Strengthening Security Controls for Internet Banking Services

Press Releases

13 Jul 2009

Strengthening Security Controls for Internet Banking Services

In the light of recent Internet banking fraud cases that involve increasingly sophisticated fraudulent techniques reported locally and overseas, the Hong Kong Monetary Authority (HKMA) has issued today (Monday) a circular requiring all authorized institutions (AIs) to step up their security controls over their Internet banking services.

The HKMA noticed that the recent fraudulent technique adopted by fraudsters is believed to involve infecting the customer's personal computer (PC) with Trojan horse programs to hijack the Internet banking login credentials of customers (including one-time passwords for two-factor authentication) during the Internet banking login process. The hijacked login credentials were used by the fraudsters to conduct high-risk Internet banking transactions such as making fund transfer to an unregistered third-party account.

"Given the increasingly sophisticated fraudulent techniques, there is a need for AIs to step up their security measures to combat Internet banking frauds. One of the important security measures is that AIs are required to notify their customers immediately via a SMS message or other effective means after completing an online high-risk transaction (e.g. transferring fund to an unregistered third-party account) with the transaction details. We would strongly encourage bank customers to make full use of such a service, verify the transaction details and notify their bank immediately if they discover any suspected unauthorised transactions. We believe that so long as both bank customers and banks have taken appropriate security precautions, Internet banking services with adoption of two factor authentication are safe to use." said an HKMA spokesperson.

The HKMA will continue to work with the Hong Kong Police Force and the banking industry to monitor the latest technological developments and trends of Internet banking frauds. We will continually enhance the Internet banking security and consumer education programme with a view to fostering a safe and convenient Internet banking environment for all in Hong Kong.

For further enquiries, please contact:
Thomas Chan, Communications Chief, at 2878 1480 or
Hing-fung Wong, Manager (Communications), at 2878 1802

Hong Kong Monetary Authority
13 July 2009

Latest Press Releases
Last revision date : 13 July 2009