SEOUL — The South Korean messaging industry is raising strong objections to the government’s recently legalized "Message Transmission Qualification Authentication System," claiming the new regulations are impractical and fail to address the core mechanisms of modern smishing (SMS phishing) attacks.
The Special Messaging Business Association (SMOA) recently submitted a formal petition to the Broadcasting and Communications Commission and the Ministry of Science and ICT, requesting a one-year deferment for the implementation of key provisions. The association argues that the new requirements, while well-intentioned, impose an excessive financial burden on businesses without offering a meaningful solution to cybercrime.
Under the new law, mandated this past April, messaging intermediaries and resellers must implement an "anti-malicious message pre-screening system." However, industry experts point out a significant loophole: the current system, developed by the Korea Internet & Security Agency (KISA), scans URLs only at the moment of transmission. This fails to stop attackers who send clean links and replace them with malicious, app-installing pages after the message has been delivered.
"Developing a real-time monitoring system would be prohibitively expensive for individual businesses," an association representative stated. The industry suggests that it would be far more effective for major mobile carriers to enhance their own centralized blocking systems rather than forcing every individual messaging company to build redundant, ineffective infrastructure.
The industry also criticized the "one-account-per-person" rule and the mandate for authentication on every single message sent. For firms handling automated, bulk notifications—such as delivery alerts, medical appointment reminders, and tax document delivery—these requirements could lead to severe service delays. Furthermore, the one-account policy ignores the business model of advertising agencies and insurance brokers who frequently manage bulk messaging on behalf of third-party clients.
The SMOA has emphasized that they are not opposed to the government’s goal of eradicating spam. Instead, they are calling for "pragmatic regulation" that reflects the realities of the messaging field. They are urging the government to hold public hearings and use the requested one-year grace period to collaborate with the industry on a more rational, effective security framework.
As the debate continues, the effectiveness of the government’s top-down approach remains under scrutiny, with industry players warning that without significant revisions, the policy may end up being nothing more than a superficial measure that penalizes legitimate businesses while leaving the door open for sophisticated cyber criminals.
[Copyright (c) Global Economic Times. All Rights Reserved.]
