The Hong Kong Securities and Futures Commission (SFC) issued a circular today, requiring internet brokerage firms and virtual asset trading platform operators to stop using one-time passwords (OTP) that pose impersonation fraud risks during customer login and device binding, and switch to higher-strength authentication methods such as passkeys and device binding. Large internet brokerage firms should immediately adopt the new authentication scheme, while other institutions must complete implementation within 12 months from the date of the circular. The SFC emphasized that while strengthening preventive monitoring, relevant institutions also need to implement effective detection and surveillance measures to identify suspicious login, trading, and withdrawal activities in real time, promptly notify customers of important account changes, and regularly warn about emerging cybersecurity risks.

View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
Add a comment
Add a comment
No comments
  • Pinned