The Hong Kong Securities and Futures Commission (SFC) has mandated that internet brokerages and virtual asset trading platforms cease using one-time passwords for customer logins and device binding. This move aims to combat rising impersonation fraud attacks. Instead, the SFC requires the adoption of more robust authentication methods, such as passkeys and enhanced device binding, to prevent credential theft.
Large internet brokerages must implement these changes immediately, while other institutions have a 12-month deadline. Additionally, firms are instructed to enhance monitoring of abnormal activities, including logins, trades, and withdrawals, and to promptly inform customers of any security breaches. Senior management will be held accountable for any customer losses due to inadequate internal controls.
Hong Kong SFC Mandates Stronger Authentication for Brokers and Crypto Platforms
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.
