Korea to replace troublesome ‘resident numbers’ with i-PINs

Koreans will be allowed to use their i-PIN online identification numbers for offline authentication as well, instead of their resident numbers, the government said Wednesday.

The new service, temporarily dubbed “my-PIN,” is aimed at minimizing use of the resident registration numbers and ultimately reducing data theft, according to the Ministry of Security and Public Administration.

Starting Aug. 7, all companies and nearly all public institutions will be prohibited from collecting resident numbers. The number, roughly equivalent of the social security number in the United States, is issued to each citizen.

The ID number has been widely used by Koreans, from creating bank accounts to simply playing online games. Domestic and international hackers targeted the crucial but often loosely handled numbers, which effectively led to massive data leaks in the past few years.

The strings of data leaks pressured the government to come up with measures to protect personal data.

My-PIN service will have a test run in July and officially kick off in August to coincide with the implementation of the new law.

“The first stage (of the service) involves expanding the use of i-PINs online and offline. The second stage is to change the current systems to one based on i-PINs until the end of next year,” said an official from the Home Affairs Ministry.

He said the my-PIN service will not completely substitute resident registration numbers, but encourage people to use the conventional ID number as little as possible.

The number of i-PINs issued has gradually increased, from 4.5 million in 2011 to 12.6 million in 2013, according to the Korea Communications Commission. It is issued by government-approved institutions.

But i-PINs are not impenetrable, as hackers can easily issue another person’s i-PIN simply by submitting basic information such as resident registration number and phone number.

In March, a man was arrested for using someone else’s resident number to acquire a new i-PIN, and using it to make an illegal profit. It was revealed in February that some 10,000 i-PINs had been leaked via Chinese website.

Being the offline version of i-PIN, my-PIN is likely to be susceptible to the same weaknesses.

Experts said the government must consider all possible scenarios before a total system overhaul. They also said my-PINs should be user-friendly as well, since the data protection system works best when users frequently reissue the ID numbers.

By Yoon Min-sik (minsikyoon@heraldcorp.com)