On May 27, 2026, South Korea's Ministry of the Interior and Safety (MOIS) announced eight "citizen-tangible" projects, and the one with the broadest reach concerns where millions of Koreans already shop: the country's secondhand-trading apps. Under a phased plan, users of Karrot, Joonggonara and Bunjang will be able to verify their identity with the national mobile resident registration card or mobile driver's license and earn a "verification mark" on their profile (Seoul Economic Daily). It is the first time Korea's just-completed national digital ID has been pointed squarely at private peer-to-peer commerce.
A real problem, not a manufactured one
The case for acting is strong, and it deserves to be stated plainly. Direct-transaction fraud in Korea has gone from a nuisance to a structural drain. National Police Agency figures cited by MOIS show reported cases rising from roughly 80,000 in 2021 to about 120,000 in 2025, while damages tripled from 257.4 billion won to 874.1 billion won over the same period. Damage-relief applications to the Korea Consumer Agency hit 175 last year, roughly ten times the 2022 level (Seoul Economic Daily).
The mechanics matter too. Most platforms today verify users only through a mobile-phone check, which a ministry official noted is easily defeated by "burner phones" and accounts opened in someone else's name. A fraudster can churn through disposable numbers indefinitely. Binding a seller's reputation to a government-issued credential that requires a live biometric step raises the cost of that churn considerably. This is a genuine market failure — buyers cannot price trust they cannot observe — and a credible identity signal is exactly the kind of public good a state is well placed to seed.
Why the design, not the goal, is what matters
Korea is unusually well positioned to do this. Its Mobile Resident Registration Card completed nationwide rollout in March 2025, issued through the MOIS-operated "Mobile IDentification" app (Google Play, MOIS). The credential holds the same legal validity as the plastic card but adds blockchain-anchored issuance, on-device encryption, a one-ID-per-phone limit, and mandatory biometric verification to bind it to its holder (Biometric Update). The infrastructure for a low-friction, hard-to-spoof trust mark already exists in tens of millions of pockets.
That is precisely why the early signals from this plan are encouraging. As described, the verification mark is opt-in: a badge a seller can choose to earn, not a gate every user must clear to list a sofa. That distinction is the whole ballgame. A voluntary badge lets the market sort itself — verified sellers signal trustworthiness, buyers reward them, and the unverified pay a reputational price rather than being locked out. It preserves the casual, anonymous, low-stakes trade that makes these platforms useful in the first place, while channelling high-value transactions toward verified counterparties. It is regulation by disclosure, not by prohibition — the lighter-touch end of the policy menu.
The line Seoul should not cross
The risk is drift. Voluntary trust marks have a way of hardening into de facto mandates: once verified sellers dominate, platforms may quietly throttle the unverified, or a future ministry may simply require the badge to transact above some threshold. Korea has been here before — the country's earlier real-name internet identity regime was struck down by the Constitutional Court in 2012 for chilling speech without measurably curbing abuse. Identity-gating commerce by stealth would repeat that mistake in a new domain.
The second risk is data. Centralising identity verification across the three platforms that handle most of Korea's resale volume creates an attractive target, and Korea's recent record is a warning, not a reassurance. In August 2025 the Personal Information Protection Commission fined SK Telecom 134.8 billion won — its largest-ever corporate penalty — after a breach exposed USIM and authentication data on more than 23 million subscribers, citing the carrier's failure to encrypt authentication keys and its delayed notification (Korea Times). Biometric identifiers, unlike passwords, cannot be reissued once leaked. A verification system that pools facial templates or resident-registration data on the platform side would convert a fraud-prevention tool into a single point of catastrophic failure.
The good news is that Korea's own legal architecture points to the safer path. The Personal Information Protection Act already restricts the processing of resident-registration numbers and unique identifiers and demands data minimisation (Personal Information Protection Act, KLRI). Applied here, the design principle writes itself: the platform should receive a cryptographic "verified — yes/no" attestation from the government wallet, never the underlying identity document, biometric, or registration number. The mobile ID's wallet model is built to do exactly that selective disclosure.
A template worth getting right
Korea is running a live experiment that much of the world will watch: can a state-issued digital ID make private markets safer without making them less free? The answer turns entirely on three commitments — keep the mark voluntary, keep verification a yes/no attestation rather than a data transfer, and resist the temptation to gate commerce on it. Get those right and Seoul will have shown that national digital identity can be deployed with restraint, as a tool that expands trust rather than surveillance. Get them wrong and the same credential becomes an instrument for monitoring who buys and sells what. The fraud problem is real and the chosen instrument is proportionate. The work now is to keep it that way.