“I paid far too much in tuition for this lesson.”

Mr. A, in his 60s, was invited in January this year to an SNS chat room that promised to teach professional stock investing methods. He was able to take stock lectures for about a month without paying separate tuition. As his guard came down, Mr. A received an enticing investment proposal. If he joined a ‘mid-to-long-term retirement guarantee project’ run by the Korean branch of U.S. asset manager W, he was told he could achieve a 700% return.

Mr. A was also invited to a more ‘discreet’ chat room. People who introduced themselves as executives and employees of W’s Korean branch said, “We can earn high returns by collaborating with institutions,” and steered him toward investing. Over the month of February, Mr. A deposited about 1.1 billion won. But it was an ‘investment scam.’

In an interview on the 30th, Mr. A sighed and said, “I made a snap misjudgment,” adding, “The more the investment amount grew, the harder it became to make a sound decision.”

The first to sense that Mr. A was being duped was the ‘bank.’ Records showing he had wired large sums to suspicious accounts, such as virtual accounts or accounts in the name of foreigners, tripped the bank’s fraud detection system (FDS). A monitoring staffer froze his account to stop further transfers and instructed him to visit a branch.

At the branch, staff warned Mr. A of investment scam risks based on the fact that the recipient accounts looked dubious. A police officer even sat in. But Mr. A insisted it was not a scam and asked that the temporary freeze on his account be lifted. He did not trust the bank or the police. Mr. A admitted, “At the time, the app showed all my money was there, profits were being realized, and returns were being calculated precisely, so it was hard to think it was a scam.”

Behind the scenes stood the scammer. Looking at the LINE messages between Mr. A and the scammer, when Mr. A said the bank had frozen his account, the scammer coached him: “After all, it is your own asset and you have done nothing wrong, so there is no need to explain things to the bank in detail,” adding, “It is fine to show a somewhat more hardline stance.” He even laughed calmly, saying, “There is no reason for the police to show up, so do not worry.”

Mr. B, the bank employee who tried to dissuade Mr. A at the time, recalled, “We called the police to prevent further damage and tried to delay things as much as possible,” adding, “Even after that, both the branch and the monitoring team kept communicating with the customer, but he was extremely adamant.”

After the transaction restriction was lifted, Mr. A continued investing, but the fact that he wired money again to a suspicious account was detected and his account was frozen once more. In the process, a monitoring staffer at the bank even infiltrated the scammer’s chat room to gather evidence that Mr. A was being deceived.

When the account was frozen the second time and further deposits became difficult, Mr. A tried to withdraw his money. The scammer said he needed a 200 million won fee to retrieve his investment and demanded additional funds. Only then did Mr. A realize he had been tricked. He has filed a police report and a restitution request and is now awaiting the outcome.

■“I truly want to help you, but you do not realize you are a victim”

“Dear customer, we are not asking you for anything else. Please go to the nearest police station and ask for help.”

Inside the KakaoBank fraud detection system (FDS) team office in Yeouido, Seoul. Twelve monitoring staff wore headsets and spoke on the phone without pause, eyes fixed on monitors showing suspicious transactions and related details.

“Why would a prosecutor ever tell you to report your movements?”

Mr. Lim, a staff member speaking with a customer in his 70s whose phone had a malicious app detected, urged the customer to visit the nearest police station for help deleting the app, warning of potential voice-phishing damage. The customer, however, said, “They told me not to talk to the bank,” and instead suspected the bank.

With only a short call, Mr. Lim figured out who had called the customer and what had been said. He asked, “They claimed to be the Korea Consumer Protection Board and said a card was issued, right?” and, “The prosecutor is saying illicit funds were deposited into your account, correct?” He then explained that these were classic voice-phishing tactics.

“○○○ says they gave you money, and we see you sent money to a foreigner. Why did you send it?”

Elsewhere, a call was underway with the holder of an account suspected of being used in a scam. The customer in his 20s claimed it was money from an acquaintance, but he did not even know the acquaintance’s age or where that person lived. Suspected of being a mule account that receives and forwards victims’ funds, the account was immediately frozen.

FDS is a system that detects unusual transactions, such as wiring large sums to accounts with no prior activity or transferring funds after breaking a savings plan. On average it flags 500 cases per day and makes about 200 calls to customers daily. Even with the Lunar New Year holidays last month, KakaoBank’s FDS still detected 14,000 unusual transactions.

Mr. Kwon, a staff member, said, “We are happy when we stop one, sad when we miss one, feel sorry when we see victims, and angry when we see the brazenness of scammers,” adding, “I go to work every day with the belief that doing this job well can improve the life of another person.”

Yet even when banks call to warn customers that voice phishing or investment fraud is suspected, many do not trust what the bank says. Unlike in the past, scammers’ methods have become sophisticated, making it hard for victims to realize quickly that they have been duped. When banks impose temporary measures to prevent losses, some customers file complaints with the Financial Supervisory Service to have freezes lifted quickly, or even cry and scream at staff.

■“A unified manual is needed, even if there are some side effects”

As voice phishing and investment fraud become more sophisticated, debate is growing over banks’ ‘temporary measures’ to stop them. Financial firms’ abnormal-transaction responses that can block customer transfers are the ‘last line of defense,’ but if they block accounts, complaints follow, and if they lift restrictions at customer request, losses can grow. With courts recently recognizing some bank responsibility, frontline staff say clear standards from the financial authorities are urgently needed.

Currently, under the law on reimbursing victims of telecommunications fraud, financial firms are obligated to detect unusual transactions across all user accounts and to take temporary measures such as restricting transactions on accounts suspected of damage. However, the law only states that if identity checks show an account is not one suspected of damage, temporary measures must be lifted. While this preserves financial firms’ autonomy, the standard for how far to respond is unclear. The criteria are, literally, ‘temporary,’ and much is left to bank discretion, so the level of prevention can vary by firm and by employee judgment.

A lawsuit over this issue is actually underway.

In January, the 11th Civil Division of the Seoul Southern District Court (Presiding Judge Joo Jin-am) recognized partial (30%) liability for Bank D in a damages suit filed by voice-phishing victim Mr. C, ordering the bank to pay about 461 million won. The court found that Bank D failed to fulfill its duties under the law on reimbursing communications-fraud victims, such as taking temporary measures, during the process in which Mr. C, deceived by scammers, wired funds.

According to the first-instance ruling, on July 29, 2024, Mr. C canceled a 1.6 billion won deposit and wired funds to an account provided by the scammers. Bank D deemed this unusual, took an initial temporary measure, and sent Mr. C a message that transactions were restricted. Mr. C then called, said, “I am trying to send stock investment funds, but it will not go through,” and requested the measure be lifted. After checking whether any family member or acquaintance had recently asked for an ID photo, account number, and so on, Bank D lifted the restriction. That same day, Mr. C transferred a total of 406 million won to the scammer’s account.

Bank D again judged the activity unusual and reimposed temporary measures, but lifted the restriction in much the same way as the first time. The next day, the account to which Mr. C had sent money was confirmed, through another victim’s report, to have been used for voice phishing. Bank D then told Mr. C, during a call, “They are scammers, so never send money to that account.”

The problem was that Mr. C, already deceived by the scammers, suspected the Bank D employee of being the scammer. In the call, Mr. C said, “I am making money from stocks, so why are you telling me I cannot?” and, “It is my money and I will do as I please.” The Bank D employee replied, “Then do as you wish. Understood. I will hang up,” and ended the call. Mr. C’s losses then swelled to more than 1.5 billion won.

The court held, “Considering that the temporary measure on the 29th was taken only in a perfunctory manner, that no additional temporary measures were imposed on the plaintiff’s account on the 30th, and that the three calls made in lieu of temporary measures did not further check suspicious circumstances, we cannot find that the bank fulfilled its duties related to temporary measures under the law on reimbursing communications-fraud victims.” Both sides have appealed.

The direct spark that expanded the losses was that the bank lifted temporary measures at the customer’s request. The key question is how proactive a financial firm must be when lifting such measures. Banks uniformly say they cannot keep temporary measures in place indefinitely against a customer’s wishes. In addition to complaints to lift restrictions, if a transaction turns out to be legitimate, the bank could face liability. An FDS team official at a bank lamented, “We have to endure with sheer toughness.”

This is why many say the financial authorities need to present clear standards on applying and lifting temporary measures. As scams grow more cunning and it takes time for victims to realize they have been deceived, financial firms need grounds to respond more actively. The responsibility of financial firms to prevent damage is also growing, as with ‘no-fault reimbursement for voice phishing.’

Ahn Yong-seop, head of the Korea Inclusive Finance Research Institute, said, “Cases of voice phishing and investment scams are so varied that a single standard may be hard to apply, but if the benefits outweigh the side effects, it should be institutionalized,” adding, “We need a culture, through institutionalization, that accepts complaints or issues that arise when banks try to protect customers’ assets.”

An official at the Financial Services Commission said, “There is ample room to consider, and indeed to keep pursuing in a systematic way, providing a unified manual from the authorities so that as many employees as possible can respond properly,” adding, “There could also be a way for financial firms to share information with one another and further sophisticate their response manuals.”