According to the sources, South Korea's Financial Services Commission and Financial Supervisory Service are planning to officially notify KB Kookmin Card Co., NH Nonghyup Card Co. and Lotte Card Co. of the business suspension on Monday. The suspension will be effective from Feb. 17, they said.
The latest suspension is the first in 10 years. Finance authorities had restricted operations in 2003 when the firms facing competition issued credit cards indiscriminately without prior screening, leading to massive personal debts by individuals.
Sensitive client data, including personal IDs, bank account numbers, addresses and credit ratings, were leaked from the three companies last month, prompting fears among victims that the information would be used in financial scams.
Around 20 million people are estimated to have been affected from the leak in a country with a population of 50 million.
The three firms will be banned from attracting new clients and will be prohibited from providing card loans and cash advance services, the sources said. Existing clients will not be affected.
The punishment is likely to seriously hurt the card companies which, because of the revolving nature of the industry, need to attract new customers daily to make up for those who withdraw.
Financial authorities said they will also commence a so-called "fast-track suspension" system as of Monday under cooperation with the police to immediately track phone calls suspicious of financial scams.
Online bank transactions above 1 million won will be subject to additional identification and confirmation procedures through March, a tighter monitoring from the current 3 million won.
Investigators have said that the stolen information has not been circulated and the culprits were caught before the data were handed over to scammers, but they failed to calm fears. Some 6.12 million people have canceled or applied for new credits cards as of Saturday since the revelation of the leaks on Jan. 19.
Sources said the firms' CEOs will likely be punished toward the end of this month after determining the degree of their accountability.
The financial regulators are also reviewing punitive measures against the local unit of Standard Chartered Bank and Citibank, as personal data of some 130,000 customers were leaked in December.