Banks in Hong Kong are set to introduce two-factor authentication services to the country's 2.7 million Internet banking customers next month.
The Hong Kong Monetary Authority (HKMA) said last year that banks will be required to introduce two-factor authentication for online transactions by June 2005. Individual banks can choose whether to provide Web banking customers with digital certificates, single-use passwords or SMS-based text authentication services, which will be used in addition to usernames and passwords.
William Ryback, deputy chief executive, HKMA, says: "We believe that this is an effective way in tackling the latest Internet banking frauds such as fake bank Web sites, phishing e-mails and Trojan software."
According to local press reports, a number of banks in Hong Kong have been hit by phishing scams although the HKMA has not disclosed the exact number of reported incidences. In October last year twelve people were arrested in Hong Kong in connection with a banking phishing scam that is thought to have netted the fraudsters HK$600,000.
Banks in the UK and Australia are also introducing a common industry standard for two-factor authentication of online transactions in a bid to combat phishing scams and cut card-not-present fraud. US regulator The Federal Deposit Insurance Corporation (FDIC) has also urged banks in the country to abandon single password-based ID systems in favour of two-factor authentication following increases in 'account hijacking' ID theft.