Internet Banking -
Two-factor authentication protects you from Internet banking fraud. Take a few seconds to read how you can benefit from this new technology and enjoy far more secure online banking services. It is simple and straightforward. Contact your bank for more information about two-factor authentication.
Two-factor authentication is required if you wish to conduct high-risk Internet banking transactions.
The Need for More than Just a User ID and Password
Cases have been reported of user IDs and passwords being stolen by fraudsters through phishing emails, fraudulent websites and malwares. This shows the need to increase the security of Internet banking.
Different banks may offer different types of two-factor authentication methods to customers. Two-factor authentication uses a combination of two different factors for verifying a user's identity. Below is one of the common examples:
Three common types of two-factor authentication currently being adopted by banks are:
Security Token-based OTP
An OTP generated by a security device/token. Each OTP is used only once and expires within a short period of time.
- How it works - You press the button on the security device/token to obtain an OTP, which is used as the additional identity authentication, e.g. to confirm a high-risk transaction.
User types in token-based OTP to confirm high-risk transaction
An SMS-based one-time password (OTP) generated by the bank and sent to your mobile phone for additional identity authentication. Each SMS OTP is used only once and expires within a short period of time.
- How it works - When you initiate a high-risk transaction, you will receive an SMS OTP on your mobile phone. You then type in the OTP to confirm the transaction.
User types in SMS OTP to confirm high-risk transaction
An electronic identification certificate that helps establish your identity online. It can be stored in a smart card (e.g. the Hong Kong Smart ID card) or an electronic key (e.g. USB key).
- How it works - You insert the smart card or key into a smart card reader or a USB port of a PC during the authentication process.
User inserts Hong Kong Smart ID card into a smart card reader and types in digital certificate password to confirm high-risk transaction
- Safeguard your device for two-factor authentication (e.g. smart card, security token or mobile phone).
- Follow the security tips given by your bank.
Apart from the above-mentioned authentication factors, which are “Something You Know” and “Something You Have”, for the two-factor authentication, more banks have implemented or planned to implement biometric authentication. Customers may make use of their unique biological characteristics, such as fingerprints, voice, as a means for authentication. This factor of “Something You Are” can be used jointly with one of the aforementioned factors as another way of two-factor authentication.
The Benefits of Using Two-factor Authentication
- Much more secure - fraudsters cannot steal 'something you have' in your physical possession (such as a mobile phone) over the Internet.
- Protection for high-risk transactions - all high-risk Internet banking transactions (such as fund transfers to non-designated accounts) are protected by an additional authentication factor which is physically held by you only.
- Convenient and easy to use - you can have substantially stronger online security by taking a few more steps, which are simple and straightforward.
Major safety tips for using Internet Banking service can be found here.
Some information in relation to two-factor authentication (also available in the form of a leaflet, PDF File, 1MB) was also issued by the Hong Kong Association of Banks and endorsed by the Consumer Council, the Hong Kong Monetary Authority and the Hong Kong Police Force in the past.