On July 9, 2026, at Toss's Sinnonhyeon office in Seoul, the Ministry of the Interior and Safety (MOIS) signed a memorandum of understanding with Naver Pay, Kakao Pay, and Viva Republica (Toss), alongside the Financial Supervisory Service and the Korea Financial Telecommunications and Clearings Institute (KFTC). The agreement lets the three payment apps run real-time, photo-based authenticity checks on resident registration cards through MOIS's existing verification system, routed over the KFTC's financial network. A pilot with the three firms runs through the rest of 2026; full expansion to other qualified electronic financial service providers is planned for 2027.
A Narrow Fix for a Specific Gap
The gap being closed is precise. Until now, electronic financial operators could only validate a name, resident registration number, and issuance date against government records — not the photograph. That left a hole: someone presenting a forged or altered ID with correct-looking metadata could open a payment or transfer account undetected, because the one field that would catch a fake — the photo — was never checked. MOIS is also drafting a new notification, the 'Notification on the Use of the Resident Registration Card Authenticity Verification System,' to formally bring 'electronic financial businesses' within the definition of covered financial institutions under Korea's Resident Registration Act, giving the arrangement a clearer statutory footing rather than leaving it as an informal data-sharing deal.
The Fraud Problem Is Real — and Getting Worse
Before weighing the tradeoffs, the case for this system deserves to be stated plainly. Voice phishing in Korea is not a marginal nuisance; it is a large and adaptive criminal industry that has specifically migrated toward simple payment and remittance apps because they were the weakest link in identity verification. Police recorded roughly 20,000 illegally activated 'burner phones' the year before Korea tightened SIM-activation ID rules, tied to voice-phishing losses of about 1.3 trillion won (~$848 million), according to the Korea Herald. A joint task force launched by the National Police Agency in September 2025 has since driven voice-phishing cases down 31.6% and financial damage down 26.4% (from 525.8 billion won to 387 billion won) over a six-month stretch through February 2026, per Seoul Economic Daily reporting on the task force's own figures. Fintech apps that can't tell a real ID from a convincing fake are a structural weak point in that fight, and regulators extending a working verification tool to close it is a defensible, proportionate response to a documented and worsening harm.
Reusing Infrastructure Beats Building New Ones
What makes this a comparatively well-designed intervention, rather than a worrying one, is the mechanism MOIS chose. It is not creating a new biometric database, a new ID document, or a new commercial vendor pipeline for fintechs to build and store their own scanned-ID archives. It is extending access to a decades-old government authenticity check — the same ARS/Gov.24 system ordinary citizens already use to verify a card's validity — through an existing, regulated financial data network already used by banks. This is the digital-public-infrastructure model at its best: government builds and holds a single, auditable verification rail, and private actors query it for a yes/no signal rather than each building parallel — and less secure — ID-verification stacks of their own. That distinction matters. EFF's recent reporting on the UK's Online Safety Act age-verification regime has flagged a real cost of the alternative model: dozens of private companies scanning, storing, and in some cases mishandling government ID photos and biometric data with uneven oversight. A centralized, government-run authenticity check — provided it returns only a match/no-match result rather than transmitting raw ID images to fintechs for their own retention — sidesteps exactly that proliferation risk.
The Details That Will Determine Whether This Stays Narrow
The caveat is that none of the public reporting on the July 9 MOU specifies what, precisely, flows back to Naver Pay, Kakao Pay, and Toss over the KFTC network: a binary authenticity flag, or the underlying photo and personal data for local matching. That distinction is the whole ballgame for privacy risk, and it is exactly what the forthcoming notification should nail down in public, enforceable terms — data minimization, retention limits, audit logging, and a real independent check before the 2027 expansion opens this pipe to a wider and less scrutinized set of e-finance providers. This system is arriving alongside two other pieces of Korea's 2026 digital-identity push — mandatory face-biometric or mobile-ID checks for new phone activations since July 7, and the nationwide mobile resident registration card MOIS rolled out in March 2025 — and each expansion of who can query the national ID system should get the same scrutiny on data flows, not just on stated purpose.
The Verdict
Minister Yoon Ho-joong called the deal 'an important turning point that protects the public from financial crimes such as phone scams and money laundering,' per Kyunghyang Shinmun's reporting. On the narrow question of whether fintechs should be able to catch a forged ID before opening an account, that's a reasonable claim backed by real fraud numbers. The harder test is whether MOIS keeps the 2027 expansion as tightly scoped and as minimally invasive as the pilot, and publishes the operational details — not just the press-release purpose — that would let outside observers confirm it has.