Launch of Two-factor Authentication for Internet Banking 30 May 2005 Speech by Mr William Ryback, Deputy Chief Executive, Hong Kong Monetary Authority   Good afternoon, ladies and gentlemen. A very warm welcome to all of you to today’s press conference, which marks the launch of two-factor authentication by the banking industry in Hong Kong. It is a great pleasure that I am joined this afternoon by Mr He, Chairman of the Hong Kong Association of Banks, and Mr Man, Senior Superintendent, Commercial Crime Bureau, Hong Kong Police Force. They will be sharing with you shortly about the benefits of two-factor authentication to bank customers and its effectiveness in combating Internet banking frauds. We will be happy to answer your questions afterwards. The acceptance of Internet banking services has been growing rapidly in Hong Kong over the past years. At the end of 2004, over 2.7 million personal Internet banking accounts (an increase of 23% from a year ago) and 107,000 business Internet banking accounts (an increase of 60% from a year ago) were established in Hong Kong. To date many of the banking services are available online. In view of the growing acceptance of Internet banking services and sophistication of Internet banking frauds reported locally and overseas, the banking industry in Hong Kong reached a general consensus last year to strengthen the Internet banking security by implementing two-factor authentication. The HKMA endorsed this consensus and issued a circular in June 2004 requesting banks to implement such security measure by June 2005 for high-risk retail Internet banking transactions (such as fund transfers to non-designated accounts). Two-factor authentication is a security measure recognised by the information security industry to combat Internet banking frauds. In addition to the normal login ID and password, a customer needs a second factor which is in his or her physical possession for additional identity verification. This second factor should be difficult to be stolen together with the customer’s login ID and password by fraudsters over the Internet. We believe that this is an effective way in tackling the latest Internet banking frauds such as fake bank websites, phishing e-mails and Trojan software. We understand that a number of banking supervisors in other financial markets are currently reviewing the implication of the latest Internet banking frauds and consulting their banks in relation to the adoption of two-factor authentication for Internet banking. Hong Kong is one of the first places to offer such security measure to bank customers. So far the implementation of two-factor authentication has been progressing satisfactorily. All banks offering high-risk retail Internet banking transactions will allow customers to apply for two-factor authentication from next month. Individual banks may offer different two-factor authentication methods to customers. Three common methods being adopted by banks in Hong Kong are digital certificate, security token-based one-time password and SMS-based one-time password. To help you better understand the various methods, we will have a brief demonstration to illustrate these methods towards the end of the press conference. A series of promotional activities will be launched by the banking industry and individual banks from June 2005 onward to help customers to fully understand this security measure. Mr He will highlight the key features of the consumer education programme to you. Two-factor authentication strengthens the security controls of Internet banking and protects bank customers from Internet banking frauds. We are confident that with the joint efforts of the banking sector, bank customers, the Police and the HKMA, Internet banking will continue to flourish under a safe and sound environment in Hong Kong. Without further ado, let me pass the time to Mr He.