bodyType

customContents

entityId

entityUuid

articlePageQuery

filter

article

articleBaseAdvertisingInfoArticle

articleListArticle

articleSeoArticle

helpersCheckIsPostiesArticle

hooksArticleAcknowledgementGateOverlayArticle

hooksTrackPageViewArticle

hooksContentInterestArticle

articleLinkingDataContent

hooksAmpRedirectArticle

articleSchemaContent

liveArticle

advertZone

sentiment

contentLock

topics

types

sections

moreOnThisArticles

urlAlias

commentCount

authorLocations

authors

corrections

sponsorType

displaySlideShow

multimediaEmbed

printHeadline

seriesContainer

socialHeadline

headline

flag

firstTopic

glossary

flattenTypeIds

publishedDate

additionalInfoBoxes

quizIds

images

image

relatedLinks

relatedNewsletters

__typename

createdDate

sponsor

paywallTypes

pdfFiles

seriesReverseOrder

series

disableOffPlatformContent

published

updatedDate

summary

subHeadline

body

keywords

readingTime

customTimezone

liveContents

Alex Lo

Banks may soon ask customers to use a different  access code every time they log in, to try to thwart fraud through fake websites.
The system requires users to call their bank on a pre-registered phone number and key in an access code of their choice before logging onto the bank's website.

The code will only be valid for 15 minutes, after which users will not be able to   log on to do their  internet banking, even with the right combination of their user ID and password.
The system, designed by the information technology arm of PCCW, UniHub,  is believed to be a world first.
'It's a one-time validation code that you can key in to the bank centre on your mobile phone or your home phone, and you can choose whatever number combination you want each time,' said UniHub vice-president Eric Law Chun-wah.  
'To successfully break in, a hacker would have to use your pre-registered phone number to key in an access code, and then use your password and user ID to log on within 15 minutes. To do all this, I think other crimes besides hacking and computer crimes will have to be committed.'
Most fake bank sites or bogus e-mails involve fooling victims into keying in their logon ID and password, which criminals then use to access their bank accounts. Police said more than 35 fraudulent websites had been identified in the first eight months of the year.
Under the UniHub system,  only an authentic bank site would  display  a customer's user ID together with the  temporary access code. Only then would customers  key in their  password. 
If the bank site were fake, it would not display the customer's  temporary access code or would show an incorrect one. 
'The good thing is, you only need to remember your  access code for 15 minutes,' Mr Law said. 'With this system, even people who know your password and logon ID cannot access your bank account.'
UniHub has obtained patents for the system for Europe, North America and China. 
Mr Law said the firm was in talks with Hong Kong banks to introduce the system, but would not say if any deals had been finalised. 



Access codes key to safe online banking