PaymentsJournal
No Result
View All Result
SIGN UP
  • Commercial
  • Credit
  • Debit
  • Digital Assets & Crypto
  • Digital Banking
  • Emerging Payments
  • Fraud & Security
  • Merchant
  • Prepaid
PaymentsJournal
  • Commercial
  • Credit
  • Debit
  • Digital Assets & Crypto
  • Digital Banking
  • Emerging Payments
  • Fraud & Security
  • Merchant
  • Prepaid
No Result
View All Result
PaymentsJournal
No Result
View All Result

HSBC Implements Easy P2P, So Guess What The Crooks Discovered

By Tim Sloane
November 12, 2018
in Analysts Coverage, Biometrics, Debit, Emerging Payments, P2P
0
1
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn
fraud

fraud

Lately, the industry has become focused on reducing the friction associated with payments, but perhaps we’ve forgotten why we asked so many questions – HSBC discovered the answer; it’s to keep the criminals out:

“Simple verification procedures for HSBC e-payment app PayMe allowed hackers to carry out unauthorised transactions after luring victims into disclosing their email passwords using phishing scams, a police source said on Friday.

Cybersecurity experts have called on the bank to introduce two-factor authentication, which requires users to provide an additional piece of information besides a password.

HSBC said on Thursday night that about 20 accounts with the e-wallet system had been accessed without authorisation, and transactions carried out involving HK$100,000 (US$12,770).

The breach had been reported to police and the Hong Kong Monetary Authority, the bank said.

A veteran policeman with knowledge of the incident said hackers posing as an email service provider had sent out phishing emails asking victims to submit their passwords to initiate an update to their accounts.

“That’s how the victims’ email accounts were hacked. But the scammers then looked for PayMe notifications in their emails, and if they saw one, would send a message to the app requesting a password change,” the source said.

“The hackers could then control their victims’ PayMe accounts. PayMe has no security issue as such, but the verification process is way too easy.”

Chester Soong, director of the Internet Society Hong Kong, said two-factor authentication should be adopted, which requires information other than a password, such as a thumbprint, face scan, ID card number or passcode sent to a phone.”

In this case a quick biometric challenge issued to the users smartphone would have prevented the fraudsters transfer of funds while still making the payment easy for smartphone users. For millennials and the wealthy, banks that fail to adopt the biometric solutions available on modern smartphones are beginning to come across as simply obstinate. Consumers use biometrics to open the phone and to make card payments via the wallet, they now expect bank apps to similarly adopt that simple and secure method. In the case of HSBC it could have saved them from some really terrible publicity.

Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group

1
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn
Tags: BlockchainFraud Risk and AnalyticsHSBCP2P

    Get the Latest News and Insights Delivered Daily

    Subscribe to the PaymentsJournal Newsletter for exclusive insight and data from Javelin Strategy & Research analysts and industry professionals.

    Must Reads

    Payments Modernization

    Playing Offense and Defense: Why Now Is the Time for Payments Modernization

    May 13, 2025
    Authorization Rates

    Boosting Revenue for Merchants by Optimizing Authorization Rates

    May 12, 2025
    Why Payment Orchestration is the key to international merchant growth

    Ensuring Payment Decisions Pay for Themselves

    May 9, 2025
    cross-border

    As Businesses Reevaluate Cross-Border Relationships, Financial Institutions Can Help

    May 8, 2025
    Nacha WEB Debit Account Validation Rule Verification Solution, Quovo ACH Payment

    The Brave New Future of the Disappearing Account

    May 7, 2025
    solana financial

    After an Upgrade, Solana is Primed to Be the Blockchain of Choice for Financial Institutions

    May 6, 2025
    PAR values

    The Connecting Thread: How PAR Values Can Mitigate Fraud and Supercharge Loyalty Programs

    May 5, 2025
    mobile banking

    How Mobile Banking Apps Can Be the Center of Customers’ Money Movement Activities

    May 2, 2025

    Linkedin-in X-twitter
    • Commercial
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Digital Banking
    • Commercial
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Digital Banking
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    • About Us
    • Advertise With Us
    • Sign Up for Our Newsletter
    • About Us
    • Advertise With Us
    • Sign Up for Our Newsletter

    ©2024 PaymentsJournal.com |  Terms of Use | Privacy Policy

    • Commercial Payments
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    No Result
    View All Result