HONG KONG, 14 JULY 2009 In the light of recent Internet banking fraud cases that involve increasingly sophisticated fraudulent techniques reported locally and overseas, the Hong Kong Monetary Authority (HKMA) issued on Monday (13 July) a circular requiring all authorised institutions (AIs) to step up their security controls over their Internet banking services.
The HKMA noticed that the recent fraudulent technique adopted by fraudsters is believed to involve infecting the customer's PC with Trojan horse programs to hijack the Internet banking login credentials of customers (including one-time passwords for two-factor authentication) during the Internet banking login process.
The hijacked login credentials were used by the fraudsters to conduct high-risk Internet banking transactions such as making fund transfer to an unregistered third-party account.
Given the increasingly sophisticated fraudulent techniques, there is a need for AIs to step up their security measures to combat Internet banking frauds, said an HKMA spokesperson.
Mandatory SMS notification
One of the important security measures is that AIs are required to notify their customers immediately via an SMS message or other effective means after completing an online high-risk transaction (for example, transferring funds to an unregistered third-party account) with the transaction details. We would strongly encourage bank customers to make full use of such a service, verify the transaction details and notify their bank immediately if they discover any suspected unauthorised transactions, the spokesperson said.
We believe that so long as both customers and banks have taken appropriate security precautions, Internet banking services with adoption of two-factor authentication are safe to use. said the HKMA spokesperson.
The HKMA is committed to work with the Hong Kong Police Force and the banking industry to monitor the latest technological developments and trends of Internet banking frauds.
The central bank said it will continually enhance the Internet banking security and consumer education programme with a view to fostering a safe and convenient Internet banking environment for all in Hong Kong.
The Monetary Authority warns consumers to beware of fraudulent website http://standardchartered-online.org which looks similar to the Standard Chartered Bank (HK)'s official website.
The bank has clarified it has no connection with the bogus site and has reported the case to Police.
Sign up for CIO Asia eNewsletters.