Voice phishing becomes a social problem. That is a fraud crime. It causes a number of civil litigations between the financial institutions and the victims. Up to this Supreme Court decision, there were a series of lower court decisions, but no compelling Supreme court decision was made as to the standard of the gross negligence of the user. This is the first Supreme Court ruling over an issue regarding the liability of a ffinancial institutions for any loss suffered by the user of electronic financial transaction due to electronic financial fraud methods like voice phishing with a great significance.
The Supreme Court presented judgment criteria that the intention or gross negligence of the user, a condition for liability exemption of financial institutions under the Electronic Financial Transaction Act(“Act”), shall be “judged by consideration on details of the financial accident like forgery of the means of access, the substance of the method like forgery and perception of the general public on the method, occupation and experience of the user of the financial transaction, and the totality of circumstances.”
Criticisms are made as to this decision in that: (1) the decision, which equated exposure of financial transaction information with that of the access means, went beyond the scope of textual interpretation of the Act; (2) it hardly conducted assessment on the fraudulent act by a third party; and furthermore, (3) it gave the security level of the financial institution no consideration. However, as to (1) and (2), the standard rendered by the Korean Supreme Court is within the scope of textual interpretation of the Act considering the whole text of the Act and its presidential decree. Elements of fraud by a third party already considered as a part of the element of occupation and experience of the user of the financial transaction and the totality of circumstances. As to (3), it is understood as part of Art. 9-2-2 of the Act, not a part of Art. 9-2-1. Possible technological measures in order to prevent damage caused by voice phishing has to be considered. Improving information and communication technology together with the security system, expanding voice and text messaging services for remittances, blocking remittances with biometrics and strengthening security measures for mobile and internet banking could be the technologies to that effect. In this sense, some legislative measures has to be considered in the revision of the conditions for liability exemption of financial institutions of the Act.