• Journal of Intelligence and Information Systems
• /
• v.9 no.2
• /
• pp.135-154
• /
• 2003

Credit scoring system (CSS) starts from an analysis of delinquency trend of each individual or industry. This paper conducts a research on credit card delinquency of bank customers as a preliminary step for building effective credit scoring system to prevent excess loan or bad credit status. To serve this purpose, we use association rules as a rule generating data mining technique. Specifically, we generate sets of rules of customers who are in bad credit status because of delinquency by association rule mining. We expect that the sets of rules generated by association rule mining could act as an estimator of good or bad credit status classifier and basic component of early warning system.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.2
• /
• pp.587-608
• /
• 2022

The European Union recently established the General Data Protection Regulation (GDPR) for secure data use and personal information protection. Inspired by this, South Korea revised their Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, and the Credit Information Use and Protection Act, collectively known as the "Three Data Bills," which prescribe safe personal information use based on pseudonymous data processing. Based on these bills, the personal data store (PDS) has received attention because it utilizes the MyData service, which actively manages and controls personal information based on the approval of individuals, and it practically ensures their rights to informational self-determination. Various types of PDS models have been developed by several countries (e.g., the US, Europe, and Japan) and global platform firms. The South Korean government has now initiated MyData service projects for personal information use in the financial field, focusing on personal credit information management. There is also a need to verify the efficacy of this service in diverse fields (e.g., medical). However, despite the increased attention, existing MyData models and frameworks do not satisfy security requirements of ensured traceability, transparency, and distributed authentication for personal information use. This study analyzes primary PDS models and compares them to an internationally standardized framework for personal information security with guidelines on MyData so that a proper PDS model can be proposed for South Korea.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.4
• /
• pp.881-888
• /
• 2015

Financial Authorities have added security controls to the Electronic Financial Transaction Act and the Supervisory Regulation according to the recent frequent personal credit information leakages. Accordingly, the security level has been upgraded. But it is necessary to study more security controls to add. This paper deduces 19 security controls over the mean value to be added to the financial area receiving 15 security consultant's help.

• International Commerce and Information Review
• /
• v.11 no.2
• /
• pp.233-257
• /
• 2009

The 21st century is witnessing the explosive increase in the usage of internet and international electronic transactions. Due to the unique characteristics of the electronic information, substantial part of such transaction can and do take the form of cross-border transactions. However, there have not been settled appropriate set of rules applicable to the international electronic transactions. Currently, in respect to e-L/C transactions in international trade, there are laws such as Electronic Transaction Basic Act in our country, E-Trade Promotion Act, E-Signature Law, Act on Promotion of Information and Communication Network Utilization and Information Protection and Marine Charter 5 in the Commercial Law. Nevertheless, a complete legislation, that is a uniform rule for e L/C which could support e L/C transactions fully hasn't been established yet. Accordingly, those laws concerned need to improve to regulate e-L/C transactions. The purpose of this paper is to look into the national status for law readjustment to prepare for a new electronic environment and to use appropriately the e-L/C issued by electronic means, and to conduct a comparative analysis on the related regulations to introduce a pertinent laws and propose related regulations to contribute to the making of effective laws to regulate e-L/C.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.22 no.3
• /
• pp.163-169
• /
• 2022

According to the Credit Information Act, in order to protect customer information by relationship of credit information subjects, it is destroyed and stored separately in two stages according to the period after the financial transaction effect is over. However, there is a limitation in that the destruction of personal credit information of customers whose financial transaction effect has expired cannot be collectively destroyed when the transaction has been terminated, depending on the nature of the financial product and transaction. To this end, the IT person in charge is developing a computerized program according to the target and order of destruction by investigating the business relationship by transaction type in advance. In this process, if the identification of the upper relation between tables is unclear, a compliance issue arises in which personal credit information cannot be destroyed or even information that should not be destroyed because it depends on the subjective judgment of the IT person in charge. Therefore, in this paper, we propose a model and algorithm for identifying the referenced table based on SQL executed in the computer program, analyzing the upper relation between tables with the primary key information of the table, and visualizing and objectively selecting the range to be destroyed. presented and implemented.

• Korean Security Journal
• /
• no.61
• /
• pp.285-305
• /
• 2019

In the bill of [Act on Certified Detective and Certified Detective Business] (hereinafter referred to as the Certified Detective Act) proposed and represented by the member of National Assembly, Lee Wan-Yong in 2017, the legislative point of view showed that various incidents and accidents, including new crimes, are frequently increasing as society develops and becomes more complex, however, it is not possible to solve all the incidents and accidents with the investigation force of the state alone due to manpower and budget, and therefore, a certified detective or private investigator are required. According to the decision of the Constitutional Court in June 2018, Article 40 (4) of the Act on the Use and Protection of Credit Information is concerned with 'finding the location and contact information of a specific person or investigating privacy other than commerce relations such as financial transactions' are prohibited. It is for the purpose of preventing illegal acts in the process of investigation such as the location, contact information, and the privacy of a specific person and protecting the privacy and tranquility of personal privacy from misuse and abuse of the personal information etc. Such 'privacy investigation business' currently operates in the form of self-employment business, which becomes a social issue as some companies illegally collect and provide such privacy information by using illegal cameras or vehicle location trackers and also comes to be the objects of clampdown of the investigative agency. Considering this reality, because it is difficult to find a resolution to materialize the legislative purpose of the Act on the use and protection of credit information other than prohibiting 'investigation business including privacy etc' and it is possible to run a similar type of business as a detective business in the scope that the laws of credit research business, security service business, the position of the Constitutional Court is that 'the ban on the investigations of privacy etc' does not infringe the claimant's freedom to choose a job. In addition to this decision, the precedent positions of the Constitutional Court have been that, in principle, the legislative regulation of a particular occupation was a matter of legislative policy determined by the legislator's political, economic and social considerations, unless otherwise there were any special circumstances, and. the Constitutional Court also widely recognized the legislative formation rights of legislators in the qualifications system related to the freedom of a job. In this regard, this study examines the problems and improvement plans of the certified detective system, focusing on the certified detective bill recently under discussion, and tries to establish a legal basis for the certified detective and certified detective business, in order to cultivate and institutionalize the certified detective business, and to suggest methodologies to seek for the development of the businesses and protect the rights of the people.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.6
• /
• pp.1549-1560
• /
• 2015

For the past few years, personal information breach incidents, great and small, occurred constantly. Accordingly, the Personal Information Protection related Ordinances are enacted and amended persistently, and the information security products also keep advancing and developing in the same way. There are the certification systems such as Common Criteria Evaluation and Validation(CC) and Korea Cryptographic Module Validation Program(KCMVP) for the information security products. These are also strictly carried out. This paper analyzes and categorizes the 5 Personal Information Protection related Ordinances in the aspects of technical protection measures by using key words. Here are the 5 related ordinances; 'the Personal Information Protection Act', 'the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc', 'the Act on the Protection, Use, Etc, of Location Information', 'the Use and Protection of Credit Information Act', and 'the Electronic Financial Transactions Act.' Moreover, this study analyzes the association between the technical protection measures in the 5 relevant laws and the information security products that are obtaining the CC Evaluation & Validation(CC) and the products that are now produced at KISIA's member companies.

• Knowledge Management Research
• /
• v.21 no.3
• /
• pp.229-247
• /
• 2020

In the remarkable growth of P2P financial platform in the field of knowledge management, only companies with big data and machine learning technologies are surviving in fierce competition. The ability to analyze borrowers' credit is most important, and platform companies are also recognizing this capability as the most important business asset, so they are building a credit evaluation system based on artificial intelligence. Nonetheless, online P2P platform providers that offer related services only act as intermediaries to apply for investors and borrowers, and all the risks associated with the investments are attributable to investors. For investors, the only way to verify the safety of investment products depends on the reputation of P2P companies from newspaper and online website. Time series information such as delinquency rate is not enough to evaluate the early stage of Korean P2P makers' credit analysis capability. This study examines the credit analysis procedure of P2P loan platform using artificial intelligence through the case analysis method for well known the top three companies that are focusing on the credit lending market and the kinds of information data to use. Through this, we will improve the understanding of credit analysis techniques through artificial intelligence, and try to examine limitations of credit analysis methods through artificial intelligence.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.47-49
• /
• 2021

According to the revision of the Data 3 Act in 2020, personal information of medical data can be processed anonymously for statistical purposes, research, and public interest record keeping. However, unidentified data can be re-identified using genetic information, credit information, etc., and personal health information can be abused as sensitive information. In this paper, we derive the need for homomorphic encryption to protect the privacy of personal information separated by sensitive information.

• Convergence Security Journal
• /
• v.20 no.2
• /
• pp.59-68
• /
• 2020

In January 2020, the National Assembly passed the revisions of three bills which ease regulations on the use of personal information. The revised laws include the launch of an independent supervisory body, the arrangement of redundant regulations, and regulations for the development of the data economy. This paper analyzes the content and meaning of each law of the Three Revised Bills that Ease Regulations on the Use of Personal Information. And the future challenges outline three aspects: the establishment of a system to ensure the right to informational self-determination of privacy concerns, the establishment of a certification system and the presentation of reasonable guidelines, and the expectation of professional performance by the Personal Information Protection Commission.