Article Details

There’s so much stolen data in the world, South Korea will require face scans to buy a SIM. SK Telecom's epic infosec faill will cost it another $1.5 billion. South Korea’s government on Friday announced it will require local mobile carriers to verify the identity of new customers with facial recognition scans, in the hope of reducing scams. As explained in an announcement from South Korea’s Ministry of Science and ICT, the nation has a problem with criminals registering mobile phone accounts and then using them to run scams such as voice phishing. The nation’s new policy therefore extends existing customer authentication arrangements, which see buyers required to present verifiable identity documents at the point of sale, to add verification of a facial scan. South Korea’s three main mobile carriers – SK Telecom, LG Uplus, and Korea Telecom – each provide an app called “PASS” that stores digital credentials. This new scheme will see facial biometric info stored in that app used to verify identity. The Ministry’s announcement of the scheme says it’s hoped the new verification requirement will make it much harder to register a mobile phone account using only stolen data. South Korea has a population of almost 52 million and has experienced two major data theft incidents this year that impacted more than half of all residents. E-tailer Coupang leaked over 30 million records , an incident that cost its CEO his job. SK Telecom, exposed data describing all of its 23 million customers. Korean authorities have already fined SK Telecom $100 million after learning of the carrier’s woefully bad infosec practices, which included exposing plaintext credentials for its infrastructure on an internet-facing server. The telco also stored millions of user credentials without encryption in its database, making it easy for attackers to clone customers or add devices to their accounts. The incident will now cost the carrier another $1.55 billion, after South Korea’s Consumer Dispute Mediation Commission on Sunday ordered the telco to compensate all 23 million customers to the tune of ₩100,000 ($67), half in the form of credits on their bills and the rest in loyalty points that can be used in many retail outlets. No wonder South Korea now needs tighter procedures before allowing new mobile accounts. Not all of the blame lies with SK Telecom, as the announcement of the facial verification requirement states that Mobile Virtual Network Operators registered 92 percent of counterfeit phones detected in South Korea during 2024.