P2P small-value payment and mobile banking: the importance of customers’ security awareness

(Translation)

Development of Internet banking in Hong Kong enters a new phase

On January 3, the HKMA collaborated with the Radio Television Hong Kong (RTHK) to launch the third episode of  the “All about Banking” TV drama series, which highlighted in a humorous way some smart tips on using mobile banking services.  The episode reminded us that certain people, coveting the download of free applications (Apps) from unofficial sources, would jailbreak or root their smartphones.   Such actions can compromise smartphone security significantly, making them susceptible to hacking by fraudsters and resulting in leakage of personal information or financial loss. 

Following the issuing of a revised guideline on e-banking by the HKMA last September, many banks have introduced or plan to introduce P2P (peer-to-peer) small-value payment services, giving customers more choices and convenience.  Bank customers can make small-value funds transfers to third parties without having to go through two-factor authentication to re-authenticate their identity.  This new service, along with the growing popularity of smartphones, will take Internet and mobile banking services into a new phase.

Safety tips on the use of smartphones and computers

The public should take proper precautions when using smartphones. Without proper protection, fraudsters may be able to steal personal information, leading to financial loss.  For example, in August last year, some overseas news reports said that more than 200,000 jailbroken smartphones were infected with computer viruses, resulting in personal information being stolen.  However, simple steps can protect smartphones and computers from being compromised.

Similar to the lock on our door at home, a password is the lock to our smartphones and computers.  We all hope that our door lock will not open easily.  Therefore, we should set strong passwords for our smartphones and computers that are hard to guess.  Moreover, we do not use the same key to open all the locks in our home.  Similarly, we should set different passwords for different devices or Internet services and accounts.  In addition, just as we lock the door and close the windows of our home when going out, we should also enable the auto-lock function of our smartphones and computers to prevent unauthorised access.

We all know the importance of installing anti-virus software on our computers.  This important security measure is also applicable to certain operating systems of smartphones and tablet computers.   Users should only download and upgrade their Apps from official App Stores or reliable sources.  If we download and install Apps from dubious websites or hyperlinks, it is possible that our devices will be infected with computer viruses which will give fraudsters access to steal our personal information or enable them to intercept messages.

Safety tips on using Internet banking

The HKMA closely monitors Internet banking fraud trends.  For example, last year, some banks discovered some of their customers’ computers were infected with computer viruses.  A window, different from the usual login box, would pop up in the browser when they tried to log in, requesting the customers to enter their passwords or additional information such as their credit card numbers or other personal information.  The more prudent customers noted the different login procedure and immediately contacted the banks concerned, rather than entering their details as requested.  They then realized that their computers were planted with Trojan computer viruses and were able to avoid unnecessary financial losses.

Besides, some vigilant customers paid careful attention to the transaction notifications sent to them by their banks and verified whether the transactions indicated in the notifications are authorised.  They immediately contacted their banks after noticing suspicious transactions.  As the banks were promptly notified of unauthorised transactions, they were able to stop the transactions or recover the money.

As two-factor authentication is not required for P2P small-value payment services, and more people increasingly use smartphones and tablet computers as their primary devices to access the Internet, bank customers’ security awareness of using P2P small-value payment services and protecting these mobile devices is particularly important. To minimise the risks associated with P2P small-value payment services, the revised guideline on e-banking requires banks to implement proper risk management controls. These controls include: (1) customers must agree before they can use P2P small-value payment services; (2) bank customers can set their own P2P small-value payment limits according to their needs, subject to a limit determined by banks, currently capped at an aggregate rolling total value of HK$3,000 over two days per Internet banking account; and (3) banks should also take appropriate security measures if they identify potential risks in their customers’ mobile devices.

Education programmes and industry collaboration

For ease of reference, the HKMA has prepared a leaflet on “Smart Tips on Using Internet Banking Services”, summarising the security measures mentioned above and some other useful security tips.  The key points include:

A free print copy of the “Smart Tips on Using Internet Banking Services” is available at the HKMA Information Centre.   The public can also download an e-copy of the leaflet from the HKMA website (see attachment).  These smart tips are also supported by Government departments and the industry , including the Communication Association of Hong Kong, Hong Kong Association of Banks, Hong Kong Computer Emergency Response Team Coordination Centre, Hong Kong Computer Society, Hong Kong Police Force, Joint Electronic Teller Services Limited and Office of the Government Chief Information Officer.  These organizations will upload the e-copy of the leaflet to their official websites or promote the smart tips through other means.  In addition, these organizations will launch various education programmes to promote relevant security tips through different channels and to raise public awareness of the safe and secure use of smartphones and computers, as well as online services.

The HKMA will continue to collaborate with different organizations and remind the public through different methods and channels on how to safely use e-banking services.  In addition to the above promotional and educational efforts, it is also banks’ responsibility to educate their customers and provide them with the related security tips.

Internet banking services in Hong Kong have been growing healthily and steadily in the past ten years.  The monthly average transaction amount of Internet banking increased by  around 19 times to HK$6,255 billion in 2014 from HK$318 billion in 2005, an average yearly growth rate of about 38%.  At the end of 2014, there were approximately 9.6 million personal and 850,000 business Internet banking accounts, which were about three and five times respectively of the numbers in a decade before.  We expect the banking industry and the public to work together so that e-banking services will continue to enjoy safe and steady growth in Hong Kong.

Arthur Yuen
Deputy Chief Executive
Hong Kong Monetary Authority

21 January 2016

Attachments

• Smart Tips on Using Internet Banking Services
  http://www.hkma.gov.hk/media/eng/doc/key-functions/banking-stability/consumer-corner/smart_tips_on_using_internet_banking_1.pdf

• Consumer Education Programme - Major Safety Tips on Using Internet Banking Services
  http://www.hkma.gov.hk/eng/key-functions/banking-stability/consumer-corner/strengthening-financial-consumer-protection/consumer-education-programme/internet-banking.shtml

• Consumer Education Programme - Education Drama Series (in Cantonese) (Episode three about jailbreaking)
  http://www.hkma.gov.hk/eng/key-functions/banking-stability/consumer-corner/strengthening-financial-consumer-protection/consumer-education-programme/education-drama.shtml