|

Hong Kong SFC Bans One-Time Passwords For Crypto Platforms To Combat Rising Phishing Threats

Hong Kong SFC Bans One-Time Passwords For Crypto Platforms To Combat Rising Phishing Threats
Hong Kong SFC Bans One-Time Passwords For Crypto Platforms To Combat Rising Phishing Threats

The Hong Kong Securities and Futures Commission (SFC) has issued a round requiring digital asset buying and selling platforms and web brokerages to interchange one-time password (OTP) authentication with extra strong safety strategies, as spoofing and fraud assaults on buyer accounts proceed to accentuate.

The regulator cited rising threats from impersonation scams, noting that phishing and spoofing assaults accounted for 57% of all safety incidents reported to the Hong Kong Cybersecurity Incident Response Centre in 2025. In response, the SFC is now mandating that platforms section out OTPs for each buyer login and gadget binding processes — practices it has flagged as more and more insufficient towards refined fashionable assaults.

Firms are required to undertake stronger alternate options, corresponding to passkeys and bound-device authentication, which the SFC describes as providing extra resilient and fraud-resistant verification. While all lined entities should comply inside 12 months of the round’s issuance, giant web brokerages are anticipated to implement the brand new measures instantly.

Broader Security Obligations and Accountability

Beyond authentication upgrades, the round outlines a wider set of obligations spanning detection, response, and consumer training. Virtual asset buying and selling platforms and brokerages should implement surveillance methods able to figuring out suspicious login, buying and selling, and withdrawal exercise. Firms are additionally required to inform shoppers promptly of great account occasions and reply swiftly to any hacking incidents. Ongoing consumer warnings about rising cyber threats and impersonation scams are anticipated as nicely.

The SFC made clear that senior administration at these companies bears final accountability for the adequacy of account safety controls. Institutions discovered to have insufficient inside safeguards might be held accountable for any ensuing consumer losses — a pointed sign to compliance groups throughout Hong Kong’s digital asset sector.

The round builds on earlier regulatory alerts. The SFC had been monitoring OTP-related dangers since late 2024 and, in a February 2025 round, strongly inspired licensed firms to maneuver away from OTPs — making in the present day’s mandate a agency regulatory deadline slightly than a voluntary advice. For crypto platforms working in Hong Kong, the message is unambiguous: legacy authentication strategies are not acceptable.

The publish Hong Kong SFC Bans One-Time Passwords For Crypto Platforms To Combat Rising Phishing Threats appeared first on Metaverse Post.

Similar Posts