Hong Kong beefs up e-wallet identity verification
Enhanced security features include two-factor authentication process.
The Hong Kong Monetary Authority (HKMA) has urged store value facility (SVF) operators and banks to comply with refined verification requirements for e-wallet users who are setting up direct debit authorisation (eDDA) after a number of reported fraud cases.
Also read: Cybercriminals prey on prosperous Hong Kong banks
Banks and SVF operators could either send out an SMS notification to the user confirming the setting up of the eDDA or make a one-time credit transfer from the relevant bank account to his electronic wallet, so as to confirm the wallet user is the same as the bank account owner.
Another alternative would be going through the bank’s two-factor authentication process.
The enhanced security process will apply for the direct debit services conducted through the newly launched Faster Payment System (FPS) and non-FPS channels.
“To implement the refined process, direct debit services through both channels have been temporarily suspended, but the resumption of services using the above refined process is expected to begin incrementally starting from next week,” the HKMA said in a statement.
The beefed up cybersecurity practices comes after the HKMA suspended the eDDA which automatically top-ups e-wallets via the FPS. Customers were found to have suffered an accumulated loss of $180,000 via the instant fund transfer service with the incidents coming under the purview of police investigation.
The number of reported cases of fraudulent banking websites have also steadily grown to about 90 YTD, data from the HKMA show, as cybercriminals continue to prey on Hong Kong.