Why Hong Kong banks are turning to tokens for security
Most top-tier banks and financial institutions in Hong Kong have been using two-factor authentication (2FA) to secure online transactions both on the PCs, smartphones and other mobile devices.
In the near future, 2FA is set to become a baseline requirement for every player in the banking and financial services industry when the Hong Kong Monetary Authority (HKMA) enforces stricter cybersecurity measures on internet trading in the city.
2FA requires two forms of authentication for account access such as password plus hardware/virtual token, or fingerprint.
Now a choice has to be made whether to use a hardware-based token or a software-based token as banks strive for the right balance between security and convenience.
Digital tokens is the future
In an interview with Computerworld Hong Kong, Alfred Wong (photo right), vice president for information technology at JETCO said the future points to the growing popularity of software-based tokens for 2FA as well as multi-factor authentication.
JETCO is a bank consortium that operates more than 3,000 ATMs in Hong Kong, Macau and over 20 cities across mainland China, offering convenient, reliable local and cross-border ATM services. It also provides a range of value-added mobile banking services to its member banks
“There are two major drivers to adoption of soft tokens. One is better user experience from the customer point of view. Many people now are very busy and they increasingly use their smartphones for online banking. For them carrying a hardware token is a hassle, so a software token embedded in the mobile banking app is a good alternative to secure online access. What’s more, certain smartphone models have advanced security features such as fingerprint and facial recognition.
“The other driver for the adoption of software-based tokens is coming from the banks that are looking for more innovative and more cost-effective way of delivering 2FA. Hardware-based tokens are very secure, but they are expensive for the banks to deploy and maintain. Because providing the hardware devices is part of the service, banks don’t charge for them,” Wong said.
Banks in Hong Kong are turning increasingly to software-tokens to secure online access, particularly for their mobile payment services.
For example, several banks such as American Express, Bank of China (Hong Kong), Citibank, Dah Sing Bank, DBS Bank, and Standard Chartered Bank came onboard as Samsung Pay launched in Hong Kong a two weeks ago.
Security measures include biometric authentication such as fingerprint or iris sensors on supported Samsung smartphones to authorize payments, as well as card tokenization and the Samsung Knox security platform.