Key Information

inSight
Speeches
Speeches by Speaker
Norman T.L. Chan
Peter Pang
Eddie Yue
Arthur Yuen
Raymond Li
Edmond Lau
Esmond Lee
Meena Datwani
Vincent W.S. Lee
James Lau
Joseph Yam
Y K Choi
William Ryback
David Carse
Tony Latter
Andrew Sheng
Hans Genberg
Simon Topping
Michael Taylor
The Honourable Donald Tsang
Chen Yuan
Dai Xianglong
Don Brash
Jaime Caruana
Andrew Crockett
Mario Draghi
David Eldon
Stanley Fischer
Timothy F. Geithner
Stephen Grenville
Kenneth G. Lay
William McDonough
Ernest Patrikis
Glenn Stevens
Jean-Claude Trichet
Tarisa Watanagase
Zeti Akhtar Aziz
Press Releases
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999
1998
1997
Press Releases by Category
Bogus Voice Message Phone Calls
Banking in Hong Kong
Fraudulent Websites, E-mails and Telephone System, and other fraud cases
Granting of Banking Licences
Exchange Fund
Table of Multiples of Notes and Payments for Allotted Amount under non-competitive tender
Table of Multiples of Notes and Payments of Application Amount under non-competitive tender
Tender of Exchange Fund Bills and Notes
Tender Results of Exchange Fund Bills and Notes
Tentative Issuance Schedule for Exchange Fund Bills and Notes
Appointments and Departures
HKMA Pay Review
HKMA Publications
Speeches
The Hong Kong Mortgage Corporation
Hong Kong Note Printing Limited
Hong Kong Institute for Monetary Research
Exchange Fund Investment Limited
Others
Hong Kong Financial Infrastructure
International Relations
Investment Products Related to Lehman Brothers
Monetary Policy
Notes and Coins
Renminbi business
Credit Card Lending Survey
Monetary Statistics
Residential Mortgage Survey
Year 2000
Others
Guidelines and Circulars
Guidelines
Circulars
2015
2014
2013
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999
1998
1997
359.3404

insight

E-payment and E-banking Security Tips

Conducting payment or banking transactions through telephone or internet channels provides great convenience to users, which an increasing number of citizens are enjoying.  Generally speaking, these payment channels are safe and reliable.  But the service is susceptible to fraud if users do not protect their passwords adequately.

As an analogy, passwords for accessing your internet or phone operated payment services are like keys to the doors of your home.  We all know the importance of guarding our keys with great care. If our keys fall in the hands of villains, our home will become vulnerable regardless how strong our doors and locks are.  Likewise, if our passwords are lost, our internet or phone payment accounts will become open to abuse by fraudsters.

Recently, we have come across several fraud cases where the fraudsters have got hold of the passwords of the users through different means.  We would therefore like to remind the public to do two things to help prevent fraud:

Keep your password confidential

  • Don’t write your passwords on a piece of paper kept in your wallet.
  • Don’t store your passwords in your computer.
  • Don’t disclose logon passwords or one-time passwords to any person through any means such as e-mail, over the phone or in person.
  • Follow the security tips published by your banks or payment service operators when conducting e-banking or e-payment transactions.

Keep your computer and other e-payment devices (including smart phone) safe

  • Install personal firewall and anti-virus software on computers, and keep them up-to-date.
  • Be very cautious about opening attachments in e-mails from unfamiliar sources, and avoid visiting or downloading software from suspicious websites.
  • Never access your e-payment or e-banking accounts through hyperlinks embedded in emails, suspicious pop-up windows or any other doubtful channels.
  • Don’t install document sharing software in your computer.
  • Review your transaction records regularly.
  • Report to your bank and/or payment service operator immediately if you notice any suspicious transactions.

In the past few years, banks have been upgrading the security of their internet banking services.  For example, internet banking security was greatly enhanced after the Hong Kong Monetary Authority (HKMA) required banks in Hong Kong to implement two-factor authentication (2FA) for high-risk services (e.g. transferring fund to an unregistered third-party account) in 2005. One major type of 2FA method adopted by banks is to generate a one-time password (OTP) and send it to their customers’ mobile phones through SMS message.  However, fraudsters never stop making new attempts to compromise the system.  With the introduction of SMS forwarding service by the telecommunication industry, a fraudster may use this service to forward the SMS OTP from a user’s registered mobile phone to the fraudster’s mobile phone if the fraudster can get hold of the user’s password for activating the forwarding service.

To address this new problem, the banking industry has already worked with the mobile telephone companies to implement additional controls for SMS forwarding.  It has been agreed that the telephone operators will deliver SMS OTP messages originating from banks (and EPS Company (Hong Kong) Limited, EPSCO), to the registered mobile phone of the customers regardless of whether the SMS forwarding service of that particular mobile phone number has been activated.  This new arrangement will be implemented by the end of October 2011.

Before the new arrangement takes effect, banks (and EPSCO) will enhance their monitoring of suspicious transactions. If customers receive a notification that their SMS forwarding service has been activated when they have not made such a request, they should contact their telephone operators to verify SMS forwarding service and their banks (and EPSCO) immediately to ascertain that their bank accounts are not tempered with.

E-payment and e-banking services in Hong Kong are safe to use so long as both the service providers and the customers take appropriate precautions. In most cases, frauds can be prevented if the passwords are properly protected.  The HKMA will continue to work with the banking industry and other relevant parties to maintain a high level of system security, and customers can also greatly enhance the security of e-payment and e-banking by safeguarding their passwords and computer devices.

Nelson Man
Executive Director (Banking Supervision)
16 September 2011

Last revision date: 16 September 2011
ABOUT THE HKMA
The HKMA
Tender Invitations
Careers@HKMA
Legislative Council Issues
Links
The HKMA Information Centre
KEY FUNCTIONS
Monetary Stability
Banking Stability
International Financial Centre
Exchange Fund
PUBLICATIONS & RESEARCH
Annual Report
Half-Yearly Monetary & Financial Stability Report
Quarterly Bulletin
HKMA Background Briefs
Reference Materials
Research
MARKET DATA & STATISTICS
CMU Bond Price Bulletin
Economic & Financial Data for Hong Kong
Monthly Statistical Bulletin
Monetary Statistics
KEY INFORMATION
Press Releases
Speeches
Guidelines & Circulars
Forthcoming Events
inSight
OTHER INFORMATION
Account Opening
Consumer Corner
Consumer Education Programme
Complaints about Banks
Complaints about SVF Licensees
Internet Banking
Fraudulent Bank Websites, Phishing E-mails and Similar Scams
Be Careful of Bogus Phone Calls and SMS Messages
Authenticate the Callers and Bank Hotline Numbers
Register of AIs & LROs
Register of Securities Staff of AIs
Register of SVF Licensees
Investment Products Related to Lehman Brothers
Photo Gallery