HKMA Calls for Improved Mobile Payment Security, Deadline Set for May 31by Fintech News Hong Kong April 26, 2023
The Hong Kong Monetary Authority (HKMA) has issued new requirements for authorised institutions (AIs) to enhance security controls when binding payment cards to contactless mobile payment services, such as Apple Pay, Google Pay, and Samsung Pay.
This move comes in response to a recent spike in fraud cases, with over 60 complaints received by HKMA in Q1 2023 involving unauthorised transactions after payment cards were linked to new mobile payment services. Typically, these frauds involved phishing emails or SMS messages to obtain cardholder information and one-time passwords.
The HKMA requires AIs to implement additional authentication measures, such as two-way SMS, in-app confirmation, callback, or other effective methods to combat this issue. Cardholders may also be required to activate the newly bound payment services through two-factor authentication.
AIs are encouraged to consult with the HKMA on alternative authentication solutions, such as biometrics. The implementation of these enhancements is expected as soon as possible but no later than May 31, 2023.