[DigitalToday reporter Jin-ho Lee] "You can refuse it based on personal belief. We will give you a choice."

That is the explanation offered by the Ministry of Science and ICT as it introduces face authentication in the mobile phone activation process. The government stresses that face authentication is the strongest identity verification tool to reduce the possibility of activating illicit phones, while allowing users who do not want it to choose another authentication method from the outset.

It presented face authentication as a way to lower concerns about privacy violations, but criticism is emerging that the policy goal of blocking illicit phones could be weakened as it effectively becomes optional.

The ministry held a briefing at the Government Complex Seoul on Monday and announced a "comprehensive measures package to prevent fraudulent mobile phone use". It is a follow-up to a government-wide plan drawn up last August to eradicate voice phishing. The ministry said it focused on deriving tailored measures by type of fraudulent use and strengthening ex-post enforcement and sanctions.

FACE AUTHENTICATION NOT REQUIRED TO ACTIVATE A PHONE

The core is to apply face authentication from July 6 to new mobile phone activations and number portability at in-person and non-face-to-face channels of the three major mobile carriers and budget mobile operators, and to supplement it after October.

Device changes within the same carrier are excluded from initial application, considering that users have already undergone identity verification once. Users who choose face authentication must try at least once and up to three times. If it fails, they can activate after verifying identity with a mobile ID from the Ministry of the Interior and Safety or a resident registration transcript issued the same day.

Users can also skip face authentication and immediately choose an alternative method. If users do not want to provide biometric information, they can activate a phone using alternative methods both online and offline. Jun-mo Kim (김준모), director of the Telecommunications User System Division at the ministry, said implementation has been completed so that users can activate with a mobile ID without face authentication across both in-person and non-face-to-face channels of the three carriers and budget operators.

The ministry said allowing alternative methods reflects recommendations from the Personal Information Protection Commission and the National Human Rights Commission of Korea. The human rights body previously recommended ensuring a clear legal basis and a substantive right to choose, citing that biometric information is hard to change if leaked. The privacy watchdog also recommended improvements in May related to making face authentication mandatory.

Still, the ministry plans to establish face authentication as a key identity verification method. It will check for practices in which retailers, regardless of user intent, formally mark face authentication as failed or steer users toward alternatives. It plans to analyze error codes and logs generated during authentication to distinguish normal failure from intentional avoidance. Distribution networks with excessively high failure rates versus the average, or where fraudulent activations are suspected, will be subject to inspection and enforcement. It will provide incentives such as certification and rewards to high-performing agencies, and strengthen management and supervision of poorly performing agencies.

The ministry also stressed the security of face authentication. It said it does not store original facial information during authentication, destroys it immediately after matching, and encrypts transmission. It also said pre-security inspections found no vulnerabilities related to facial information leakage.

Choi Woo-hyuk (최우혁), director general for Information Protection and Network Policy at the ministry, said face authentication is a strong identity verification system to prevent fraudulent use, but it cannot be forced, so alternative methods must continue alongside it. He said preventing fraudulent mobile phone use is the most important goal and that it considered on-site acceptance, including public convenience, agencies and non-face-to-face channels.

OPTIONAL, BUT WORRIES OVER EFFECTIVENESS

Some question the approach. If face authentication is the strongest tool to block illicit phones, a structure that lets users bypass it could reduce the policy’s effectiveness. Conversely, if mobile IDs offer a level of security similar to face authentication, critics ask why face authentication needs to be pushed to the forefront despite resistance and controversy. An industry official said it was hard to understand why the policy was introduced despite the controversy and said various options should have been reviewed from the start to reduce public concern.

The government said at the briefing it would implement face authentication in stages, but the term appears closer to meaning that laws and systems will be supplemented after implementation, rather than that the scope of application will be expanded sequentially.

The authentication will be applied equally from July 6 to in-person and non-face-to-face channels of the three carriers and budget operators, with no separate end date. Face authentication will not become mandatory after October, nor will alternative methods disappear. Choi said there is a concept of phased implementation, but there is no concept of full implementation.

The government will review additional alternative methods in August by referring to non-face-to-face real-name verification methods used by the financial sector. In September, it will link verification of authenticity of resident registration transcripts and history management to identity verification procedures. It plans to complete in October a revision to the Enforcement Decree of the Telecommunications Business Act to clarify the legal basis for face authentication. From November, a subscription restriction service that users previously had to apply for separately will be provided by default when signing a mobile phone contract. Users can cancel the service at any time if they wish.

But the ministry did not present target figures or estimates for how much illicit phones and voice phishing damage would fall with the policy. It said police are the entity that detects illicit phones and it is difficult to predict related statistics in advance. It conducted a six-month pilot, but it is effectively moving to full rollout without figures to confirm results and goals.

It also did not fully disclose pilot results. The ministry checked the face authentication system from December last year to June this year, centered on 308 leading agencies. But it did not disclose the share of users who used face authentication or authentication success rates by in-person and non-face-to-face channels. Seok Nam (남석), the ministry’s telecommunications policy director general, said the pilot was a kind of voluntary procedure, making it difficult to state accurate ratios.

BLIND SPOTS REMAIN, INCLUDING FOREIGNERS AND 'NAEGUJE PHONES'

Another limitation cited is that measures against fraudulent activations using foreigners’ names will be applied late. The ministry aims to introduce a system in the second half of this year to verify the authenticity of photos on alien registration cards. Choi said the digitisation of alien registration cards will likely be done around the second half of this year, and passports are confirmed to be next year. He said it will 추진 as soon as preparations are ready in cooperation with the Justice Ministry. Until then, it will respond by limiting foreigners to 1 line per person and requiring explanations when activating additional lines.

So-called 'naeguje phones', in which people personally activate phones and hand them over after being lured by loans or high-paying part-time job offers, are difficult to identify through face authentication or mobile IDs. That is because the real name holder passes the authentication procedure normally. The ministry will push for carriers’ duty to notify users of illegality and possible punishment and to restrict installment-plan activations for high-priced handsets. For corporate phones, it will introduce a real-user registration system and a multi-line cap system with a principle of 4 lines within 180 days.

It also plans a 'one-strike out' policy that imposes business suspension on carriers where numerous fraudulent activations occur, without going through corrective orders. Agencies found to have intent or gross negligence will have contracts terminated, and retailers will be able to have prior approval withdrawn.

The telecommunications industry, for now, says it will faithfully implement government policy. The Korea Telecommunications Operators Association (KTOA), the Korea MVNO Association (KMVNO) and the Korea Mobile Distribution Association (KMDA) issued a joint statement and said they plan to make active efforts in continuous publicity and education and in supplementing related systems so that the government’s phased introduction of multi-factor authentication can be carried out smoothly in the field.