Means of access

The means of access (접근매체/接近媒體) means any means or information falling under any of the following items which is used to issue a transaction request in electronic financial transactions or to secure the authenticity and accuracy of users and the details of such transaction under Article 2x of the Electronic Financial Transactions Act (전자금융거래법/電子金融去來法):
 * An electronic card or other electronic information equivalent thereto;
 * Electronic signature creating key referred to in subparagraph 4 of Article 2 of the Electronic Signature Act (전자서명법/電子署名法) and a certificate provided for in subparagraph 7 of the said Article;
 * A user number registered with a financial institution or an electronic financial business operator;
 * Biological information (biometrics) of users; and
 * Any password required to use any means or information referred to in the above-mentioned first and second item.

Key words
electronic financial transactions, means of access, electronic signature, biometrics, voice phishing

Statutory ground
The Act has several provisions on this matter. Because the following provisions in English has not been updated, you are requested to refer to the currently effective Korean text in the relevant end note.

Article 6 (Selection, Use and Management of Means of Access) of the Act
 * (1) Any financial institution or electronic financial business operator shall select, use and manage the means of access necessary for electronic financial transactions and confirm the identity and authority of a user, the details of a transaction request, etc.
 * (2) Where a financial institution or an electronic financial business operator issues the means of access, it or he/she shall issue it only if an application is made by the user after verifying the identity of such user: Provided, That in any case falling under any of the following subparagraphs, it may be also issued without the user's application nor the verification of the user's identity:
 * 1. In case of electronic prepayment means or the electronic currency referred to in the proviso to Article 16 (1); and
 * 2. In cases where user consent is obtained for the renewal or replacement, etc. of the means of access, as prescribed by Presidential Decree.
 * (3) No one shall commit any offence falling under any of the following subparagraphs unless specifically provided for in other Acts with respect to the use and management of means of access: Provided, That the same shall not apply to cases where electronic prepayment means under Article 18 or electronic currencies shall be transferred or offered as security: 
 * 1. To acquire or transfer means of access;
 * 2. To borrow or lend means of access with compensation;
 * 3. To provide for the means of access subject to a right of pledge;
 * 4. To assist such acts prescribed in subparagraphs 1 through 3.

Article 9 (Liability of Financial Institution or Electronic Financial Business Operator)
 * (1) When a user suffers any loss as a result of an accident arising out of forgery or alteration of the means of access or in the course of electronically transmitting or processing the conclusion of a contract or a transaction request, the financial institution or electronic financial business operator concerned shall be liable for indemnifying him/her for the loss.
 * (2) Notwithstanding the provisions of paragraph (1), any financial institution or electronic financial business operator may have the user bear the liability for any damage in whole or in part in any case falling under any of the following subparagraphs:
 * 1. Where, with respect to any accident caused by the intention or gross negligence of the user, a prior agreement is made with the user to the effect that all or part of the loss may be borne by the user; and
 * 2. Where the user, who is a juristic person (excluding the small enterprises referred to in Article 2 (2) of the Framework Act on Small and Medium Enterprises), suffers any loss though the financial institution or electronic financial business operator fulfills the duty of due care reasonably requested to prevent accidents from occurring, such as the establishment and full observance of security procedures, etc.
 * (3) The intention or gross negligence of the user referred to in paragraph (2) 1 shall be limited to that stated in a standardized contract for electronic financial transactions (hereinafter referred to as the "standardized contract") within the limits set forth by Presidential Decree.
 * (4) Any financial institution or electronic financial business operator shall take measures necessary to discharge the liability provided for in paragraph (1), such as the buying of insurance, the joining of a mutual aid society or the accumulation of reserves, pursuant to the standards determined by the Financial Services Commission. 

Article 10 (Liability for Loss or Theft of Means of Access)
 * (1) Any financial institution or electronic financial business operator shall, upon receipt of a user's notification of the loss or theft of the means of access, compensate the user for any loss he/she might incur due to the use of such means of access by a third party from the time when such notification is received: Provided, That the same shall not apply to any damage caused by the loss or theft, etc. of electronic prepayment means or electronic currency, which falls under any case prescribed by Presidential Decree.
 * (2) Notwithstanding the provisions of paragraph (1) of this Article and Article 9, if there are the provisions of other Acts and subordinate statutes applicable favorably to the user, the specific provisions of such law shall prevail.

Supreme Court case
Supreme Court has made it clear that the transfer of means of access, which is punishable under the previous Electronic Financial Transactions Act, do not include a mere lending, or temporary permission of use, of means of access.

The Supreme Court held:
 * Article 2 x of the previous Electronic Financial Transactions Act (prior to the amendment 2008. 12. 31. by Act No. 9325. The same applies hereinafter) provided the types of means of access to financial accounts including electronic cards and like electronic data, user numbers registered with the financial institution or electronic financial business operator, etc.
 * Article 6 (3) prohibited the transfer or taking of means of access in principle,
 * Article 49 (5) i stated "Any transfer or taking of means of access in violation of Article 6 (3) shall be subject to imprisonment with labor not exceeding one year or penalty of not exceeding 10 million won".
 * The interpretation of the Criminal Act should be strict, and to extend the meaning of the statutory words in a way disadvantageous to the accused or interpret in analogy is contrary to the principle of "nulla poena sine lege" (Latin, No punishment without a previous penal law 죄형법정주의).
 * The Civil Act differentiates transfer from lending.
 * The amendment as of 2008. 12. 31. by Act No. 9325 to the Act to combat so-called fake bankbooks (대포통장) has prevented and punished any lending and borrowing of means of access for compensation. (Articles 6 (3) ii and 49 (4) ii)
 * Therefore, the transfer of means of access under the previous Electronic Financial Transactions Act is not interpreted to include a mere lending, or temporary permission of use, of means of access.

Conclusion
The transfer of means of access under the Electronic Financial Transactions Act does not include a mere lending, or temporary permission of use, of means of access. However, if there were a special condition to suspect that it might be used for voice phishing or other crimes, to create a bankbook and transfer it to other person could be in violation of the Electronic Financial Transactions Act.

Latest Amendment to the Act
According to the latest amendment to the Act, effective on November 23, 2013, any financial institution or electronic financial business operator is legally responsible for hacking incidents, regardless of intent or negligence, to ensure the safe transactions. Article 9 (1).

Article 9 (Liability of Financial Institution or Electronic Financial Business Operator) of the Act
 * (1) When a user suffers any loss as a result of an accident arising out of any one of the following subparagraphs, the financial institution or electronic financial business operator concerned shall be liable for indemnifying him/her for the loss. 
 * 1. Any accident arising out of forgery or alteration of the means of access;
 * 2. Any accident in the course of electronically transmitting or processing the conclusion of a contract or a transaction request; or
 * 3. Any incident relating to electronic apparatus for electronic financial transactions, or means of access obtained by the fake or other wrongful manner by infiltrating the information and communications network subject to Article 2 (1) i of the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc. (ICN Act, 정보통신망 이용촉진 및 정보보호 등에 관한 법률).