Hong Kong SFC Forces Crypto Platforms to Ditch SMS Authentication
16 Articles
16 Articles
Hong Kong SFC Orders Brokers and Crypto Platforms to Scrap OTP Logins
Hong Kong’s markets regulator has told internet brokers and licensed crypto platforms to stop using one-time passwords to log customers in, ordering them to switch to phishing-resistant methods such as passkeys within a year. The Securities and Futures Commission set out the requirement in a circular published on 9 July, addressed to internet brokers and SFC-licensed virtual asset service providers, or VASPs. It gives firms until 8 July 2027 to …
Hong Kong SFC forces crypto platforms to ditch SMS authentication
The Hong Kong Securities and Futures Commission has ordered licensed crypto trading platforms and online brokers to replace SMS-based authentication with phishing-resistant login methods within the next 12 months. According to the Hong Kong Securities and Futures Commission (SFC), virtual…
Hong Kong gives crypto platforms one year to ditch one-time passwords or cover user losses
Hong Kong crypto platforms have until July 8, 2027, to ditch one-time passwords for client logins and device registration under new security rules. By then, licensed virtual asset service providers and internet brokers must use authentication that can resist phishing for client logins and the registration or binding of devices, according to a July 9 circular. The regulator said one-time passwords, or OTPs, do not meet that standard and should no…
Hong Kong SFC Orders Crypto Platforms To Drop OTP Logins
Hong Kong’s Securities and Futures Commission ordered licensed crypto platforms and internet brokers to stop using one-time passwords for customer login and device binding, giving firms up to 12 months to move to phishing-resistant authentication. The new requirement covers virtual asset trading platform operators and internet brokerage firms. The SFC’s July 9 notice mandates phishing-resistant authentication methods for client login and device …
SFC Requires Brokers and Crypto Platforms to Stop Using OTPs for Client Login
The Securities and Futures Commission (SFC) has ordered internet brokers and virtual asset trading platforms in Hong Kong to stop using one-time passwords for client login and device binding. According to a circular issued by the regulator, firms must adopt stronger alternatives to combat the growing threat of phishing attacks involving stolen client credentials. The mandate requires firms to implement phishing-resistant authentication methods a…
Coverage Details
Bias Distribution
- 100% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium




