The streets may be safer than ever, but the password-protected corners of the information superhighway are the new focus of organised criminals. Cyber-fraud is now a bigger deal than the illegal drugs market, in terms of annual financial losses, and although that's largely due to a combination of cheap graphics cards and automated hacker tools, it's our weak six-character passwords that leave online transactions and bank accounts open to attack.
Nearly 70 per cent of people in Hong Kong use the same password across multiple accounts, according to a recent PayPal-commissioned survey by City University of more than 1,200 internet users. Six out of 10 never update online passwords for the seven (on average) websites that hold their personal information. Three quarters make online payments at least once a month, but 78 per cent are discouraged from doing so more regularly because of security worries.
'Despite rising fears of hacking and online attacks, most people do not act in response to change their risky online habits,' says Dr Daniel Tse Woon-kwan from CityU's information systems department. 'Risky behaviour runs unexpectedly high across respondents of all levels of education and income levels.'
Charles Mok, Internet Society Hong Kong's founding chairman, agrees more awareness is needed: 'There's an apparent disconnect between Hong Kong people's high interest in using online and mobile payment methods with their low awareness and readiness to protect themselves against the potential risks.'
In short, we're burying our heads in the sand, though we seem to be more cautious when using our smartphones to make payments. More than two-thirds of respondents enjoy the convenience and efficiency of making transactions from a smartphone, but just one-fifth of people think that using a mobile phone to make payments is secure. What's more, only one in eight is willing to spend more than HK$500 using mobile payment.
What can save us from the hassle of remembering - and remembering to change - so many passwords? Technology is creeping into online banking; some banks have sent out card readers to customers that use existing chip-and-PIN information, while most of us will have received text messages and automated phone calls to authorise an online banking transaction.