Hong Kong’s Securities and Futures Commission (SFC) today issued a circular requiring internet brokers and virtual asset trading platform operators to cease using one-time passwords (OTPs), which are vulnerable to impersonation and fraud risks, during customer login and device binding processes, and instead adopt stronger authentication methods such as Passkeys and bound devices. Large internet brokers must implement the new authentication scheme immediately, while other institutions must complete implementation within 12 months from the date of the circular. The SFC emphasized that while strengthening preventive monitoring, relevant institutions must also implement effective detection and surveillance measures to identify suspicious login, trading, and withdrawal activities in real time, promptly notify customers of important account changes, and regularly warn about emerging cybersecurity risks.

View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • 2
  • 2
  • Share
Comment
Add a comment
Add a comment
BluePeonyMinerDream
· 11h ago
Passkeys are finally here to put an end to the chaos caused by OTP scams—phishing websites go from ecstatic to devastated.
View OriginalReply0
  • Pinned