Foresight News|7月 09, 2026 09:24
[Hong Kong SFC Requires Virtual Asset Trading Platforms to Adopt Anti-Phishing Authentication Methods to Protect Client Accounts]
Foresight News reports that the Hong Kong Securities and Futures Commission (SFC) issued a circular today, requiring internet brokers and virtual asset trading platform operators (virtual asset trading platforms) to adopt effective anti-phishing authentication methods for client logins and device binding.
The SFC now requires internet brokers and virtual asset trading platforms to cease using one-time passwords for client logins and device binding, as this practice carries associated risks. There are currently stronger alternative authentication solutions, such as passkeys and device binding, which can provide more robust and anti-phishing authentication methods.
The SFC mandates that these anti-phishing authentication methods should be implemented as soon as practicable, but no later than 12 months from the date of the circular. Large internet brokers are required to adopt these authentication methods immediately.
In addition to robust preventive monitoring measures, internet brokers and virtual asset trading platforms should also implement effective detection and monitoring measures to identify suspicious login, transaction, and withdrawal activities. They should promptly notify clients of significant account activities and respond swiftly to hacking incidents. Furthermore, they should regularly alert and remind clients about emerging phishing scams and other cybersecurity risks.
Share To
Timeline
HotFlash
APP
X
Telegram
CopyLink