전자금융거래에서 공인인증서의 발급 및 관리책임

The aim of the present article is, taking into account the current circumstances where an authorizedcertificate is utilized as an important means for confirming identification (authentication), to clarify significance of the certificate under the existing law and to develop a discussion on interpretation of the law from a perspective of liabilities surrounding issuance and management of authorized certificates. Aside from a general recognition that there is a lack of interpretation discourse on this aspect, two background elements gave rise to production of the article as follows: the first is a view that the policy for mandatory use of the certificate should be abolished because it hinders development of authentication technology; and the second is a view that unauthorized issuance by a third party basically would impose no liability on financial companies since there is no information security problem in current practice related to issuance and management of authorized certificates. Beginning from having a critical mind that neither of those views could provide assistance to solve the problems of existing authorized certificates in the light of practical significance of the certificates under the present electronic financial transactions, the article attempts to clarify who takes legal responsibilities surrounding issuance and management in electronic financial transactions. To change the whole frame of the existing system of authorized certificate in electronic financial transaction would accompany enormous transaction costs. Therefore, though it is necessary to plan reform measures in the future, it will bring more effectiveness under the current circumstances to seek ways to assure security of electronic financial transactions while retaining the frame.