Key Information

inSight
Speeches
Speeches by Speaker
Norman T.L. Chan
Peter Pang
Eddie Yue
Arthur Yuen
Raymond Li
Edmond Lau
Esmond Lee
Meena Datwani
Vincent W.S. Lee
James Lau
Joseph Yam
Y K Choi
William Ryback
David Carse
Tony Latter
Andrew Sheng
Hans Genberg
Simon Topping
Michael Taylor
The Honourable Donald Tsang
Chen Yuan
Dai Xianglong
Don Brash
Jaime Caruana
Andrew Crockett
Mario Draghi
David Eldon
Stanley Fischer
Timothy F. Geithner
Stephen Grenville
Kenneth G. Lay
William McDonough
Ernest Patrikis
Glenn Stevens
Jean-Claude Trichet
Tarisa Watanagase
Zeti Akhtar Aziz
Press Releases
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999
1998
1997
Press Releases by Category
Bogus Voice Message Phone Calls
Banking in Hong Kong
Fraudulent Websites, E-mails and Telephone System, and other fraud cases
Granting of Banking Licences
Exchange Fund
Table of Multiples of Notes and Payments for Allotted Amount under non-competitive tender
Table of Multiples of Notes and Payments of Application Amount under non-competitive tender
Tender of Exchange Fund Bills and Notes
Tender Results of Exchange Fund Bills and Notes
Tentative Issuance Schedule for Exchange Fund Bills and Notes
Appointments and Departures
HKMA Pay Review
HKMA Publications
Speeches
The Hong Kong Mortgage Corporation
Hong Kong Note Printing Limited
Hong Kong Institute for Monetary Research
Exchange Fund Investment Limited
Others
Hong Kong Financial Infrastructure
International Relations
Investment Products Related to Lehman Brothers
Monetary Policy
Notes and Coins
Renminbi business
Credit Card Lending Survey
Monetary Statistics
Residential Mortgage Survey
Year 2000
Others
Guidelines and Circulars
Guidelines
Circulars
2015
2014
2013
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999
1998
1997
359.3404

insight

P2P small-value payment and mobile banking: the importance of customers’ security awareness

(Translation)

Development of Internet banking in Hong Kong enters a new phase

On January 3, the HKMA collaborated with the Radio Television Hong Kong (RTHK) to launch the third episode of  the “All about Banking” TV drama series, which highlighted in a humorous way some smart tips on using mobile banking services.  The episode reminded us that certain people, coveting the download of free applications (Apps) from unofficial sources, would jailbreak or root their smartphones.   Such actions can compromise smartphone security significantly, making them susceptible to hacking by fraudsters and resulting in leakage of personal information or financial loss. 

Following the issuing of a revised guideline on e-banking by the HKMA last September, many banks have introduced or plan to introduce P2P (peer-to-peer) small-value payment services, giving customers more choices and convenience.  Bank customers can make small-value funds transfers to third parties without having to go through two-factor authentication to re-authenticate their identity.  This new service, along with the growing popularity of smartphones, will take Internet and mobile banking services into a new phase.

Safety tips on the use of smartphones and computers

The public should take proper precautions when using smartphones. Without proper protection, fraudsters may be able to steal personal information, leading to financial loss.  For example, in August last year, some overseas news reports said that more than 200,000 jailbroken smartphones were infected with computer viruses, resulting in personal information being stolen.  However, simple steps can protect smartphones and computers from being compromised.

Similar to the lock on our door at home, a password is the lock to our smartphones and computers.  We all hope that our door lock will not open easily.  Therefore, we should set strong passwords for our smartphones and computers that are hard to guess.  Moreover, we do not use the same key to open all the locks in our home.  Similarly, we should set different passwords for different devices or Internet services and accounts.  In addition, just as we lock the door and close the windows of our home when going out, we should also enable the auto-lock function of our smartphones and computers to prevent unauthorised access.

We all know the importance of installing anti-virus software on our computers.  This important security measure is also applicable to certain operating systems of smartphones and tablet computers.   Users should only download and upgrade their Apps from official App Stores or reliable sources.  If we download and install Apps from dubious websites or hyperlinks, it is possible that our devices will be infected with computer viruses which will give fraudsters access to steal our personal information or enable them to intercept messages.

Safety tips on using Internet banking

The HKMA closely monitors Internet banking fraud trends.  For example, last year, some banks discovered some of their customers’ computers were infected with computer viruses.  A window, different from the usual login box, would pop up in the browser when they tried to log in, requesting the customers to enter their passwords or additional information such as their credit card numbers or other personal information.  The more prudent customers noted the different login procedure and immediately contacted the banks concerned, rather than entering their details as requested.  They then realized that their computers were planted with Trojan computer viruses and were able to avoid unnecessary financial losses.

Besides, some vigilant customers paid careful attention to the transaction notifications sent to them by their banks and verified whether the transactions indicated in the notifications are authorised.  They immediately contacted their banks after noticing suspicious transactions.  As the banks were promptly notified of unauthorised transactions, they were able to stop the transactions or recover the money.

As two-factor authentication is not required for P2P small-value payment services, and more people increasingly use smartphones and tablet computers as their primary devices to access the Internet, bank customers’ security awareness of using P2P small-value payment services and protecting these mobile devices is particularly important. To minimise the risks associated with P2P small-value payment services, the revised guideline on e-banking requires banks to implement proper risk management controls. These controls include: (1) customers must agree before they can use P2P small-value payment services; (2) bank customers can set their own P2P small-value payment limits according to their needs, subject to a limit determined by banks, currently capped at an aggregate rolling total value of HK$3,000 over two days per Internet banking account; and (3) banks should also take appropriate security measures if they identify potential risks in their customers’ mobile devices.

Education programmes and industry collaboration

For ease of reference, the HKMA has prepared a leaflet on “Smart Tips on Using Internet Banking Services”, summarising the security measures mentioned above and some other useful security tips.  The key points include:

Major tips on protection of computers and smartphones

Major safety tips on using Internet banking services

Passwords: Set a difficult-to-guess password for your computer and mobile phone. Activate the auto-lock function.

Secure systems and software: Use the latest versions of operating systems and Apps.  Do not jailbreak or root your devices.

Beware of computer viruses: Install and promptly update your security software.  Download your Apps only from official App Stores.

Network functions:  Disable any wireless network functions (e.g. Wi-Fi, Bluetooth, NFC) not in use. 

Reference: The Government’s Cyber Security Information Portal (http://www.cybersecurity.hk)

Login passwords: Set a password that is difficult to guess and different from the ones for other services.

Login process: Beware of any unusual login screen or process.

Messages from banks: Check your bank’s SMS messages and other messages in a timely manner and verify your transaction records.

Bank websites and Apps: Internet banking should be accessed by directly entering the bank’s website address, or by using a bookmark or an Internet banking mobile App.

 

A free print copy of the “Smart Tips on Using Internet Banking Services” is available at the HKMA Information Centre.   The public can also download an e-copy of the leaflet from the HKMA website (see attachment).  These smart tips are also supported by Government departments and the industry , including the Communication Association of Hong Kong, Hong Kong Association of Banks, Hong Kong Computer Emergency Response Team Coordination Centre, Hong Kong Computer Society, Hong Kong Police Force, Joint Electronic Teller Services Limited and Office of the Government Chief Information Officer.  These organizations will upload the e-copy of the leaflet to their official websites or promote the smart tips through other means.  In addition, these organizations will launch various education programmes to promote relevant security tips through different channels and to raise public awareness of the safe and secure use of smartphones and computers, as well as online services.

The HKMA will continue to collaborate with different organizations and remind the public through different methods and channels on how to safely use e-banking services.  In addition to the above promotional and educational efforts, it is also banks’ responsibility to educate their customers and provide them with the related security tips.

Internet banking services in Hong Kong have been growing healthily and steadily in the past ten years.  The monthly average transaction amount of Internet banking increased by  around 19 times to HK$6,255 billion in 2014 from HK$318 billion in 2005, an average yearly growth rate of about 38%.  At the end of 2014, there were approximately 9.6 million personal and 850,000 business Internet banking accounts, which were about three and five times respectively of the numbers in a decade before.  We expect the banking industry and the public to work together so that e-banking services will continue to enjoy safe and steady growth in Hong Kong.

 

Arthur Yuen
Deputy Chief Executive
Hong Kong Monetary Authority

21 January 2016

 

Attachments

 

 

Last revision date: 21 January 2016
ABOUT THE HKMA
The HKMA
Tender Invitations
Careers@HKMA
Legislative Council Issues
Links
The HKMA Information Centre
KEY FUNCTIONS
Monetary Stability
Banking Stability
International Financial Centre
Exchange Fund
PUBLICATIONS & RESEARCH
Annual Report
Half-Yearly Monetary & Financial Stability Report
Quarterly Bulletin
HKMA Background Briefs
Reference Materials
Research
MARKET DATA & STATISTICS
CMU Bond Price Bulletin
Economic & Financial Data for Hong Kong
Monthly Statistical Bulletin
Monetary Statistics
KEY INFORMATION
Press Releases
Speeches
Guidelines & Circulars
Forthcoming Events
inSight
OTHER INFORMATION
Account Opening
Consumer Corner
Consumer Education Programme
Complaints about Banks
Complaints about SVF Licensees
Internet Banking
Fraudulent Bank Websites, Phishing E-mails and Similar Scams
Be Careful of Bogus Phone Calls and SMS Messages
Authenticate the Callers and Bank Hotline Numbers
Register of AIs & LROs
Register of Securities Staff of AIs
Register of SVF Licensees
Investment Products Related to Lehman Brothers
Photo Gallery