Opinion | Hong Kong won’t deter financial fraud by blacklisting bank accounts

Scammers typically use multiple accounts, and the time it takes to report the crime and investigations to conclude will also undermine the effectiveness of the alert system

As more victims are now deceived into initiating payments themselves, it would make sense to track user behaviour and flag unusual IP addresses

Reading Time:3 minutes

A Hong Kong police officer holds up seized evidence on May 3, relating to the arrest of 100 people over cyber fraud, including a love scam in which a victim in Canada lost HK$23 million (US$2.9 million) after falling for a swindler’s “sweet talk”. Photo: Jelly Tse

Published: 9:30am, 10 Oct 2023

In the first half of 2023, there was a significant uptick in financial fraud recorded in Hong Kong. Fraudsters were responsible for total financial losses of HK$2.69 billion (US$343 million), representing a 28 per cent increase over the same period last year.

As businesses rush to tackle this growing problem, the police force, Monetary Authority and the Hong Kong Association of Banks are reportedly working together to stay ahead of fraudsters. They plan to launch an alert system supported by a bank account blacklist next month. While this represents a step forward, it still falls short of what is needed to put an end to these deceptive schemes.

The introduction of a blacklist based on past cases is indeed a commendable step. However, fraudsters typically use multiple accounts at various traditional or virtual banks. Victims might not realise they have been scammed for weeks and it might take even longer to acknowledge what has happened and report it to the authorities.

Furthermore, police investigations also take time. During this critical window, bad actors could create new mule accounts and initiate a new cycle of deception. While it is uncertain how frequently the blacklist would receive updates, this gap will diminish the overall efficacy of the alert system.

Amid the current surge in data breaches and phishing attacks, fraudsters have turned to opening bank accounts using stolen or fake identities. Additionally, bad actors can hire someone to create bank accounts on their behalf, indicating that the implementation may only alter the methods by which fraudsters engage in their illicit activities, rather than addressing the underlying issue.

Cybercriminals are also exploiting the capabilities of artificial intelligence (AI) deepfake technology to pilfer the identities of genuine individuals. By using deepfake technology, attackers can fabricate fraudulent documents and manipulate facial features or voices to establish counterfeit accounts or submit loan applications in the victim’s name.

Select Voice

Choose your listening speed

Get through articles 2x faster

1.25x

250 WPM

Slow

Average

Fast

00:0000:00

1.25x