Hong Kong tightens online banking security

All banks in the country have upgraded to a two-factor authentication system for high-risk online transactions.

All banks in Hong Kong have upgraded to a two-factor authentication system, moving beyond simple user name and password for "high-risk" online transactions.

The Hong Kong Monetary Authority (HKMA) has mandated the use of two-factor authentication such as digital certificate, one time-use passwords generated by SMS (short message service) or security token cards, for all high-risk retail Internet banking transactions. This includes fund transfers to non-designated accounts. The new regulations took effect the end of last month.

"Two-factor authentication further strengthens the security controls of Internet banking and protects bank customers from Internet banking frauds," said Mr William Ryback, deputy chief executive of the HKMA, in a media statement. "Hong Kong is one of the first places amongst the developed financial markets to establish such a regulatory requirement, which enables Internet banking to continue to flourish under a safe and sound environment."

The use of Internet banking services has been growing rapidly in Hong Kong. At the end of 2004, over 2.7 million personal and 107,000 business Internet banking accounts were established, marking an increase of 23 and 60 percent respectively from the previous year.