Access codes key to safe online banking
Banks may soon ask customers to use a different access code every time they log in, to try to thwart fraud through fake websites.
The system requires users to call their bank on a pre-registered phone number and key in an access code of their choice before logging onto the bank's website.
The code will only be valid for 15 minutes, after which users will not be able to log on to do their internet banking, even with the right combination of their user ID and password.
The system, designed by the information technology arm of PCCW, UniHub, is believed to be a world first.
'It's a one-time validation code that you can key in to the bank centre on your mobile phone or your home phone, and you can choose whatever number combination you want each time,' said UniHub vice-president Eric Law Chun-wah.
'To successfully break in, a hacker would have to use your pre-registered phone number to key in an access code, and then use your password and user ID to log on within 15 minutes. To do all this, I think other crimes besides hacking and computer crimes will have to be committed.'
Most fake bank sites or bogus e-mails involve fooling victims into keying in their logon ID and password, which criminals then use to access their bank accounts. Police said more than 35 fraudulent websites had been identified in the first eight months of the year.
Under the UniHub system, only an authentic bank site would display a customer's user ID together with the temporary access code. Only then would customers key in their password.
If the bank site were fake, it would not display the customer's temporary access code or would show an incorrect one.
'The good thing is, you only need to remember your access code for 15 minutes,' Mr Law said. 'With this system, even people who know your password and logon ID cannot access your bank account.'
UniHub has obtained patents for the system for Europe, North America and China.
Mr Law said the firm was in talks with Hong Kong banks to introduce the system, but would not say if any deals had been finalised.