Hong Kong SFC requires crypto platforms and brokers to phase out OTP login verification within 12 months.

robot
Abstract generation in progress
According to a report by The Block, a news update from Mars Finance says that the Hong Kong Securities and Futures Commission (SFC) has issued a circular requiring licensed virtual asset trading platforms and internet brokers to stop using one-time passwords (OTP) for user login and device binding within 12 months. Instead, they must adopt stronger authentication methods such as passkeys (Passkey) and device binding. The move is driven by the fact that deception attacks accounted for as much as 57% of Hong Kong’s cybersecurity incidents in 2025. The SFC also requires institutions to set up monitoring systems for suspicious logins, transactions, and withdrawals, and to promptly notify customers of abnormal activity on their accounts. Large brokers must implement the new authentication measures immediately. The SFC emphasized that if weaknesses in an institution’s internal controls lead to customer losses, the relevant parties will be held accountable.
View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
Add a comment
Add a comment
No comments
  • Pinned