South Korea is stuck with Internet Explorer for online shopping because of security law

South Korea is stuck with Internet Explorer for online shopping because of security law

By Chico Harlan, Published: November 5

SEOUL — South Korea is renowned for its digital innovation, with coast-to-coast broadband and a 4G LTE network that reaches into Seoul’s subway system. But this tech-savvy country is stuck in a time warp in one way: its slavish dependence on Internet Explorer. For South Koreans who use other browsers such as Chrome or Safari, online shopping often begins with a pop-up notice warning that they might not be able to buy what they came for.“Purchases can only be made through Internet Explorer,” says one such message on the Web site of Asiana Airlines, one of South Korea’s two major carriers.

In much of the world, Internet Explorer, initially developed by Microsoft in the 1990s, has faced fierce competition from browsers developed by Google and Apple. IE is bashed by tech snobs as a BlackBerry-like bygone.

Internet Explorer’s fall has been profound enough that its own video ads have poked fun at its image as “ancient” — but it argues on its Web site browseryou­lovedtohate that the latest versions, IE 9 and IE 10, are vastly improved and give the company a shot at “browser redemption.”

But South Koreans remain captive to laws passed 14 years ago, which — in the name of Internet security — require citizens to bank and make nearly all purchases with Internet Explorer. Three-quarters of the country’s Web usage involves Internet Explorer, according to a measurement by the Web analytics firm StatCounter — among the highest in the world. Internet Explorer is nearly as much a part of a South Korean computer as the screen itself.

“Internet Explorer has bugs. It freezes. It requires all these annoying updates,” said Lee Dong-won, a 35-year-old businessman.

“But everybody I know uses it,” said Seo Yeon-ho, a 25-year-old design student.

Only the daring stray from Internet Explorer — and when they do, they need to come up with some other way to shop and pay bills online. Those with computers that run Windows have no problem: Even if they otherwise browse through Chrome or Firefox, they can double-click on IE when it’s time to make purchases.

But those with Apple computers — for which IE isn’t available — have it harder. Some go to Internet cafes. Some rely on their office desktops. Some dash into hotel business centers. Some hold on to their old computers and boot them up when it’s time to make purchases. Still others depend on a secret weapon called Boot Camp, a software program that allows a Mac to run Windows.

“Just look at this,” one salesman said at an Apple reseller in downtown Seoul, demonstrating on a laptop that he pulled out from behind the help desk.

All it takes to buy a plane ticket on an Apple computer in South Korea, he said, is the $70 special software and a $250 copy of Windows 7.

“No problem,” he said, smiling.

Security concerns

The story of how South Korea became dependent on Internet Explorer begins in the late 1990s.

South Korea’s government was among the first to encourage shopping and banking online, but many people were concerned about Internet safety. The government’s goal was to make Internet shopping nearly as secure as a trip to a small-town market, one where vendors know all their customers by name and face.

To reassure South Korean customers, the government created its own system to authenticate the identities of online buyers. To make purchases, shoppers had to supply their names and social security numbers and apply for government-­issued “digital certificates,” which they could present to sellers as proof of ID. The whole process took just a few clicks.

But the back-and-forth was technologically complicated, and it came with a catch: It required a piece of additional software, or “plugin,” known as ActiveX — which is also made by Microsoft and worked in tandem only with Internet Explorer.

That system, implemented in 1999, remains largely in place today.

The certificates are not necessary on international sites such as eBay and Amazon, in which credit card information is passed from buyer to seller — and verified by a third, private party — with technology built into Web browsers. And under the law, the government-issued certificates are necessary only for transactions above 300,000 won — about $280. But cheaper purchases inside the country are subject to a separate but similarly restrictive certificate system created by Internet sellers and credit card companies.

South Korean Internet security officials insist that the certificates are necessary to maintain trust on the Web, though they recently approved two approaches — rarely used — for smaller purchases that don’t require ActiveX.

Neither Samsung nor Apple, the warring tech giants, has been involved in drafting the security standards, but the regulations tend to favor South Korea’s most iconic company, whose computers use Windows.

On tablets and smartphones, South Koreans don’t need any particular browser for purchases — but they do need to download special security apps that meet government standards.

Users vs. retailers

Many Koreans say they are happy, in theory, to trade a little inconvenience for the sake of security. But critics here argue that the dependence on Internet Explorer has actually made the nation more vulnerable to malware. They point to a string of massive data thefts and cyberattacks in recent years.

In current versions of Internet Explorer, Web surfers must approve the use of ActiveX by clicking “Yes” to a question asking whether to proceed. This gives users the chance to avoid accessing or passing along untrusted material. But South Koreans are so accustomed to saying “yes” that they sometimes mistakenly download malicious software.

“The fiction is that our [e-commerce] system is safer,” said Park Kyung-sin, director of Open Net, a nonprofit organization in Seoul. “But in the end it makes it easier for hackers. This culture of saying ‘yes’ to unknown software has really downgraded people’s vigilance.”

In South Korea’s National Assembly, a small group of lawmakers is pushing a bill to loosen the security laws. “We’ve fallen behind the times, and we’re clinging to an old tech trend,” said Lee Jong-kul, an opposition party member who drafted the legislation.

Few South Korean computer users are campaigning to keep the current system. The greater obstacle comes from the government itself, and from the major banks and credit card companies that have followed its path.

When Aladin, Korea’s fourth-largest online bookseller, tried this year to institute a system similar to PayPal’s, a slew of domestic credit card companies rejected the payments. Chung Tae-young, the chief executive of Hyundai Card, wrote on Twitter that Aladin’s system “wasn’t safe.”

Aladin relented and resorted to its traditional “inconvenient” sales method, company spokesman Kim Seong-dong said.

“I think the payment process in Korea must create a lot of jobs,” Kim said. “Because all the Internet shopping retailers need customer service reps to deal with the disgruntled customers.”