The Hong Kong Monetary Authority (the HKMA), on 24 May 2019, issued an alert for eight (8) cyber security incidents which involved a total amount of HK Dollars 70,000. Three banks reported cases where the payments were done in an unauthorized manner. This was done over a period of three weeks. The suspected criminals were successful in stealing the customer data, which included the login details and passwords for performing the transactions.

Under this, the HKMA has decided the following three point:

Reporting Obligations of the Banks

The HKMA has been made aware of the illegal transactions, which resulted due to the reports that were filed by the relevant banks. The HKMA reminded the banks of its reporting obligations. It called for the "same-day report" which is to be filed, and the incidents will be reported on the same day when the bank discovers the said transaction. The HKMA made a point to convey to the bank that the report should be made to the Privacy Commissioner for Personal Data (the PCPD).

Two Factor Authentication

The HKMA issued the Two-factor authentication for the maximum transaction limit for the small-valued payments which are conducted by way of internet banking. The limit that was put is HK$10,000 per day per account.

Customer Protection

As it seems that the alert has caused some banks to reimburse the funds to the customer where the compensation has been paid. The refunds have been made as per the rules mentioned in the Code of Banking Practice (the CBP) which has been issued by the DTC Association and the Hong Kong Association.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.