Contact Us
Search Print
Font Size
A A A
FacebookInstagramLinkedinWechatXYoutube
Select Category
Show All Options
Modification Time
Done
Done
Done
a
Done
News and Media
Press ReleasesR & M ColumnVideos
SpeechesForthcoming Events
inSightPhoto Gallery
Smart Consumers
Overview
e-Banking
Personal Digital KeysInternet BankingATMs
Payment and Transfer
Faster Payment System (FPS)e-Payment and Transfere-Wallets and Prepaid CardsCredit Cards
Loans
Personal CreditMortgagesPremium Financing
General Banking Services
Account Opening and MaintenanceAutopay ServicesInvestment ServicesDeposits
Beware of Fraudsters!
Don't Lend/Sell Your Account
Notes and Coins
2018 Series Hong Kong BanknotesCoin Cart Schedule
Retirement Planning
Practical Information
Barrier-free Bank Branches and ATMsHotlines of Banks & Stored Value Facility LicenseesComplaintsRegisters and ListsPublic Education VideosPublic Education EventsFAQs
Information in Other Languages
Data, Publications and Research
Data & Statistics
Daily Monetary StatisticsMonthly Statistical BulletinEconomic & Financial Data for Hong KongCMU Bond Price Bulletin
Legislative Council Issues
Publications
Annual ReportSustainability ReportHalf-Yearly Monetary & Financial Stability ReportQuarterly Bulletin
Guide to Hong Kong Monetary, Banking and Financial Terms
Research
Research MemorandumsExternal PublicationsHong Kong Institute for Monetary and Financial ResearchOther Research Papers
HKMA's Open Application Programming Interface (API)
Regulatory Resources
Registers and Lists
Register of AIs & LROsRegister of Securities Staff of AIsRegister of SVF LicenseesList of AI-related Trustees
Authorization, Licensing, Designation and Approval
Regulatory Guides
By Subject (Current)Supervisory Policy ManualGuidelinesCircularsGuide to AuthorizationCode of PracticeExplanatory NotePractice NoteAdditional Guidance
Consultations
OpenClosed
Key Functions
Money
Linked Exchange Rate SystemLiquidity FacilitiesHong Kong Currency
Reserves Management
HistoryExchange Fund's Statutory Purposes and Investment ObjectivesInvestment ManagementInvestment PerformanceRisk ManagementResponsible InvestmentExchange Fund Statistics and Publications
Banking
Banking Regulatory and Supervisory RegimeBanking Legislation, Policies and Standards ImplementationBanking Conduct and EnforcementAnti-Money Laundering and Counter-Financing of TerrorismResolution RegimeSmart BankingRegulatory GuidesRegtech Knowledge HubHKMA – BIS Joint ConferenceGreen and Sustainable Banking Conference & Green Fintech Competition
International Financial Centre
Hong Kong as an International Financial CentreFintechBond Market DevelopmentFinancial Market InfrastructureStored Value Facilities and Retail Payment SystemsStablecoin IssuersSoft InfrastructureInternational & Regional Financial Co-operationCentre for Green and Sustainable FinanceHKMA Infrastructure Financing Facilitation OfficeCross-boundary Wealth Management Connect Scheme in the Guangdong-Hong Kong-Macao Greater Bay AreaGlobal Financial Leaders' Investment SummitHKMA – BIS High-Level ConferenceHong Kong Green Week – Finance Stream
About Us
The HKMA
Governance StructureAdvisory CommitteesThe Chief Executive's CommitteeOrganisation ChartInternal AuditSustainable HKMA
Tender Invitations
The HKMA Information Centre
Exhibition AreaLibraryGeneral InformationGuided ToursSouvenirs
Related Organisations and Links
HKMA-related Organisations and LinksHKSAR Government & Related OrganisationsCentral BanksMultilateral OrganisationsOthers
Join Us
Why the HKMA?What We Do?Current VacanciesOpportunities for Students and Graduates to Join the HKMA
News and Media
Smart Consumers
Data, Publications and Research
Regulatory Resources
Key Functions
About Us

E-payment and E-banking Security Tips

inSight

16 Sep 2011

E-payment and E-banking Security Tips

Conducting payment or banking transactions through telephone or internet channels provides great convenience to users, which an increasing number of citizens are enjoying.  Generally speaking, these payment channels are safe and reliable.  But the service is susceptible to fraud if users do not protect their passwords adequately.

As an analogy, passwords for accessing your internet or phone operated payment services are like keys to the doors of your home.  We all know the importance of guarding our keys with great care. If our keys fall in the hands of villains, our home will become vulnerable regardless how strong our doors and locks are.  Likewise, if our passwords are lost, our internet or phone payment accounts will become open to abuse by fraudsters.

Recently, we have come across several fraud cases where the fraudsters have got hold of the passwords of the users through different means.  We would therefore like to remind the public to do two things to help prevent fraud:

Keep your password confidential

  • Don’t write your passwords on a piece of paper kept in your wallet.
  • Don’t store your passwords in your computer.
  • Don’t disclose logon passwords or one-time passwords to any person through any means such as e-mail, over the phone or in person.
  • Follow the security tips published by your banks or payment service operators when conducting e-banking or e-payment transactions.

Keep your computer and other e-payment devices (including smart phone) safe

  • Install personal firewall and anti-virus software on computers, and keep them up-to-date.
  • Be very cautious about opening attachments in e-mails from unfamiliar sources, and avoid visiting or downloading software from suspicious websites.
  • Never access your e-payment or e-banking accounts through hyperlinks embedded in emails, suspicious pop-up windows or any other doubtful channels.
  • Don’t install document sharing software in your computer.
  • Review your transaction records regularly.
  • Report to your bank and/or payment service operator immediately if you notice any suspicious transactions.

In the past few years, banks have been upgrading the security of their internet banking services.  For example, internet banking security was greatly enhanced after the Hong Kong Monetary Authority (HKMA) required banks in Hong Kong to implement two-factor authentication (2FA) for high-risk services (e.g. transferring fund to an unregistered third-party account) in 2005. One major type of 2FA method adopted by banks is to generate a one-time password (OTP) and send it to their customers’ mobile phones through SMS message.  However, fraudsters never stop making new attempts to compromise the system.  With the introduction of SMS forwarding service by the telecommunication industry, a fraudster may use this service to forward the SMS OTP from a user’s registered mobile phone to the fraudster’s mobile phone if the fraudster can get hold of the user’s password for activating the forwarding service.

To address this new problem, the banking industry has already worked with the mobile telephone companies to implement additional controls for SMS forwarding.  It has been agreed that the telephone operators will deliver SMS OTP messages originating from banks (and EPS Company (Hong Kong) Limited, EPSCO), to the registered mobile phone of the customers regardless of whether the SMS forwarding service of that particular mobile phone number has been activated.  This new arrangement will be implemented by the end of October 2011.

Before the new arrangement takes effect, banks (and EPSCO) will enhance their monitoring of suspicious transactions. If customers receive a notification that their SMS forwarding service has been activated when they have not made such a request, they should contact their telephone operators to verify SMS forwarding service and their banks (and EPSCO) immediately to ascertain that their bank accounts are not tempered with.

E-payment and e-banking services in Hong Kong are safe to use so long as both the service providers and the customers take appropriate precautions. In most cases, frauds can be prevented if the passwords are properly protected.  The HKMA will continue to work with the banking industry and other relevant parties to maintain a high level of system security, and customers can also greatly enhance the security of e-payment and e-banking by safeguarding their passwords and computer devices.

Nelson Man
Executive Director (Banking Supervision)
16 September 2011

Latest inSight
View All View All
Last revision date : 16 September 2011