other verification methods include submitting one’s biometric information and utilizing video calls.
Last year, South Korea's top five commercial banks -- KB Kookmin, Shinhan, Hana, Woori, and NongHyup -- spent nearly 11 million won on 1-won deposit verifications.
These five banks, along with internet-only banks such as Toss Bank, Kakao Bank, and K Bank, have a safeguard system in place to prevent exploitation of the system, setting limits on the number of the 1 won transfers to less than 10 times.
It is unclear whether the hacker targeted one of these banks or whether they targeted another that lacks similar measures.