50% of South Korea’s E-Commerce purchases are now on mobile, as we have seen for the past year an amazing increase of transactions completed through 3rd party shopping and banking applications. But as transactions made online require ActiveX, outdated software framework from Microsoft, the full potential of e-commerce in South Korea is hindered from reaching its full potential. What exactly is ActiveX, and how is the Korean government trying to get rid of it?
What is ActiveX doing in Korea?
Whenever you purchase anything online in South Korea, you need Internet Explorer installed on your PC – and a good dose of patience – to install security software every time you want to make a payment. Transaction times can take anywhere between 10 minutes and 3 hours, depending on how lucky you are.
“South Korea is one of the most mobile-friendly countries in the world – ironically paired with PCs that are stuck in the dot-com era.
For a nation that will very soon see 5G connection everywhere, the PC internet environment has much room for improvement. South Korea is one of the most mobile-friendly countries in the world – ironically paired with PCs that are stuck in the dot-com era.
Its beginnings draw back to the 90’s, when Microsoft had won the OS war that raged on throughout the decade with Windows 98. Computers were advancing in function and capability, and Korea’s internet grew rapidly to get a head start on the dot-com boom. From the early 2000’s, Korea was among the best for hosting a favorable internet environment.
While the internet browsers available at the time didn’t offer as interesting features as they currently do, a lot of older features were developed using browser plugins. Each plugin was used for a different function: either for web storage services, video streaming, and online banking.
Such rapid and unorganized development of internet services had prompted worries as there was no standardized security software, and people had began falling prey to internet scams and hackers. In response to the rise in internet theft, the Korean government had rushed to come up with a solution: SEED, a 128-bit block cipher to protect communications.
The solution was made in haste to accommodate the vacuum of regulation for cyber security. The resulting litigation passed had called to create SEED in 1999, which is encryption software based on 128-bit framework that required ActiveX – the “groundbreaking” program by Microsoft that is compatible with 128-bit encrypted software. This “new” and “innovative” security software had succumbed finance, banking, and e-commerce to Internet Explorer, forcing Korea into an overnight monopoly for Microsoft.
“It was first expected that ActiveX would remain the global standard for years to come, but saw a quick demise due to underlying security issues.
At this time, other local browsers and internet platforms had a decent market share but lost it to Internet Explorer once this law had passed. ActiveX became the most famous browser security plugin and most of the services thereon were developed with it. It was first expected that ActiveX would remain the global standard for years to come, but saw a quick demise due to underlying security issues.
The Rolling Effects of an Outdated System
The most noteworthy outcomes of the transition to ActiveX security software are not only the slowdown in user experience, but also the lack of effectiveness in guaranteeing secure transactions. People had become so accustomed to installing security programs that they may unknowingly allow malware to access their system while attempting to make a transaction online.
As people have become accustomed to downloading third party software to complete all transactions in South Korea, many companies need to effectively remind all employees to take heed of .exe files they download or share among company computers. As malicious software may appear as security programs, downloading such may lead to major security breaches for their company. Not only are companies dragged by the ActiveX-dependent software, individuals looking to shop online also suffer – particularly Mac users, as they cannot even install Internet Explorer to begin the purchasing process.
Cross-border shopping is one of the most costly victims in the outdated ActiveX system as foreigners have difficulty purchasing products on Korean e-commerce sites due to the tight layers of security and regulation. This is a lost opportunity for businesses in the local Korean ecosystem, as many Chinese consumers are interested in purchasing Korean products but have no access to the payment gateway (as it requires security information only provided by local banks.)
The Digital Signature Act – Another Layer of Security
But ActiveX is not the only hurdle for e-commerce in South Korea as the government tries to keep ActiveX software relevant and safe from cyber attacks – leading to layer upon layer of additional security features needed in finishing an internet transaction.
Every time you expect to pay or make any bank transaction online, you need to do so with your own digital certificate. As of 1999, the Financial Supervisory Service (FSS) created the Digital Signature Act, requiring users to have a digital signature in the format of a unique file whenever the make a transaction online. The digital signature could be executed through a plug-in ( ActiveX enabled software), which induced a cozy relationship between ActiveX and the digital signature system.
This digital certificate is provided online by one of the five ‘Accredited Certification Service Authorities’. Banks offer an interface to users in order to get the certificates they receive from these authorities issued and registered. This digital certificate uses several layers of authentication procedures, and the whole authentication process needs to be protected by security programs approved by the government, following the Electronic Financial Transactions Act and the Digital Signature Act.
The lists of steps include using a unique bank security card, your identification card, personal information, security key, and digital certificate. The digital certificate is its own unique identity file, and you need it access it directly when you make a transaction. Meaning whether you have it on your computer, USB, or phone – you must have it connected by an external drive or downloaded to the device you are making a transaction with (as well as remembering its password).
It’s time to move on from the 90s!
The former South Korean president has attempted to abolish this absurd litigation that has made online shopping a nightmare for the populace – to the extent of it being easier to go out and purchase what they need from brick-and-mortar shops. But even though the law had removed the requirement for ActiveX in 2015, institutions have yet to make the switch to simpler platforms for online banking.
“But even though the law had removed the requirement for ActiveX in 2015, institutions have yet to make the switch to simpler platforms for online banking.
This is partially due to widespread use of the ActiveX platform, and a complete transition will require all companies to abandon ActiveX. This will cause companies to lose the millions of dollars that they have invested into developing and maintaining this platform, as well as lose the safety net of using a government-endorsed technology to avoid liability of loss. The newly elected president has promised to remove ActiveX by next year, so people’s hopes are up that he will keep his word.
In 2015, the Korean government announced that they will remove this framework, targeting the top 100 internet platforms. However, through witnessing the merger of Hana Bank and KEB, both among Korea’s largest banks, it is clear that we are still far from seeing any progress towards an ActiveX-free Korea. The result of this merger was marginal at most – introducing an even more confusing platform that is less user friendly, and unsurprisingly using the same security software from 1996.
The explanation for this mishap is a lack of vision in their expansive IT department, stuck in the middle ages of software development and waiting for the enlightenment due to a completely bureaucratic process that does not consider technological efficiency a necessity. This leads to an interesting environment in Korea – where a tech-savvy society needs to adapt to the conservative and less tech literate online environment – brought to a standstill by conservative bureaucracy.
ActiveX has remained as one of the underlying factors explaining why Korea has one of the lowest conversion rates in the world, from experience we can easily experience rates to be as low as 0.4 to 0.8%, in comparison to an average of about 1.5% in Europe in the fashion industry.
There are a lot of hopes and expectations that President Moon will lay ActiveX and Digital Signatures to rest, proclaiming that he will rid all public sites of the programs by the end of his first year.