Although cookies provide capabilities that make the internet much easier to navigate and provide a better user experience, some people have indicated concerns that the information collected using cookies might give rise to data privacy issues. We believe that if used properly, cookies can be helpful in providing convenience and better user experience to internet users.
Let me also take this opportunity to remind the public to stay vigilant to potential security issues when using internet banking services including fraudulent bank websites, phishing e-mails and other threats (e.g. Trojan horse attack). As we have mentioned previously, bank customers should never access their accounts through hyperlinks embedded in e-mails, suspicious pop-up windows or other doubtful channels. Customers using internet banking should connect to their bank website through typing the website address in the address bar of the browser or by bookmarking the genuine website and using that for access. Customers should also change their passwords periodically and not use simple passwords. Further information and advice on internet banking safety may be found on the HKMA website and on the websites of most banks.
Bank customers are also strongly advised to make use of the two-factor authentication provided by banks for the internet banking services. In particular, one of the important security measures is that banks are required to notify their customers immediately via an effective means (e.g. SMS message) after completing an online high-risk transaction (e.g. transferring fund to an unregistered third-party account) with the transaction details. Bank customers should make full use of such a service, verify the transaction details and notify their bank immediately if they discover any suspected unauthorised transactions. So long as both banks and their customers have taken appropriate security precautions, internet banking services are safe to use.
Hong Kong does have a generally safe internet banking environment. But we appreciate that the technological landscape relating to the provision of internet services is ever changing and fraudsters will become smarter over time. The HKMA will continue to monitor the development and trend of internet banking services and to review and, if necessary, strengthen the relevant controls where appropriate.
Executive Director (Banking Conduct)
15 October 2010
1 That is, by embedding the unique session identifier into the Uniform Resource Locator (URL) (the "address" of a web page in the internet) of a web page (e.g. http://www.example.com/abc/pgm?session_id=123)