On May 24, 2019, the Hong Kong Monetary Authority (HKMA) said that it has received reports from banks regarding eight cases of unauthorized small-value payment transactions involve three banks and a total value of HKD 70,000. Based on the latest information, it is possible that the fraudsters have stolen the customers’ Internet banking login passwords to perform small-value payment transactions.
In accordance with the HKMA’s regulatory requirements, banks should notify a customer immediately after the customer initiates a small-value payment transaction. The said unauthorized transactions were detected after the customers contacted the banks upon receiving the notifications. The affected banks and customers have reported these cases to the Police. In accordance with the Code of Banking Practice, a customer should not be held responsible for any direct loss suffered by him or her as a result of unauthorized e-banking transactions unless he or she acts fraudulently or with gross negligence. Following this requirement, the banks have already compensated some of the customers, while the remaining cases are being processed.
The HKMA wishes to remind the public of the need to take suitable precautionary measures when using e-banking services in order to prevent these fraud cases from happening. These precautionary measures include:
- Setting e-banking passwords that are difficult to guess and different from the ones for other internet services, and regularly changing these passwords;
- In stalling and promptly updating security software to protect their computers and mobile phones;
- Refraining from using public computers or public Wi-Fi to access e-banking accounts; and
- Checking their e-banking accounts from time to time and reviewing alert messages and statements issued by banks in a timely manner.