CoinFeed
Hong Kong SFC requires brokers and virtual asset platforms to disable one-time passwords to prevent phishing scams - CoinFeed
Time 09:29

Hong Kong SFC requires brokers and virtual asset platforms to disable one-time passwords to prevent phishing scams

July 9, 2026
CoinFeed News

CoinFeed July 9 news, given the increasing severity of phishing scam attacks where customer login information is stolen, the Hong Kong SFC issued a circular requiring internet brokers and virtual asset trading platforms to stop using one-time passwords in the customer login and device binding process, and switch to passkeys, device binding and other higher-strength authentication solutions that can prevent phishing scams. Also requires large internet brokers to implement immediately, while other institutions must complete the transformation within 12 months. Institutions must also strengthen monitoring of abnormal logins, transactions, and coin withdrawals, promptly notify customers and handle hacker intrusion incidents. Senior management shall bear ultimate responsibility for customer losses caused by internal control deficiencies.

Back to News Feed