Key Functions

Monetary Stability
Linked Exchange Rate System
Interest Rate Adjustment Mechanism
Liquidity Support to Banks
EFAC Currency Board
Transparency of Currency Board Operations
Notes & Coins of
Hong Kong
Coin Collection Programme
Milestones of Monetary Reform
History of Hong Kong's Exchange Rate System
Banking Stability
Banking Policy & Supervision
The Three-tier Banking System
Regulatory & Supervisory Framework
Key Banking Regulations
Advisory Committees
Regulation of Money Brokers
Implementation of International Standards
Leverage Ratio
Countercyclical Capital Buffer(CCyB)
Systemically Important Authorized Institutions (SIBs)
Exposure Limits
Other International Regulatory Standards
Resolution Framework
Resolution Standards
Resolution Planning
Resolution Execution
Resolution Publications
Consumer Corner
HKMA’s Work in Relation to Strengthening Financial Consumer Protection
Consumer Education Programme
Frequently Asked Questions
Information in Other Languages (Bahasa Indonesia, हिन्दी, नेपाली, ਪੰਜਾਬੀ, Tagalog, ไทย, ردوا)
Complaints about Banks
Internet Banking
Security Controls for ATM Services
Guide to Authorization
Supervisory Policy Manual
Enhanced Competency Framework for Banking Practitioners
Oversight of Financial
Market Infrastructures
Sharing of Mortgage Data
Anti-Money Laundering and Counter-Financing of Terrorism (AML/CFT)
AML/CFT-related Circulars
Sanctions-related Notices and Updates
International Financial Centre
International & Regional Financial Co-operation
International & Regional Financial Co-operation
Participation in Multilateral Agencies & International Forums
Co-operation with Other Central Banks
Application of the "One Country, Two Systems" Principle
Renminbi Business in Hong Kong
Infrastructure Financing Facilitation Office (IFFO)
Debt-market Development
Exchange Fund Bills & Notes
Government Bond Programme
Important Policy Initiatives Affecting The EFBN Programme & Other Hong Kong Dollar Debt Instruments
Financial Infrastructure in Hong Kong
Payment Systems
OTC Derivatives Trade Repository
System Links
Pan-Asian CSD Alliance
Retail Payment Development
Faster Payment System
Useful Links
Regulatory Regime for Stored Value Facilities (SVF) and Retail Payment Systems (RPS)
Regulation of Stored Value Facilities (SVF)
Complaints about SVF Licensees
Regulatory Regime for Retail Payment Systems (RPSs)
Fintech Facilitation Office (FFO)
Shenzhen-Hong Kong Fintech Award 2018
Shenzhen-Hong Kong Fintech Award 2017
Announcement about Tendering of the Global Trade Connectivity Network (GTCN)
FCAS 2.0: Shenzhen Summer Internship
Fintech Supervisory Sandbox (FSS)
Open Application Programming Interface (API) for the Banking Sector
Phased Approach
Contact Information
Enhanced Competency Framework for Banking Practitioners
Exchange Fund

Internet Banking -
Two-factor Authentication

Stronger Security

Two-factor authentication protects you from Internet banking fraud. Take a few seconds to read how you can benefit from this new technology and enjoy far more secure online banking services. It is simple and straightforward. Contact your bank for more information about two-factor authentication.

Two-factor authentication is required if you wish to conduct high-risk Internet banking transactions.


The Need for More than Just a User ID and Password

Cases have been reported of user IDs and passwords being stolen by fraudsters through phishing emails, fraudulent websites and malwares. This shows the need to increase the security of Internet banking. 

Different banks may offer different types of two-factor authentication methods to customers. Two-factor authentication uses a combination of two different factors for verifying a user's identity. Below is one of the common examples:

Two-factor Authentication

Three common types of two-factor authentication currently being adopted by banks are:


Security Token-based OTP 

An OTP generated by a security device/token. Each OTP is used only once and expires within a short period of time. 

  • How it works - You press the button on the security device/token to obtain an OTP, which is used as the additional identity authentication, e.g. to confirm a high-risk transaction. 

Security Token-based OTP

User types in token-based OTP to confirm high-risk transaction 


SMS-based OTP 

An SMS-based one-time password (OTP) generated by the bank and sent to your mobile phone for additional identity authentication. Each SMS OTP is used only once and expires within a short period of time.

  • How it works - When you initiate a high-risk transaction, you will receive an SMS OTP on your mobile phone. You then type in the OTP to confirm the transaction. 

SMS-based OTP

User types in SMS OTP to confirm high-risk transaction 


Digital Certificate

An electronic identification certificate that helps establish your identity online. It can be stored in a smart card (e.g. the Hong Kong Smart ID card) or an electronic key (e.g. USB key).

  • How it works - You insert the smart card or key into a smart card reader or a USB port of a PC during the authentication process.

User inserts Hong Kong Smart ID card into a smart card reader and types in digital certificate password to confirm high-risk transaction 



  • Safeguard your device for two-factor authentication (e.g. smart card, security token or mobile phone).
  • Follow the security tips given by your bank.


Biometric Authentication

Apart from the above-mentioned authentication factors, which are “Something You Know” and “Something You Have”, for the two-factor authentication, more banks have implemented or planned to implement biometric authentication. Customers may make use of their unique biological characteristics, such as fingerprints, voice, as a means for authentication. This factor of “Something You Are” can be used jointly with one of the aforementioned factors as another way of two-factor authentication.


The Benefits of Using Two-factor Authentication 

  • Much more secure - fraudsters cannot steal 'something you have' in your physical possession (such as a mobile phone) over the Internet.
  • Protection for high-risk transactions - all high-risk Internet banking transactions (such as fund transfers to non-designated accounts) are protected by an additional authentication factor which is physically held by you only.
  • Convenient and easy to use - you can have substantially stronger online security by taking a few more steps, which are simple and straightforward.

Major safety tips for using Internet Banking service can be found here.


Some information in relation to two-factor authentication (also available in the form of a leaflet, PDF File, 1MB) was also issued by the Hong Kong Association of Banks and endorsed by the Consumer Council, the Hong Kong Monetary Authority and the Hong Kong Police Force in the past.


Last revision date: 30 August 2016
Tender Invitations
Legislative Council Issues
The HKMA Information Centre
Monetary Stability
Banking Stability
International Financial Centre
Exchange Fund
Annual Report
Half-Yearly Monetary & Financial Stability Report
Quarterly Bulletin
HKMA Background Briefs
Reference Materials
CMU Bond Price Bulletin
Economic & Financial Data for Hong Kong
Monthly Statistical Bulletin
Monetary Statistics
Press Releases
Guidelines & Circulars
Forthcoming Events
Information in Other Languages (Bahasa Indonesia, हिन्दी, नेपाली, ਪੰਜਾਬੀ, Tagalog, ไทย, اردو)
Account Opening
Consumer Corner
Consumer Education Programme
Complaints about Banks
Complaints about SVF Licensees
Internet Banking
Fraudulent Bank Websites, Phishing E-mails and Similar Scams
Be Careful of Bogus Phone Calls and SMS Messages
Authenticate the Callers and Bank Hotline Numbers
Register of AIs & LROs
Register of Securities Staff of AIs
Register of SVF Licensees
Investment Products Related to Lehman Brothers
Photo Gallery