Tough new security measures for online banking customers

Users of internet banking will have to navigate through more stringent security measures to carry out online transactions from next month, the Hong Kong Monetary Authority announced yesterday.

All customers changing their personal details or carrying out online banking transactions deemed to be high-risk will be required to use one of three new methods of identification.

Customers may receive a one-time password via mobile phone SMS messaging; they may get a one-off password through a security device which banks will supply; or they can use e-certificate technology embedded in their Hong Kong identity cards through a smart-card reader.

William Ryback, the authority's deputy chief executive, said: 'In addition to the normal login ID and password, a customer needs a second factor which is in his or her physical possession for additional identity verification.

'We believe that this is an effective way [of] tackling the latest internet banking frauds, such as fake bank websites, 'phishing' e-mails and Trojan software.'

By the end of last year, Hong Kong had 2.7 million personal internet banking accounts, an increase of 23 per cent on the previous year, and 107,000 business internet bank accounts, up 60 per cent from 2003.

Standard Chartered Bank will introduce SMS passwords for customers doing high-risk transactions, which it defined as transfers or payment to unregistered third-party bank accounts.