ZA Bank requires additional authentication from users to comply with HKMA's guidelines

ZA Bank now requires users to complete additional authentication when binding ZA Card to new digital wallets, in response to a recent circular issued by the Hong Kong Monetary Authority (HKMA), which requires banks to perform additional authentication over the binding of payment cards to contactless mobile payment services.

ZA Bank's move seeks to offer a more secure spending experience. This new measure demonstrates ZA Bank’s commitment to user security, with the aim of enhancing consumer protection and security level for online transactions.

Commenting on the measure, Calvin Ng, executive director and alternate chief executive of ZA Bank, said: “At ZA Bank, we pride ourselves on putting user experience at the forefront of everything we do, striking a perfect balance between convenience and security."

"The foundation of banking lies in trust, and as the leading digital bank in Hong Kong, our commitment to enhanced authentication measures exemplifies our agility in harnessing cutting-edge technology to protect our users’ assets. We firmly believe that our unwavering dedication to safeguarding customers' interests not only bolsters confidence in ZA Bank, but also elevates the entire banking industry's standards,” he added. 

Don't miss: Report: Digital fraud attempts surge 18% in HK from pre-pandemic levels

This comes after the HKMA required authorised institutions (AIs) in April to strengthen security controls over the binding of payment cards to contactless mobile payment services, as it received over 60 complaints from cardholders in Q1 2023 about unauthorised transactions being conducted over their cards after they were bound to new payment services. 

In the light of the latest developments and having discussed with the industry, the HKMA considers that there is a need for card-issuing AIs to strengthen security controls over the binding of payment cards to new mobile payment services. Specifically, card-issuing AIs are required to conduct additional authentication on top of the input of correct card data and the one-time password to confirm that the cardholders have indeed given the instructions to bind their cards with new payment services.

Examples of such authentication measures include obtaining additional confirmation from cardholders before the binding takes effect through two-way SMS, in-App confirmation, call back or other effective means; requiring the cardholders to perform additional authentication before the first mobile payment transaction is conducted through the newly bound payment services; and requiring the cardholders to activate the newly bound payment services after performing a two-factor authentication in the internet or mobile banking applications of the banks.

AIs are expected to implement the above mentioned enhancement over the binding of cards to new payment services before 31 May.

Join Content 360 - Hong Kong: Stories For A New Era where over 150 content marketers come together to shape the future.  Content 360 - Hong Kong is a must-attend conference that focuses on cutting-edge content trends, innovative creation techniques, strategies to customise your content for the newest marketing channels, and more. Don't miss out on this opportunity to elevate your content marketing game in Hong Kong! Tickets are on sale now, register today. https://conferences.marketing-interactive.com/content360-hk/

Related articles:

ZA Bank maps out 'banking for Web3' ambition
ZA Bank unveils NFT Maker campaign as part of tech innovation journey
ZA Bank names Ronald Iu as new CEO and executive director
ZA Bank launches carnival for new campaign to engage with consumers