In a case where Gap et al. opened a deposit account in Eul bank, etc. and used Internet banking services, and Byung acquired an authorized certificate in the name of Gap et al. using financial transaction information, such as the account number and password obtained through so-called programming, security card number, etc., and traded transfer from Gap et al.'s deposit account, the case holding that Eul bank et al., which entered into an electronic financial transaction contract with Gap et al., has a duty to compensate for damages incurred to Gap et al., on the ground that Gap et al. is recognized as gross negligence, and thus, Gap et al

In a case where Gap et al. opened a deposit account in Eul bank, etc. and used Internet banking services, and Byung acquired an authorized certificate from Gap et al. using financial transaction information, such as the account number and password obtained through the so-called mination, and thereafter traded from Gap et al.'s deposit account, the case holding that "a certified certificate" and "one-time password such as a security card" constitute "Access Media" under Article 2 subparagraph 10 of the Electronic Financial Transactions Act, and the case where an authorized certificate is issued or reissued by improper use of other's information, and the case where an unauthorized person illegally copied an authorized certificate falls under the above Article of the authorized certificate, and thus, the above accident constitutes the above Article of the security card, and thus, Eul et al. shall bear the entire liability for damages incurred to Gap et al. under Article 9 (1) of the former Electronic Financial Transactions Act (amended by Act No. 11814, May 22, 2013; hereinafter "former Electronic Financial Transactions Act"), and thus, Gap et al. shall bear the entire liability for damages caused to Gap et al.

Articles 2, 5, 9, 21, and 49 of the former Electronic Financial Transactions Act (Amended by Act No. 11814, May 22, 2013); Articles 2 subparag. 10 and 9 of the Electronic Financial Transactions Act; Articles 2 and 8 of the former Enforcement Decree of the Electronic Financial Transactions Act (Amended by Presidential Decree No. 25840, Nov. 22, 2013); Articles 2 and 15 of the Digital Signature Act; Articles 13-2 and 13-3 of the Enforcement Rule of the Digital Signature Act

Plaintiff 1 and 35 others (Law Firm Minh, Attorneys Kim beneficiary-soo et al., Counsel for the plaintiff-appellant)

New Bank Co., Ltd. and nine others (Law Firm Gyeongpyeong et al., Counsel for the plaintiff-appellant)

December 22, 2014

1. The Defendants stated in the separate sheet “Defendant” shall pay to the Plaintiffs indicated in the “Plaintiff”, and each of the above amounts shall be 5% per annum from each date to January 15, 2015, and 20% per annum from the next day to the date of full payment.

2. The claims filed by the plaintiff 1, 9, and 24 and the claims filed by the plaintiff 8 against the defendant Sung-dong Agricultural Cooperative; the claims filed by the plaintiff 25 against the defendant Sung-dong Agricultural Cooperative; the claims filed by the plaintiff 29 against the defendant Sang-dong Agricultural Cooperative; the remaining claims filed by the plaintiff 2, 3, 4, 5, 6, 7, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 19, 20, 22, 23, 27, 28, 30, 32, 332, 34, 35, and 36 are all dismissed.

3. Of the costs of lawsuit, the portion arising between the Plaintiffs 1, 9, and 24 and the Defendant New Bank, Nonghyup Bank, Nonghyup Bank, Kopo-si Agricultural Cooperative, and Naman Agricultural Cooperative, the above Plaintiffs bear. The portion arising between the Plaintiffs 8, 25, and 29 and the Defendant Association’s Sung-dong Agricultural Cooperative, Sung-dong Agricultural Cooperative, and the part arising between the Plaintiffs 8, 25, and 29 and the Defendant Nonghyup Bank, shall be borne by the above Plaintiffs 8/10. The remainder shall be borne by the said Plaintiffs 2, 3, 4, 5, 6, 7, 10, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 23, 26, 27, 28, 30, 31, 323, 34, and 35 of the said Defendants’ respective portion of the costs of lawsuit.

4. Paragraph 1 can be provisionally executed.

1. Defendant New Bank Co., Ltd. (hereinafter “New Bank”) shall pay to Plaintiff 1 3,290,00 won, 54,569,820 won to Plaintiff 2, 20,240,000 won to Plaintiff 3, 23,024,000 won to Plaintiff 12, 37,80,000 won to Plaintiff 13, 46,285,100 won to Plaintiff 17, 18, 190, 190,000 won to Plaintiff 22,90,000 won to Plaintiff 20,000 won to Plaintiff 20,170,000 won to Plaintiff 20, and 20% interest per annum from the day following the delivery of a duplicate of the instant complaint to the day of complete payment.

2. Defendant National Bank Co., Ltd. (hereinafter “National Bank”) pays to Plaintiff 4 17,915,50 won, 26 KRW 4,794,00 to Plaintiff 27, KRW 81,00,00 to Plaintiff 27, and KRW 44,971,952 to Plaintiff 35, as well as each of the above amounts, 20% interest per annum from the day following the delivery of a copy of the instant complaint to the day of full payment.

3. Defendant Han Bank Co., Ltd. (hereinafter “I Bank”) shall pay to Plaintiff 5 the amount of KRW 50,000,000 and 20% interest per annum from the day following the delivery of a copy of the complaint of this case to the day of full payment.

4. The defendant Industrial Bank of Korea shall pay to the plaintiff 6 46,450,00 won, 9,847,934 won, and 20% interest per annum from the day following the delivery of a copy of the complaint of this case to the day of full payment.

5. The defendant Nonghyup Bank Co., Ltd. (hereinafter referred to as the "Agricultural Bank") shall serve the plaintiff 7 with 38,290,00 won, 31,743,000 won, 33,940,000 won, 14 for the plaintiff 14, 15,990,000 won, 24,430,000 won for the plaintiff 15, and 6,000 won for the plaintiff 21, 50,000 won for the plaintiff 22, and 17,80,000 won for the plaintiff 23, 40,000 won for the plaintiff 23, 30,000 won for the plaintiff 24,90,000 won for the plaintiff 140,39,000 won for the plaintiff 15,305,000 won for each of the above 30,309,319,305 won for the plaintiff 230,304,50.

6. Defendant NongHyup Bank and Taeduk Agricultural Cooperatives jointly and severally pay to Plaintiff 8 24 million won with 20% interest per annum from the next day of service of a copy of the complaint of this case to the day of full payment.

7. Defendant NongHyup Bank and Kopo Agricultural Cooperatives jointly and severally pay to Plaintiff 9 21,901,000 won with 20% interest per annum from the next day of service of a copy of the complaint of this case to the day of full payment.

8. Defendant Nonghyup Bank and Naman Agricultural Cooperatives jointly and severally pay 96,196,735 won and 20% interest per annum to Plaintiff 24 from the next day of service of a copy of the complaint of this case to the day of full payment.

9. Defendant Nonghyup Bank and Sung-sung Agricultural Cooperatives jointly and severally pay to Plaintiff 25 9,980,000 and interest rate of 20% per annum from the next day of service of a copy of the complaint of this case to the day of full payment.

10. Defendant NongHyup Bank shall pay to Plaintiff 29 113,280,00 won, Defendant Sang-dong Agricultural Cooperative Co., Ltd. 28,420,000 won out of the above 113,280,000 won, and each of the above amounts shall be paid with 20% interest per annum from the day following the delivery of a copy of the complaint of this case to the day of full payment.

1. Facts of recognition;

A. Opening of the plaintiffs' deposit account and opening of Internet banking services, etc.

The Plaintiffs used Internet banking services, etc. while opening a deposit account and conducting financial transactions as stated in Table 1> with the Defendants.

본문내 포함된 표 순번 원고 피고 계좌번호 인터넷 뱅킹 또는 스마트폰 뱅킹 가입일자 1 원고 1 신한은행 (계좌번호 1 생략) 2007. 1. 31. 2 원고 2 신한은행 (계좌번호 2 생략) 2007. 3. 2. 3 원고 3 신한은행 (계좌번호 3 생략) 2007. 2. 1. 4 원고 4 국민은행 (계좌번호 4 생략) 2002. 1. 2. 5 원고 5 하나은행 (계좌번호 5 생략) 2012. 9. 27. 6 원고 6 중소기업은행 (계좌번호 6 생략) 2008. 5. 27. 7 원고 7 농협은행 (계좌번호 7 생략) 2010. 1. 4. 8 원고 8 회덕 농업협동조합 (계좌번호 8 생략) 2006. 3. 28. 9 원고 9 장승포 농업협동조합 (계좌번호 9 생략) 2004. 8. 31. 10 원고 10 농협은행 (계좌번호 10 생략) 2009. 1. 19. 11 원고 11 농협은행 (계좌번호 11 생략) 2009. 9. 8. (계좌번호 12 생략) 12 원고 12 신한은행 (계좌번호 13 생략) 2012. 11. 28. 13 원고 13 신한은행 (계좌번호 14 생략) 2012. 8. 7. 14 원고 14 농협은행 (계좌번호 15 생략) 2008. 5. 8. 15 원고 15 농협은행 (계좌번호 16 생략) 2005. 2. 23. 16 원고 16 농협은행 (계좌번호 17 생략) 2008. 5. 20. 17 원고 17 신한은행 (계좌번호 18 생략) 2006. 10. 27. 18 원고 18 신한은행 (계좌번호 19 생략) 2011. 11. 23. 19 원고 19 신한은행 (계좌번호 20 생략) 2004. 4. 7. 20 원고 20 신한은행 (계좌번호 21 생략) 2004. 2. 5. (계좌번호 22 생략) 21 원고 21 농협은행 (계좌번호 23 생략) 2005. 1. 11. 22 원고 22 농협은행 (계좌번호 24 생략) 2006. 12. 22. 23 원고 23 농협은행 (계좌번호 25 생략) 2012. 10. 19. 24 원고 24 남부안 농업협동조합 (계좌번호 26 생략) 2007. 10. 24. 25 원고 25 성연 농업협동조합 (계좌번호 27 생략) 2011. 8. 5. 26 원고 26 국민은행 (계좌번호 28 생략) 2008. 6. 16. 27 원고 27 국민은행 (계좌번호 29 생략) 2010. 9. 5. 28 원고 28 농협은행 (계좌번호 30 생략) 2004. 3. 8. 29 원고 29 농협은행 (계좌번호 31 생략) 2006. 12. 14. (계좌번호 32 생략) 상동 농업협동조합 (계좌번호 33 생략) 30 원고 30 농협은행 (계좌번호 34 생략) 2002. 7. 24. (계좌번호 35 생략) (계좌번호 36 생략) 31 원고 31 농협은행 (계좌번호 37 생략) 2006. 3. 10. 32 원고 32 농협은행 (계좌번호 38 생략) 2010. 11. 17. 33 원고 33 유성 농업협동조합 (계좌번호 39 생략) 2012. 11. 21. 34 원고 34 화순 농업협동조합 (계좌번호 40 생략) 2010. 5. 7. 농협은행 (계좌번호 41 생략) 35 원고 35 국민은행 (계좌번호 42 생략) 2004. 3. 8. 36 원고 36 중소기업은행 (계좌번호 43 생략) 2006. 4. 12.

(b) Details of the accident;

1) A person under whose name the Plaintiff’s computer or smartphone was infected with a malicious code. In the event that a computer or smartphone is infected with a malicious code, when the user seeks to access the Internet “frighting” or the Internet homepage operated by the Defendants through the search of the portal site or intends to use a smartphone banking system, it is connected to a false website managed by the unsatisfyer. In addition, in the event that a computer or smartphone is infected with a malicious code, information stored in the relevant computer or smartphone is leaked.

2) The rest of the plaintiffs except the plaintiffs 1, 9, and 24, and the non-party 2 and 3, the wife of the plaintiffs 1, 9, and the non-party 1, and 9, the wife of the plaintiffs 1, 9, were to use the Internet banking or smartphone banking in relation to the account in the above Schedule 1 Table. The following: (a) to access the computer or smartphone infected with the malicious code to the Internet homepage operated by the defendants through the computers or smartphones around the date indicated in the table 2 in the attached Table 3; (b) the computers or smartphones infected with the malicious code were connected to the false site; and (c) as described in the table 2 in the attached Table 2 in the above site, the plaintiffs demanded the entry of the plaintiffs' account number and password, and the security card number. Accordingly, except the plaintiffs 1, 9, and 24, the plaintiffs 1, 24, and 3, the resident registration number and password were entered.

3) On the date indicated in the column for transfer date â…………………………………¢ (except for Plaintiff 5) the Plaintiffs (except for Plaintiff 5) acquired through the aforementioned methods to access the Internet homepage operated by the Defendants through computers or smartphones and obtain an authorized certificate issued or reissued under the above Plaintiffs’ name from the account in the above Plaintiffs’ name to the account in the third party’s name through the authorized certificate obtained through the issuance or re-issuance of the certificate under the said Plaintiffs’ name.

본문내 포함된 표 원고 이체일자 피해 경위(① 인터넷 뱅킹 또는 스마트폰 뱅킹 이용 중 사고, ② 정보 입력 유도 방법, ③ 정보 입력 후 상황) 계좌번호 이체금액(원) 공인인증서 발급 또는 재발급 원고 1 2013. 1. 22. ① 인터넷 뱅킹 이용, ② 외부의 컴퓨터 공격으로 다시 진행하기 위해 본인 확인이 필요하다는 창이 떠서 정보 입력, ③ 12시간 후 이용 가능하다는 공지 (계좌번호 1 생략) 33,290,000 - 원고 2 2013. 8. 8. ~ 8. 9. ① 인터넷 뱅킹 이용, ② 보안강화를 위한 창이 떠서 정보 입력, ③ 몇 시간 후 다시 접속하라는 공지 (계좌번호 2 생략) 54,569,820 재발급 원고 3 2013. 8. 29. ① 인터넷 뱅킹 이용, ② 전자금융피해 예방 서비스 창이 떠서 정보 입력, ③ ‘인증번호’ 및 ‘서비스 신청 접수’ 문자 메시지 수신 (계좌번호 3 생략) 20,240,000 발급 원고 4 2013. 4. 3. ① 인터넷 뱅킹 이용, ② 계좌번호 및 비밀번호, 보안카드 번호 전체 등의 입력 창이 뜨고 이를 입력하여야 거래할 수 있다는 안내에 따라 정보 입력, ③ - (계좌번호 4 생략) 17,915,500 발급 원고 5 2013. 7. 31. ① 인터넷 뱅킹 이용, ② 보안승급을 위한 창이 떠서 정보 입력, ③ 12시간 후 이용 가능하다는 공지 (계좌번호 5 생략) 50,000,000 - 원고 6 2013. 6. 16. ① 인터넷 뱅킹 이용, ② 보안강화를 위한 창이 떠서 정보 입력, ③ - (계좌번호 6 생략) 46,450,000 발급 원고 7 2013. 4. 14. ① 인터넷 뱅킹 이용, ② 계좌번호 및 비밀번호, 보안카드 번호 전체 등의 입력 창이 뜨고 입력하여야 거래할 수 있다는 안내에 따라 정보 입력, ③ - (계좌번호 7 생략) 38,290,000 - 원고 8 2013. 7. 22. ① 인터넷 뱅킹 이용, ② 다시 로그인하라는 메시지와 함께 보안카드 번호 전부 입력하라는 창이 떠서 정보 입력, ③ 2시간 후에 이용 가능하다는 공지 (계좌번호 8 생략) 24,000,000 재발급 원고 9 2013. 8. 14. ① 인터넷 뱅킹 이용, ② 보안승급을 위한 창이 떠서 정보 입력, ③ 2시간 후에 이용 가능하다는 공지 (계좌번호 9 생략) 20,901,000 재발급 원고 10 2013. 8. 29. ~ 8. 30. ① 인터넷 뱅킹 이용, ② 인증서 기간만료 갱신 요구하는 창이 떠서 정보 입력, ③ - (계좌번호 10 생략) 31,743,000 재발급 원고 11 2013. 9. 5. ① 인터넷 뱅킹 이용, ② 보안강화를 위한 창이 떠서 정보 입력 (계좌번호 11 생략) 25,190,000 발급 (계좌번호 12 생략) 8,750,000 원고 12 2013. 5. 1. ① 인터넷 뱅킹 이용, ② 로그인 위한 창이 떠서 보안카드 번호 등 정보 입력, ③ - (계좌번호 13 생략) 23,024,000 - 원고 13 2013. 5. 9. ① 인터넷 뱅킹 이용, ② 보안강화를 위한 창이 떠서 정보 입력, ③ - (계좌번호 14 생략) 37,800,000 재발급 원고 14 2013. 5. 6. ① 인터넷 뱅킹 이용, ② 계좌이체거래 시도 중 계좌번호 및 비밀번호, 보안카드 번호 전체 등의 입력 창이 떠서 정보 입력, ③ - (계좌번호 15 생략) 15,990,000 발급 원고 15 2013. 5. 21. ~ 5. 22. ① 인터넷 뱅킹 이용, ② 로그인 관련 인증 창이 떠서 계좌번호 보안카드 번호 등을 입력하자 로그인 됨, ③ - (계좌번호 16 생략) 24,430,000 - 원고 16 2013. 5. 16. ① 인터넷 뱅킹 이용, ② 정보입력 창이 떠서 정보 입력, ③ - (계좌번호 17 생략) 6,000,000 발급 원고 17 2013. 7. 7. ~ 7. 8. ① 인터넷 뱅킹 이용, 피고 신한은행 홈페이지 접속하자, 금융감독원 홈페이지 창으로연결됨,②계좌번호및 비밀번호, 보안카드 번호 전체 등의 입력 창이 떠서 정보 입력, ③ - (계좌번호 18 생략) 46,285,100 발급 원고 18 2013. 7. 3. ~ 7. 4. ① 인터넷 뱅킹 이용, ② 보안강화를 위한 창이 떠서 정보 입력, ③ - (계좌번호 19 생략) 14,240,000 재발급 원고 19 2013. 7. 17. ① 인터넷 뱅킹 이용, ② 보안승급을 위한 창이 떠서 정보 입력, ③ 2시간 후에 이용 가능하다는 공지 (계좌번호 20 생략) 22,990,000 - 원고 20 2013. 7. 22. ① 인터넷 뱅킹 이용, ② 공인인증센터로 연결되는 창이 계속 떠서 정보 입력, ③ 24시간 후에 이용 가능하다는 공지 (계좌번호 21 생략) 11,050,000 재발급 (계좌번호 22 생략) 120,000 원고 21 2013. 4. 11. ① 인터넷 뱅킹 이용, ② 보안카드가 유출되었으니 보안카드 번호를 전부 입력하라는 창이 떠서 정보 입력, ③ - (계좌번호 23 생략) 50,000,000 발급 원고 22 2013. 5. 25. ① 인터넷 뱅킹 이용, ② 보안강화를 위한 창이 떠서 정보 입력, ③ - (계좌번호 24 생략) 17,960,000 재발급 원고 23 2013. 6. 18. ~ 6. 19. ① 인터넷 뱅킹 이용, ② 보안강화를 위한 창이 떠서 정보 입력, ③ 2시간 후에 이용 가능하다는 공지 (계좌번호 25 생략) 19,800,000 발급 원고 24 2013. 6. 23. ~ 6. 24. ① 인터넷 뱅킹 이용, ② 보안강화를 위한 창이 떠서 정보 입력, ③ - (계좌번호 26 생략) 96,196,735 재발급 원고 25 2013. 6. 30. ~ 7. 1. ① 인터넷 뱅킹 이용, ② 보안강화를 위한 창이 떠서 정보 입력, ③ - (계좌번호 27 생략) 9,980,000 재발급 원고 26 2013. 5. 29. ① 인터넷 뱅킹 이용, ② 보안승급을 위한 창이 떠서 정보 입력, ③ - (계좌번호 28 생략) 4,794,000 발급 원고 27 2013. 7. 21. ~ 7. 22. ① 인터넷 뱅킹 이용, ② 파밍 사이트 예방을 위한 창이 떠서 정보 입력, ③ - (계좌번호 29 생략) 81,100,000 재발급 원고 28 2013. 8. 6. ① 스마트폰 뱅킹 이용, ② 스마트폰 뱅킹 애플리케이션 업데이트, 보안승급을 위한 창이 떠서 정보 입력, ③ - (계좌번호 30 생략) 46,075,000 발급 원고 29 2013. 8. 25. ~ 8. 26. ① 스마트폰 뱅킹 이용, ② 법원 등기 관련 문자 메시지 수신하고 문자 메시지 내에 인터넷주소 클릭함, 스마트폰 뱅킹 애플리케이션 업데이트 후 실행하여 계좌번호, 비밀번호, 이체비밀번호, 보안카드 번호 2자리 2개 입력, ③ - (계좌번호 31 생략) 10,180,000 재발급 (계좌번호 32 생략) 86,560,000 (계좌번호 33 생략) 28,420,000 원고 30 2013. 6. 26. ~ 6. 27. ① 인터넷 뱅킹 이용, ② 보안승급을 위한 창이 떠서 정보 입력, ③ - (계좌번호 34 생략) 1,940,000 - (계좌번호 35 생략) 22,110,199 (계좌번호 36 생략) 290,000 원고 31 2013. 7. 31. ① 인터넷 뱅킹 이용, ② 정보 입력, ③ - (계좌번호 37 생략) 6,930,000 재발급 원고 32 2013. 8. 5. ① 인터넷 뱅킹 이용, ② 정보 입력, ③ 2시간 후에 이용 가능하다는 공지 (계좌번호 38 생략) 11,074,500 재발급 원고 33 2013. 9. 8. ① 인터넷 뱅킹 이용, ② 보안강화를 위한 창이 떠서 정보 입력, ③ - (계좌번호 39 생략) 4,992,655 - 원고 34 2013. 9. 14. ① 인터넷 뱅킹 이용, ② 보안강화를 위한 창이 떠서 정보 입력, ③ - (계좌번호 40 생략) 5,620,000 재발급 (계좌번호 41 생략) 1,920,500 원고 35 2013. 9. 6. ① 인터넷 뱅킹 이용, ② 보안강화를 위한 창이 떠서 정보 입력, ③ - (계좌번호 42 생략) 44,971,952 - 원고 36 2013. 9. 15. ① 인터넷 뱅킹 이용, ② 보안강화를 위한 창이 떠서 정보 입력, ③ - (계좌번호 43 생략) 9,847,934 -

4) In addition, on July 31, 2013, Plaintiff 5 transferred KRW 50,000 from Plaintiff 5’s one bank account through telebanking using Plaintiff 5’s account number, account password, security card number, etc. (hereinafter referred to as “instant accident”).

[Based on Recognition] Unsatisfy, Gap evidence 19, 20, 22 (including paper numbers; hereinafter the same shall apply), Eul evidence 13, 14, Eul evidence 2, 11, Eul evidence 7, Eul evidence 41, and the purport of the whole pleadings

2. Determination on the cause of the claim

A. The plaintiffs' claims

1) The issuance or re-issuance of an authorized certificate under the Plaintiffs’ name without any authority by using the Plaintiffs’ information constitutes an electronic signature creating key and an authorized certificate. In the case of the Plaintiffs who have not been issued or re-issued an authorized certificate, it appears that the Plaintiffs in distress appear to have reproduced and used the Plaintiffs’ authorized certificates stored in a computer. As such, the unlawful reproduction of an authorized certificate, which is the means of access, also constitutes a forgery of an access medium under the former part of Article 9(1) of the former Electronic Financial Transactions Act (amended by Act No. 11814, May 22, 2013; hereinafter “former Electronic Financial Transactions Act”). Therefore, due to an accident that occurred from the “fuse of access medium”, the Plaintiffs suffered damage equivalent to the transfer amount stated in Table 2, and thus, the Defendants are liable to compensate the Plaintiffs for the said damage pursuant to Article 9(1) of the former Electronic Financial Transactions Act.

In addition, the Defendants are liable to compensate the Plaintiffs for the damages incurred therefrom on the ground that it constitutes “accident that occurred in the course of concluding a contract or the electronic transmission or processing of transaction instructions” under the latter part of Article 9(1) of the former Electronic Financial Transactions Act.

2) Based on Plaintiff 5’s account number and password obtained unlawfully as above, and the security card number, etc., Plaintiff 5 transferred money from Plaintiff 5’s account. In the case of Plaintiff 5, it constitutes “accident that occurred in the course of concluding a contract or the electronic transmission or processing of transaction instructions” under the latter part of Article 9(1) of the former Electronic Financial Transactions Act, under the premise that a single password, such as a security card, is not a means of access, and that a single password, such as a security card, is not a means of access. If deemed otherwise, the act of the non-indicted 1’s input of a security card number, etc. without authority on the premise that it constitutes a means of access, constitutes “a forged medium of access” under the former part of Article 9(1) of the former Electronic Financial Transactions Act.

3) Plaintiff 8, 9, 24, 25, and 29 entered into a deposit contract with the Defendants, who are local agricultural cooperatives (hereinafter “local cooperatives”) such as Defendant NFF and opened an account as above, and entered into an electronic financial transaction contract with Defendant NFF and used the Internet banking service. Therefore, Defendant Nonghyup Bank and the Defendants, a local union, are jointly and severally liable for damages incurred by Plaintiff 8, 9, 24, 25, and 29 due to the instant accident.

B. Relevant statutes (the contents of the text are as stated in the attached Form “relevant statutes”).

Articles 2 (Definitions), 5 (Use of Electronic Documents), 9 (Liability of Financial Institutions or Electronic Financial Business Entities), 21 (Duty to Secure Safety), and 49 (Penal Provisions) of the former Electronic Financial Transactions Act (Amended by Act No. 11814, May 22, 2013);

Article 9 (Liability of Financial Companies or Electronic Financial Business Entities) (The comparison table under the provisions of Article 9 of the former Electronic Financial Transactions Act shall be the same as the comparison table on the provisions stated in the attached Form)

Articles 2 (Scope of Financial Institutions) and 8 (Scope of Intention or Gross Negligence) of the former Enforcement Decree of the Electronic Financial Transactions Act (Amended by Presidential Decree No. 25840, Nov. 22, 2013)

Article 2 (Definitions) and Article 15 (Issuance of Authorized Certificates)

Article 13-2 (Criteria and Method for Verification of Identity) and Article 13-3 (Identification Card for Identity)

C. Determination

First of all, the meaning of Article 9 of the former Electronic Financial Transactions Act, which provides for the liabilities of financial institutions (the current Act) or electronic financial business entities, is examined, and the concept and scope of the means of access and the means of access are classified into forgery in order to determine the recognition of liability and the scope of liability. Next, this paper examines whether Defendant Nonghyup Bank and the Defendants, a district association, bear the responsibility of integ

1) The meaning of Article 9 of the former Electronic Financial Transactions Act

Article 9 of the former Electronic Financial Transactions Act provides, “A financial institution or an electronic financial business entity shall be liable for any damage incurred to a user due to an accident caused by the forgery or alteration of a means of access, the conclusion of a contract or the electronic transmission or processing of a transaction request,” and Article 9(2) provides, “Notwithstanding the provisions of paragraph (1), a financial institution or an electronic financial business entity may require the user to bear all or part of the liability in any of the following cases,” and subparagraph 1 provides, “Where a prior agreement is made with the user to the effect that all or part of the liability may be borne by the user, where the user is intentionally or with gross negligence in the occurrence of an accident.”

This provision recognizes the liability of statutory liability of a financial institution or electronic financial business operator for the purpose of protecting electronic financial transactions in the event of an accident that has occurred due to the forgery or alteration of any access medium, the conclusion of a contract or the electronic transmission or processing of transaction request, even without any cause attributable to the financial institution or electronic financial business operator.

However, in cases where a financial institution or an electronic financial business operator has entered into an agreement with a user to the effect that all or part of the liability may be borne by the user in the event of an accident,” it exceptionally recognizes the exemption from liability of the financial institution or electronic financial business operator, by allowing the user to bear all or part of the liability. Pursuant to the foregoing provision, a financial institution or electronic financial business operator, other than a financial institution or electronic financial business operator, shall have entered into in advance an agreement with the user to the effect that the user may bear all or part of the liability with respect to the occurrence of the accident, and that the user may bear all or part of the liability. A financial institution or electronic financial business operator shall not assume all or part of the liability without any condition even if it meets the requirements, and the judgment shall be made final by the court. Pursuant to the foregoing provision, if a financial institution or electronic financial business operator has made an agreement individually with the user or has set a prior terms and conditions on the exemption from liability, the recognition or scope

2) The concept and scope of the means of access

A) “Access medium” under the Electronic Financial Transactions Act refers to a means or information used to make a transaction request in an electronic financial transaction or to secure the authenticity and accuracy of the user and the details of the transaction (Article 2 subparag. 10). Article 2 subparag. 10 of the Electronic Financial Transactions Act lists “electronic card and other electronic information equivalent thereto [a], electronic signature creating key under Article 2 subparag. 4 of the Digital Signature Act, and certificates of certification under subparagraph 7 of the same Article [b], user numbers registered with a financial company or an electronic financial business entity [c], user’s bio-information [c], (a) or (b) or (b) of the user’s bio-information necessary to use the means or information under Article 2 subparag. 10 of the Electronic Financial Transactions Act (Article 2 subparag. 10 of the former Electronic Financial Transactions Act only uses the term “financial institution” and its contents are the same).

B) Whether “a certified certificate” and “a single password, such as a security card,” constitute means of access

(1) Whether an authorized certificate constitutes a means of access

The term "digital signature creating key" under subparagraph 4 of Article 2 of the Digital Signature Act means electronic information used to create a digital signature, and the term "certificate" under subparagraph 7 of Article 2 of the Digital Signature Act means electronic information verifying and verifying the fact that the digital signature creating key belongs only to the subscriber.

An authorized certificate is a certificate issued by a licensed certification authority, and constitutes an access medium as defined in Article 2 subparag. 10(b) of the Electronic Financial Transactions Act.

(2) Whether a single password, such as a security card, constitutes a means of access

Article 2 (10) of the Electronic Financial Transactions Act does not explicitly list a single password, such as a security card, as a means of access.

However, “one-time password” such as a “Security Card” is widely used as a means to verify the user himself/herself in electronic financial transactions, along with an authorized certificate, and to ensure the authenticity and accuracy of a transaction request or transaction details. In particular, Article 34(1) of the Electronic Financial Supervision Regulations, which is publicly notified by the Financial Services Commission, stipulates that a financial company or an electronic financial business entity shall necessarily apply a multiple-time password, including a security card at the time of electronic funds transfer, except in certain cases. In ordinary electronic funds transfer is prohibited from being traded only with an authorized certificate, and a transfer transaction is possible to enter

In addition, Article 34 (2) 4 of the Electronic Financial Supervision Regulations provides that "a financial company or an electronic financial business entity shall, in order to obtain a means of access, such as a single-use password (including anOTP) used for electronic financial transactions as one of the matters to be observed in connection with electronic financial transactions, issue a personal name certificate: Provided, That in the case of electronic debit payment means whose limit of use is less than the amount provided for in attached Table 3, it may be issued after confirmation through multiple means of identification, such as an authorized certificate, etc. under Article 37, and a single-use password, including a security card, is treated as one of the means of access."

In light of the contents of Article 13-2(4) of the Enforcement Rule of the Digital Signature Act and the procedures for issuing an authorized certificate as seen in Article 13-2(4)(a)(2)(d), if a financial institution becomes able to obtain or reissue an authorized certificate through an information and communications network when it knows personal information, such as the account number, password, resident registration number, etc., and personal information provided to a subscriber for electronic financial transactions, the number of a single-use password, including a security card, including a security card, is valuable as a security means to supplement the authorized certificate in the current situation where the leakage of personal information or financial transaction information

In light of the function and procedure of the single-time password such as such security cards, and relevant regulations, the personal identification number such as a security card can be seen as a means of access, which is necessary to use the means or information under Article 2 subparagraph 10 (a) or (b) of the Electronic Financial Transactions Act.

3) Counterfeiting a means of access

A) Whether the issuance or re-issuance of an authorized certificate by unlawful use of another person’s information constitutes the above Article

(1) The subject of the issuance of an authorized certificate is a licensed certification authority. The Plaintiff obtained information necessary for the issuance of the Plaintiff’s authorized certificate and obtained an authorized certificate from the licensed certification authority based on such information. Therefore, it is difficult to deem that the Plaintiff obtained or reissued an authorized certificate using the information obtained unlawfully from another person. Moreover, the former Electronic Financial Transactions Act, which applies to the instant accident, separates between “a forged or altered means of access (No. 1)” and “an electronic financial business entity,” and “an electronic financial transaction using a means of access (No. 4)” from “a forged or altered means of access (i.e., obtained a means of access or conducted electronic financial transactions)” under Article 9(1). However, Article 9(1) provides that “an accident caused by forgery or alteration of a medium of access or an accident caused in the course of conclusion of a contract or transaction request or in the course of electronic transmission or processing of a transaction request” is liable for damages to a user.

(2) However, as seen below, comprehensively taking account of the legislative intent and reason for amendment under Article 9 of the former Electronic Financial Transactions Act, the reason behind the issuance of an authorized digital signature creating key, accompanied by the fabrication of the digital signature creating key in the course of issuing an authorized certificate, etc., the case where a person without authority issues or reissues an authorized certificate by unlawful use of another person’s information constitutes “a forgery of an authorized certificate.” Even if this does not constitute forgery itself,

(A) The legislative intent of Article 9 of the former Electronic Financial Transactions Act is to clarify the principle of liability for electronic financial accidents that make it difficult to identify the causes of female characteristics, and to require financial institutions or electronic financial business entities to bear liability in the event of damage to users due to an electronic financial accident that is not caused by the user’s intentional or gross negligence (see, e.g., the National Assembly’s Review Report on Proposal of Electronic Financial Transactions Act prepared on April 206).

(B) “Counterfeiting a means of access” under the former part of Article 9(1) of the former Electronic Financial Transactions Act is not completely identical to the concept of the foregoing Article in relation to documents under the Criminal Act. Forgery of documents under the Criminal Act means the preparation of documents in the name of another person by a person who is not authorized to prepare. However, since the means of access consists of a variety of media from “electronic card” to “biological information” rather than a typical document, the concept of the above Article should be interpreted in accordance with the nature of individual means of access. Since an authorized certificate, which is the means of access in this case, constitutes “electronic information”, the concept of the above Article should be interpreted in line with its nature. The case where an authorized certificate was issued by improper use of another person’s information should be deemed as a forgery of the means of access. In addition to the reproduction of the card, it is difficult to present the case corresponding to the above Article 2 subparag. 10 of the Electronic Financial Transactions Act with respect to the remaining means

(C) An authorized certificate constitutes an electronic information verifying that the digital signature creating key belongs only to the subscriber, and constitutes an authorized certificate. In addition, the re-issuance of an authorized certificate is at the same time destruction of the existing authorized certificate and at the same time the new authorized certificate is issued. Considering the nature of the authorized certificate and the meaning of the re-issuance thereof, it may be deemed that the poor person’s name is included in the above Article of the authorized certificate if the certificate was issued

(D) Also, even if a specific procedure for the issuance of an authorized certificate is taken, it can be deemed that the issuance or re-issuance of an authorized certificate is forged by unlawfully using another person’s information.

The procedures for the issuance of an authorized certificate are as follows. First of all, a licensed certification authority confirms the identity of the applicant for the issuance of an authorized certificate (Article 15(1) of the Digital Signature Act). In ordinary cases, a bank or securities company is a registration agency designated by the licensed certification authority and manages face-to-face verification affairs, etc. to verify the applicant’s identity necessary for the issuance of an authorized certificate. The applicant for face-to-face verification is connected to the web page for the issuance of an authorized certificate (which is called the “authorized Certificate Center”) operated by the registration agency and provides programs necessary for the issuance of an authorized certificate, and is established on his/her own computer. This program creates and stores the applicant’s own personal key file and the public key file in the applicant’s personal key, and then transmits this program from the applicant’s personal key to the applicant’s personal key. If there is no error in verifying the applicant’s digital signature contained in the request file for the issuance of an authorized certificate, the applicant’s digital signature will create the file of the applicant and transmit it to the applicant’s personal file in the name “N.”

The applicant’s personal key file constitutes a “digital signature creating key” under Article 2 subparag. 4 of the Digital Signature Act. In general, when an applicant’s personal key file is an authorized certificate, the foregoing certified electronic signature creating key and a personal key file are combined. Article 2 subparag. 10(b) of the Electronic Financial Transactions Act also prescribes “the digital signature creating key under Article 2 subparag. 4 of the Digital Signature Act and the certificate under subparagraph 7 of the same Article” as the means of access.

Where an authorized certificate is issued or reissued by unlawful use of another’s information, the said certificate file and the digital signature creating key (personal key file) as well as the means of access will be created arbitrarily. In the case of an authorized certificate file, a licensed certification authority may create an authorized certificate file, but a personal key file may be deemed to constitute “facing” if it is an applicant for the issuance of an authorized certificate and arbitrarily produces a personal key file while doing so with the applicant’s computer as if it were the applicant.

(E) Article 9(1) through 3 of the Electronic Financial Transactions Act (amended by Act No. 11814, May 22, 2013; hereinafter “Electronic Financial Transactions Act”) provides that even if a user’s damage was incurred due to such an accident, a financial company or an electronic financial business entity shall be liable for damages incurred to the user, even if the user’s damage was caused by using the means of access acquired by false or other unlawful means by impairing an electronic device for electronic financial transactions or an information and communication network under Article 2(1)1 of the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc., and where the user’s damage was caused by such accident, the following circumstances are as follows: (a) so-called “Scishing (referring to the “Scishing” means the Telephone Financial Fraud Act that uses personal information, such as a credit card number, etc. through telephone)” or “mining (Phing: by manipulating a computer infected with a malicious code to enter the address into the web page,” and (b) the liability of the former Financial Transactions Act may be clearly disputed.

B) Whether the unlawful reproduction of an authorized certificate constitutes Article 3 of the means of access

(1) Whether the unauthorized reproduction of an authorized certificate constitutes an Article of the authorized certificate

Where a person who has no authority to reproduce an authorized certificate file has reproduced it, it shall be deemed that the unauthorized person who has no authority to prepare the certificate falls under the same Article as preparing documents under another person's name by taking advantage of another person's name.

(2) Whether the person without title can be deemed to have reproduced an authorized certificate without permission

Plaintiff 1, 7, 12, 15, 19, 30, 35, and 36’s authorized certificates were issued or reissued at the time of the instant accident. Nevertheless, inasmuch as the name-free transaction was made several times from the account in the said Plaintiffs’ name by means of Internet banking or smartphone banking, and the name-free transaction could be deemed as having been acquired and used by the said Plaintiffs. The method of acquiring the authorized certificates can be seen as ① the method of reproducing the authorized certificates stored on computers without permission by the said Plaintiffs, ② the method of acquiring the computer or smartphone storage media itself, such as the computer or smartphone storage medium in which the said Plaintiffs stored the authorized certificates.

In light of the following circumstances, Gap's evidence Nos. 19, 20, and 22 and the overall purport of the pleadings, it is deemed that the above plaintiffs illegally reproduced the authorized certificate stored in the computer.

① In the case of a computer or smartphone infected with a malicious code, information stored in a computer or smartphone may be leaked, and an authorized certificate itself may also be reproduced. The above Plaintiffs access the computer used by themselves to a false site because they were unaware of the fact that the computer was infected with a malicious code, and could not be known about the process of the leakage of an authorized certificate stored in a computer or the process thereof.

② After becoming aware of the occurrence of the instant accident, the said Plaintiffs stated that they lost or stolen the authorized certificate when reporting damage to the investigative agency.

③ On the other hand, even if the unsatisfyed person acquired a computer or mobile storage device itself with the above plaintiffs’ authorized certificates at a remote opportunity, in order to conduct a transfer transaction by using the authorized certificates stored in the computer or mobile storage device, the user of the pertinent authorized certificates must be identified and used in connection with the user’s financial transaction information. However, in such cases, it is impossible to find out the user of the authorized certificates stored in the computer or mobile storage device that he/she acquired by chance, and then, it is practically impossible to obtain financial transaction information, etc. by refecting the user’s computer into malicious code

C) Whether a person without authority constitutes a corresponding provision of a means of access if the security card number, etc. is entered

In the case of a transfer of funds from a telebank, a transaction may be conducted by entering the password, a security card number, or a password generated from the date of the occurrence of a single-use password (OTP), etc. In the case of a transfer of funds from a telebank, a transaction may be conducted by entering the account number, account password, and a security card number, etc. of Plaintiff 5 through telebank on July 31, 2013 and transferring the account. The entry of Plaintiff 5’s account number, account password, and security card number, etc. illegally acquired by the winners of the name can be deemed as a forgery of a security card, which is a means of access.

4) Whether Defendant NongHyup Bank, Defendant Koduk Agricultural Cooperatives, etc. are jointly and severally liable

A) The responsible subject of Article 9(1) of the former Electronic Financial Transactions Act

The term “user” under the former Electronic Financial Transactions Act means a person who enters into an electronic financial transaction contract with a financial institution or an electronic financial business operator for the purpose of conducting the electronic financial transaction and accordingly, uses the said transaction (Article 2 subparag. 7 of the former Electronic Financial Transactions Act). Therefore, the term “financial institution or electronic financial business operator,” which is liable for compensating users for damages pursuant to Article 9(1) of the former Electronic Financial Transactions Act, means a financial institution or electronic financial business operator who enters into a contract with a user for a deposit with a financial institution which entered into a contract with a user, is deemed to mean a financial institution or electronic financial business operator who enters into the said contract.

B) In the instant case:

Defendant Nonghyup Bank is a financial institution established separately by the National Agricultural Cooperative Federation pursuant to Article 134-4 of the Agricultural Cooperatives Act, and constitutes “financial institution” as provided in Article 2 subparag. 3(a) of the former Electronic Financial Transactions Act and Article 38 subparag. 7 of the Act on the Establishment, etc. of Financial Services Commission. The Defendants are local unions with the aim of increasing the economic, social, and cultural status of its members by providing members with technology, funds, and information necessary for them, and enhancing the economic, social, and cultural status of its members. Defendant NH Bank constitutes “financial institution” as provided in Article 2 subparag. 3(e) of the former Electronic Financial Transactions Act and Article 2 subparag. 5 of the Enforcement Decree of the same Act, and is separate from Defendant Nonghyup Bank.

Article 1 of the Framework Agreement on Electronic Financial Transactions used by Defendant Nonghyup Bank provides that “The purpose of this Agreement is to ensure prompt and efficient processing of transactions and to reasonably coordinate mutual interests between the parties to the transaction by prescribing basic matters concerning electronic financial transactions between Defendant Nonghyup Bank (including the agricultural cooperative in the agricultural cooperative; hereinafter “agricultural cooperative”) and users.” In addition, Article 1 of the Terms and Conditions on Use of Electronic Financial Services provides that “The purpose of this Agreement is to provide for all matters concerning the use of services between Defendant Nonghyup Bank (including the agricultural cooperative in the agricultural cooperative; hereinafter “agricultural Cooperative”) and the customers using the agricultural cooperative in the agricultural sector (hereinafter “user”) provided by the agricultural cooperative in accordance with the basic purpose of the Framework Agreement on Electronic Financial Transactions.”

Plaintiff 8, 9, 24, 25, 29, 24, 34, and 33 entered into an electronic financial transaction contract with Defendant NFF and opened an account (Plaintiff 33 opened an account with UFF, a local union, and Plaintiff 34 opened a part of the account (Account No. 40 omitted) with Plaintiff 34. However, Plaintiff 33 and 34 asserted that all of the accounts were opened with Defendant NFF.). Meanwhile, the said Plaintiffs entered into an electronic financial transaction contract with Defendant NF and used Internet banking services.

Therefore, Plaintiff 8, 9, 24, 25, 29, 34, and 33 are merely entitled to claim damages pursuant to Article 9(1) of the former Electronic Financial Transactions Act against Defendant Nonghyup Bank that entered into an electronic financial transaction contract, and may not claim damages pursuant to Article 9(1) of the former Electronic Financial Transactions Act against Defendant NHC, which is a local union that entered into a deposit contract.

Plaintiff 8, 9, 24, 25, and 29’s claim against Defendant NAFFFC is not accepted (Plaintiff 34 and 33 are claiming for damages under Article 9(1) of the former Electronic Financial Transactions Act only against Defendant Nonghyup Bank, and they do not assert such claim against local unions).

5) Sub-decisions

The instant accident is an accident that occurred due to the fabrication of a means of access under the former part of Article 9(1) of the former Electronic Financial Transactions Act, or at least the said provision should be applied by analogy. Therefore, barring any special circumstance, the remaining Defendants except the Defendant Dolsan Agricultural Cooperative, etc. (hereinafter “Defendant Bank”) are obliged to compensate the Plaintiffs for damages incurred by the instant accident.

3. Determination on the defenses by Defendant Bank

A. Defenses by Defendant Bank

1) Since 2012, prior to the occurrence of the instant accident, the Defendant bank posted the method of, and directions for, the commission of electronic financial fraud, such as so-called phishing or singing, on the website operated by the said Defendants. In particular, the Defendant bank continuously posted a warning that “the prohibition of absolute entry of the entire security card number,” and notified users of the said contents via text messages or e-mail.

However, the rest of the plaintiffs except the plaintiffs 1, 9, and 24 and the non-party 1, 2, and 3 entered all the security card numbers and the authorized certificate numbers possessed by the plaintiffs in connection with the false site as above. The remaining plaintiffs except the plaintiffs 1, 9, and 24 and the non-party 1, 2, and 3, even though they could easily be able to conduct electronic financial transactions with their own authorized certificate numbers and security card numbers without the authority of a third party, they constitute the case where the above-mentioned authorized certificate numbers or security card numbers, etc. are divulged or disclosed. Accordingly, the accident in this case occurred due to gross negligence by the plaintiffs. Accordingly, the responsibility of the defendant bank under Article 9 (2) 1 of the former Electronic Financial Transactions Act, Article 8 (2) 2 of the Enforcement Decree of the same Act, and Article 20 (2) 3 of the Framework Act on Electronic Financial Transactions is exempted.

2) In addition, Plaintiff 1’s delegation of the use of an authorized certificate, etc. which is the means of access to Nonparty 1, constitutes the divulgence of the password, etc. of an authorized certificate, which is the means of access, and thus, Plaintiff 1 ought to be exempted from liability for Plaintiff 1 of the Defendant New Bank pursuant to Article 9(2)1 of the former Electronic Financial Transactions Act, Article 8 Subparag. 1 of the Enforcement Decree of the same Act, and Article 20(2

3) Plaintiffs 4, 26, 27, and 35 lost or stolen means of access by inputting financial transaction information, etc., and did not report or notify the Defendant National Bank of any accident. Therefore, the instant accident was an accident that occurred prior to the said Plaintiffs’ reporting on loss, etc., and thus, Defendant National Bank’s liability against the Plaintiffs should be exempted pursuant to Article 10(1) of the former Electronic Financial Transactions Act.

B. Facts of recognition

1) The Plaintiffs were engaged in electronic financial transactions with the Defendant bank from the date indicated in Table 1

2) With respect to Article 9 of the former Electronic Financial Transactions Act, the basic terms and conditions of the Defendant Bank’s electronic financial transaction are as follows.

Article 6 (Management of Means of Access)

Unless otherwise expressly provided for in other Acts, no user shall lend, delegate, transfer, or provide a third party with a means of access necessary for electronic financial transactions, or divulge to any third party other than the principal, and shall pay due attention to the management to prevent the illegal use of access means or forgery or alteration thereof.

Article 20 (Liability for Loss and Exemption)

(1) If a user suffers any loss due to an accident caused by the forgery or alteration of a means of access, or an accident caused in the course of electronic transmission or processing of a contract or transaction instruction, a bank shall compensate for such amount and interest calculated by the interest rate on a term deposit with a maturity of one year: Provided, That if the loss incurred from the relevant account exceeds the amount calculated by the interest rate on a term deposit of one year as

(2) Notwithstanding the provisions of paragraph (1), in any of the following cases, a bank shall not fully or partially support liability even if any loss to a user occurs:

1. A natural disaster, war, terrorism, or act of God, such as power failure, fire, damage to building, or terrorism, which occurs without any cause attributable to a bank;

2. Where a user lends or delegates, or provides, a means of access for the purpose of transfer or security;

3. Where a third party has disclosed, disclosed, or neglected the means of access that the third party has known or could have easily known that he/she could conduct electronic financial transactions using the means of access without authority;

(3) If the user is notified of the loss or theft of the means of access, a bank shall compensate the user from that time for damage caused by the third party's use of the means of access.

3) The circumstances after the instant accident by Plaintiff 2, etc.

A) On August 8, 2013, Plaintiff 2 sought access to the Defendant’s website at his/her own office on a computer, but the computer was infected with a malicious code and came to have access to a false site, and entered all of the resident registration numbers, account numbers and passwords, authorized certificate numbers, and security cards, regardless of the initiative to strengthen security. Plaintiff 2 received text messages from Defendant 1 bank that an authorized certificate was reissued.

B) At around 18:00 on July 22, 2013, Plaintiff 8 sought access to the Defendant Nonghyup Bank’s website using a computer at its own office. However, a computer was infected with a malicious code and came to have access to a false site, and entered the entire resident registration number, account number and password, an authorized certificate password, and a security card number on July 22, 2013. Plaintiff 8 received a text message that was reissued by the Defendant Nonghyup Bank’s authorized certificate on July 22, 2013. Plaintiff 8 received the text message that was sent KRW 19:561,850,000, KRW 19:5881,810,000 on the same day, and reported damage by phone to the Defendant Nonghyup Bank, but, on July 22, 2013, the fact of damage was received, up to 201:30,000 won through a total of 19:30,000,000 won.

C) Nonparty 2, who is Plaintiff 9’s children, used the Plaintiff’s account in the usual Plaintiff 9 and engaged in electronic financial transactions, such as Internet banking. Nonparty 2, around 9:00, intended to access the Defendant Nonghyup Bank’s website from his own house to the portal site on August 14, 2013, but the computer was infected with the malicious code and was falsely connected to the site, and entered a security card number, serial number, etc. on August 14, 2013. Plaintiff 9 received a text message that was reissued an authorized certificate from Defendant Nonghyup Bank on August 11:30, 2013.

D) On July 31, 2013, Plaintiff 31 received text messages that an authorized certificate was reissued from Defendant Nonghyup Bank. Plaintiff 31 subsequently confirmed the details of transfer by phoneing to Defendant Nonghyup Bank’s call center.

E) On August 5, 2013, Plaintiff 32 sought access to the Internet homepage operated by Defendant Nonghyup Bank by computer at its own office on August 17:30, 2013, and the computer was infected with the malicious code and became a false site. Plaintiff 32 entered the entire security card number and various financial transaction information on the aforementioned false website. Plaintiff 32 received text messages from Defendant Nonghyup Bank on August 5, 2013, that KRW 1,990,000 was transferred from Plaintiff Nonghyup Bank to Plaintiff 32’s account (on August 5, 2013, KRW 11,074,500 was transferred in total from August 5, 2011 to KRW 17:58,00,000, and Defendant Nonghyup Bank notified Defendant Nonghyup Bank of all of the relevant transfer details as a text message). After Plaintiff 32, Defendant Nonghyup Bank requested payment suspension from the said account via the phone call.

F) On September 14, 2013, Plaintiff 34 received a text message of the details of transfer on or around 15:25, and sent the message to Defendant Nonghyup Bank call center at around 15:28 on the same day, but did not have a telephone connection. On September 14, 2013, Plaintiff 34 reported the fact of damage to Defendant Nonghyup Bank call center at around 15:37, 15:38, 15:41 on September 14, 2013, Plaintiff 15:37, 15:38, and 15:41 on March 14, 2013.

[Reasons for Recognition] Facts without dispute, Gap evidence 19 through 22, Eul evidence 1, Eul evidence 3, Eul evidence 7, Eul evidence 2, Eul evidence 2, Eul evidence 2 and 3, the purport of the whole pleadings

C. Determination

1) Whether “serious negligence” under Article 9(2)1 of the former Electronic Financial Transactions Act is acknowledged to the Plaintiffs

A) Criteria for determining “serious negligence” under Article 9(2)1 of the former Electronic Financial Transactions Act

As seen above, Article 9(1) of the former Electronic Financial Transactions Act provides that a financial institution, etc. shall be liable for any damage incurred to a user due to an accident caused by forgery or alteration of the means of access prescribed by such Act. Notwithstanding the provisions of paragraph(2), a financial institution, etc. shall be held to have the user bear all or part of the liability for the damage, “where it has entered into an agreement with the user in advance with the user to the effect that all or part of the liability may be borne by the user where the user was intentionally or with gross negligence in the occurrence of the accident.”

Article 8(3) of the former Enforcement Decree of the Electronic Financial Transactions Act provides for the specific contents of “any intention or gross negligence” as referred to in Article 9(2) of the said Act under delegation by the said Act. Article 1 provides, “Where a user lends or delegates the use of a means of access to a third party, or provides it for the purpose of transfer or security (excluding where an electronic prepayment means or electronic currency is transferred or provided as security pursuant to Article 18 of the Act),” and Article 8(2) provides, “Where a third party has known or could have easily known that he/she could conduct electronic financial transactions using the means of access of a user without the user’s authority, the means of access may be divulged, disclosed or neglected, despite having known or could have easily known that he/she could conduct such transactions by using the means of access of the user.”

In this context, whether there exists "any intention or gross negligence" as prescribed by the above statutes or the terms and conditions should be determined by taking into account the specific circumstances in which financial accidents, such as the forgery of the means of access, the details of the method of access such as forgery, the degree of public awareness of such forgery, the occupation of financial transaction users, the experience of using financial transactions, and other all other circumstances (see Supreme Court Decision 2013Da86489, Jan. 29, 2014).

B) In the instant case:

In light of the following circumstances revealed in light of the above facts and Eul's evidence Nos. 3, 5, 10, 12, Eul's evidence Nos. 37 through 40, Eul's evidence Nos. 3, 6, 7, 8, Eul's evidence Nos. 4, Eul's evidence Nos. 30 through 34, Eul's whole oral argument, and the whole purport of oral argument, it is deemed that there was gross negligence on the plaintiffs in the occurrence of the accident of this case.

(1) The ordinary electronic financial transaction user consents to the basic terms and conditions of electronic financial transactions and the terms and conditions of the use of electronic financial services or obtains an authorized certificate by means of signing in the electronic financial transaction application form containing the phrase “the consent of the principal to the basic terms and conditions of the electronic financial transaction and the terms and conditions of the use of electronic financial services,” or becomes entitled to the consent to the basic terms and conditions of the electronic financial transaction and the terms and conditions of the use of electronic financial services (the structure in which the consent to the basic terms and conditions of the electronic financial transaction and the terms and conditions of the use of electronic financial services can be made). The Plaintiffs also

(2) At the time of the instant accident, the Defendant Bank continuously posted a notice on its Internet homepage, such as “public agencies (public prosecutor’s offices, the Financial Supervisory Service) and financial institutions (banks or card companies) not demanding the entry of personal financial information on the grounds of security promotion, etc.” and “security card numbers and the prohibition of the total absolute entry of code numbers”.

In addition, from January 17, 2013 to July 15, 2013, Defendant New Bank sent e-mail and text messages to Plaintiff 17, 18, 19, and 20 on two to three occasions, including Plaintiff 4, 26, 27, and 35, to prevent electronic financial fraud. The Defendant National Bank sent to Plaintiff 4, 26, 27, and 35 on three occasions e-mail and text messages from March 2012 to March 2013, 201, such as “the State of Washington who misrepresented Defendant National Bank” and “the No. 35 entry of a security card number.” The Defendant Industrial Bank sent the Plaintiff on May 14, 2013 to Plaintiff 6, and on May 11, 2012 and May 14, 2013 to Plaintiff 36, namely, the Bank of Korea’s website (hereinafter “the Bank”).

(3) Plaintiffs 2, 4, 5, 6, 8, 12, 13, 14, 16, 17, 19, 20, 21, 25, 26, 27, 30, 32, 34, and 35 stated that the whole number of the security cards held by an investigative agency was entered, and the number of the security cards entered by the rest of the plaintiffs other than the above plaintiffs is unclear.

However, the security card contains 30 or 35 numbers of cooperatives. Banks demand to enter the number of cooperatives selected on a random basis for each transaction. Therefore, it is almost impossible for banks to accurately enter the number requested by each bank in the transfer transaction, unless they possess a physical security card or do not know all the number associations listed on the said card. The name-free persons failed to transfer the amount of damage at once due to the restriction on transfer limit, etc., and have transferred the transaction several times. If the name-free persons are unaware of the full number of the security card number, it is virtually impossible to do the transfer transaction several times. Accordingly, the remaining plaintiffs except Plaintiff 29 (Plaintiff 1, 9, and 24) (as Plaintiff 1, 9, and 24) did not enter the entire number of the security card number they possessed.

Plaintiff 29 appears to have entered two-dimensionals of security cards, such as normal transfer transactions. However, in the case of Plaintiff 29, the instant smartphone, which confirms the letters related to the malicious code, is infected with the malicious code, and Plaintiff 29 was frequently using a flat smartphone banking, and thus, it appears that Plaintiff 29 stored and used the security card-related information on the smartphone (if the security card is stored and used in the smartphone in the form of a photograph or a camera file, and the smartphone is infected with the malicious code, all of the relevant information is leaked). If Plaintiff 29 was not aware of the entire serial number of Plaintiff 29’s security card, it would be impossible to cause such transaction.

(4) The Plaintiffs’ experience using Internet banking services is less than one year, and more than ten years. Accordingly, the Plaintiffs seem to have sufficiently known the fact that two-dimensional numbers of security cards were entered into a normal transaction. In particular, Plaintiff 8 et al. made a statement at an investigative agency to the effect that “The Plaintiff et al. was doubtful that the entire security card number was entered.”

In addition, the Plaintiff 1 et al. posted a public notice that “it is impossible to use the Internet banking service for two hours or twenty-four hours after entering the financial transaction information as above.” It is very exceptional to place restrictions on the use of the Internet banking service for the sake of security promotion or the strengthening of security. There is a suspicion that the use of the Internet banking service becomes impossible due to the instability of the Internet banking system, but there was no restriction on the use of the information due to security promotion or the strengthening of security.

(5) The Plaintiffs’ occupation is diverse by police, doctors, public officials, company members, university professors, and self-employed persons. In light of the Plaintiffs’ experience and social experience, career or frequency of using Internet banking, and the status of the posting of warnings or notifications on electronic financial fraud by Defendant banks, etc., the Plaintiffs’ entry of the entire security card number is very exceptional and the circumstance that a financial institution does not require the entire security card number in ordinary transactions is sufficiently recognized.

2) The scope of the plaintiffs' liability

A) General legal principles and major issues

As seen above, Article 9(2) of the former Electronic Financial Transactions Act provides that “A financial institution, etc. may, notwithstanding the provisions of paragraph (1) of the same Article, impose all or part of its liability on a user, if it has entered into an agreement with the user to the effect that all or part of the liability may be borne by the user in the occurrence of an accident.” However, even if the user’s damage was incurred due to the forgery or alteration of the means of access under the basic terms and conditions used by the Defendant bank, “the user is entrusted with the use of the means of access, or provided for the purpose of transfer or security” or “the user has disclosed, disclosed, or neglected the means of access without the user’s authority even if he/she knew or could have known that he/she was able to conduct electronic financial transactions using the means of access without the user’s authority.” Even if an accident occurred with the forgery of the means of access, the user may be held liable for all or part of the damages to the user. Therefore, even if any serious negligence on the part of the user is attributable to the user.

In this case, the rest of the plaintiffs except the plaintiffs 1, 9, and 24 and the non-party 1, 2, and 3 were exposed to all the security card numbers, etc. In order to access the Internet homepage of financial institutions. Even if such errors by the plaintiffs constitute gross negligence as prescribed by Article 9(1) of the former Electronic Financial Transactions Act, it is a matter of whether such errors by the plaintiffs can be deemed to be the degree of bearing the whole liability of the plaintiffs who are the users, and whether the degree of imposing a part of the liability or the degree of imposing a part of the liability falls short of the degree of bearing the responsibility. Ultimately, the existence and scope of the responsibility

As to the degree of gross negligence and the scope of liability for such negligence, if a third party entrusts a third party with the use of the means of access, a third party may easily conduct electronic financial transactions using the user’s means of access without authority, but if the user disclosed the means of access, it is necessary to examine it separately, such as where the user fails to take any measures despite being notified of the re-issuance of the authorized certificate.

(B) delegate the use of a means of access to a third party;

In the event of delegation of the use of a means of access to a third party, a financial institution does not bear all or part of its liability pursuant to Article 9(2)1 of the former Electronic Financial Transactions Act, Article 8 subparag. 1 of the Enforcement Decree of the same Act, and Article 20(2)2 of the Framework Act on Electronic Financial Transactions. An authorized certificate which is the means of access is a means of verifying identity of a person conducting financial transactions, and has a strong character. Accordingly, an authorized certificate shall not be transferred or delegated to another person for use. Accordingly, the said Act and the said terms and conditions strictly prohibit the delegation of the use

In addition, when a third party uses an authorized certificate upon delegation of the use of the authorized certificate and puts the risks of financial accidents, such as mining or singing, the issue of which the security card, which is the means of access, is different depending on who is an individual trader. Therefore, if an electronic financial transaction user entrusts a third party with the use of the means of access and a third party is involved in an accident by exposing the entire security number, which is the means of access, during the use of the means of access, the user shall be held liable in

Plaintiff 1 delegated Nonparty 1, Plaintiff 9, and Plaintiff 24 to Nonparty 3, the wife, and Plaintiff 24 to use an authorized certificate and its password in the above Plaintiffs’ name. Nonparty 1, 2, and 3 entered the entire security card number, which is the means of access, and disclosed or disclosed the means of access, taking into account the various circumstances revealed in the instant pleadings, such as: (a) the fact that the said Plaintiffs delegated a third party with the use of the means of access; (b) the fact that the said Plaintiffs received a text message that an authorized certificate was reissued as described in paragraph (d) and did not take appropriate measures, such as reporting such fact to Defendant Nonghyup Bank; and (c) the damages incurred to Plaintiff 1, 9, and 24 due to the instant accident are fully borne by the said Plaintiffs.

(C) a third party, without authority, could have easily known that he/she could conduct electronic financial transactions using the means of access by the user, but the user has disclosed the means of access.

If a third party has disclosed a means of access without authority, but it was easily possible for the third party to conduct electronic financial transactions using the means of access by the user, the financial institution is not obligated to bear all or part of its liability pursuant to Article 9(2)1 of the former Electronic Financial Transactions Act, Article 8 Subparag. 2 of the Enforcement Decree of the same Act, and Article 20(2)3 of the Framework Terms and Conditions for Electronic

The Plaintiffs did not enter a false Internet site address in the above language or telephone, and did not have access to the site, but did so through the Internet portal site operated by the Defendant bank. The Plaintiffs attempted to access the Internet site operated by the Defendant bank in a normal way. However, they attempted to access the Plaintiffs to the Internet site operated by the Defendant bank in a false manner. However, the Plaintiffs deceiving the Plaintiffs to enter information on the grounds of security promotion, security enhancement, and prevention of damage to electronic financial fraud, etc. by abusing the fact that the number of not winners of the names led the Plaintiffs to a false site, and that the need for security reinforcement or security promotion has increased due to the leakage of personal information, etc.

In the case of the plaintiffs in this case, it may be different from the case where they had access to a false Internet site unrelated to financial transactions after having been exposed to the phone from their own name due to damage, such as phishing, etc. The plaintiffs moved to the Internet site of financial institutions operated by the defendant bank and entered the means of access, etc. after being informed of the reasons such as security promotion, security strengthening, prevention of damage from electronic financial fraud, etc. (the plaintiff 170,000, which was moved to the 170,000 Financial Supervisory Service site as above).

In light of this point, it cannot be deemed that the Plaintiffs’ unlawful disclosure of the means of access is to bear all the responsibility of Defendant banks under Article 9(1) of the former Electronic Financial Transactions Act to the extent that they are users. In light of the above circumstances, such as the developments leading up to access to false sites and the developments leading up to the leakage of various information, 80% of the damages incurred to the said Plaintiffs due to the instant accident should be borne by the said Plaintiffs.

D) Where any measure is not taken despite the re-issuance of an authorized certificate

If any measure is not taken even after being notified of the re-issuance of an authorized certificate, the Electronic Commerce Finance Act or a standardized contract does not stipulate that the “all or part of the liability” can be borne by the user. However, if an authorized certificate is re-issued, the existing authorized certificate is destroyed, and thus, it is obligated to take such measures as reporting to the user as the same as the case where the authorized certificate is lost or stolen. In addition, if no such measure is taken without being taken even if the notice was notified of the re-issuance of the authorized certificate without being bound by the principal’s intent, then the damage, such as continuing withdrawal of the deposit, shall be increased from the transaction account, and thus, the error in

Plaintiff 2 and 9 did not take appropriate measures, such as filing a written message that an authorized certificate has been reissued, and filing a report thereon with Defendant New Bank and Nonghyup Bank.

Considering that Plaintiff 2 and Nonparty 2’s gross negligence by inputting the entire security number of the means of access and not taking appropriate measures against the theft or loss of the means of access as seen above, it should be deemed that Plaintiff 9 bears all the damages incurred to Plaintiff 9, as described in the foregoing paragraph (b), and that Plaintiff 2 bears 90% of the damages incurred to Plaintiff 2.

Meanwhile, Defendant National Bank asserts that Defendant National Bank should be exempted from liability on the ground that Plaintiff 4, 26, 27, and 35 did not report the loss or theft of the means of access even though they were lost or stolen. Plaintiff 4, 26, 27, and 35 did not have any evidence to deem that Defendant National Bank did not report the loss or theft of the means of access, such as an authorized certificate, to Defendant National Bank. Accordingly, the above assertion by Defendant National Bank is rejected.

3) Sub-determination

In the case of the rest of the plaintiffs except for plaintiffs 1, 2, 9, and 24, the defendant bank that entered into an electronic financial transaction contract with the plaintiffs is obligated to compensate for 20% of the damages incurred to the above plaintiffs, and 10% of the damages incurred to the plaintiffs 2 are liable for the damages incurred to the defendant new bank.

Therefore, the defendant banks listed in the defendant column in the attached amount sheet are obligated to pay to the plaintiffs in the plaintiff column the amount of compensation for delay calculated at each rate of 5% per annum as stipulated in the Civil Act and 20% per annum as stipulated in the Act on Special Cases Concerning the Promotion, etc. of Legal Proceedings from the next day to the day of full payment, since it is reasonable for the above defendants to dispute about the existence and scope of their obligations from the date immediately following the date of service of the copy of the complaint of this case to January 15, 2015, which is the date of this decision.

4. Conclusion

Therefore, the remaining plaintiffs' claims except for plaintiffs 1, 9, 24, 8, 25, and 29 and the claims against plaintiffs 8, 25, and 29 against the defendant Nonghyup Bank are accepted within the scope of the above recognition, and each of the remaining claims is dismissed as it is without merit. It is so decided as per Disposition by the assent of all participating Justices on the ground that the claims against plaintiffs 1, 9, and 24 and the claims against the plaintiff 8's defendant Sung-dong Agricultural Cooperative, the claims against the plaintiff 25, and the claims against the defendant Sang-dong Agricultural Cooperative, the claims against the plaintiff 29 are dismissed as it is without merit.

[Attachment 1] cited Amount List: omitted

[Attachment 2] Related Acts and subordinate statutes: omitted

Judges Jeon Soo-Un (Presiding Judge)