Comment Re:This has been an issue for quite awhile. (Score 1) 420
The Korean on-line banking was starting to be implemented something like 12 years ago. Back then when Netscape was the dominant web browser, IE was something like 5.x, and there was no serious open-source alternative. Pretty much all the users were using either IE or netscape, so they couldn't force them to use some kind of in-house browser, nor afford to develop a new browser.
There once was a period that Netscape was supported, but no banks support it anymore because Netscape's market share turned to something close to zero.
I agree that the situation is pretty crazy because nowdays banks install mandatory 'keyboard protection' and 'anti-virus' plugins sort of stuff, which installs malware-like keyboard sniffing, system-crippling device drivers. Many people gets disgusted by this situation, but I sort of understand that the banks had no choice.
If somebody loses money even due to some client-side rootkit (such as keylogging), they still have the risk to be liable, and the court usually rules in favor of the victims.
The Korean on-line banking system is actually much more than merely SSL - every user has their own RSA certificate, their own passphrases, which expires every year. Signatures of the transactions are made on the client-side. Thus, simply having the password isn't enough to make a transactions - you need the certificate, the passphrase of the certificate, the password of the bank account, and finally, the password for logging in to the bank's website.