Hong Kong SFC Forces Crypto Platforms to Ditch SMS Authentication
13 Articles
13 Articles
Hong Kong SFC Orders Brokers and Crypto Platforms to Scrap OTP Logins
Hong Kong’s markets regulator has told internet brokers and licensed crypto platforms to stop using one-time passwords to log customers in, ordering them to switch to phishing-resistant methods such as passkeys within a year. The Securities and Futures Commission set out the requirement in a circular published on 9 July, addressed to internet brokers and SFC-licensed virtual asset service providers, or VASPs. It gives firms until 8 July 2027 to …
Hong Kong SFC forces crypto platforms to ditch SMS authentication
The Hong Kong Securities and Futures Commission has ordered licensed crypto trading platforms and online brokers to replace SMS-based authentication with phishing-resistant login methods within the next 12 months. According to the Hong Kong Securities and Futures Commission (SFC), virtual…
SFC Requires Brokers and Crypto Platforms to Stop Using OTPs for Client Login
The Securities and Futures Commission (SFC) has ordered internet brokers and virtual asset trading platforms in Hong Kong to stop using one-time passwords for client login and device binding. According to a circular issued by the regulator, firms must adopt stronger alternatives to combat the growing threat of phishing attacks involving stolen client credentials. The mandate requires firms to implement phishing-resistant authentication methods a…
Hong Kong SFC Orders Brokers to Drop OTP Logins in 12 Months
Why Is Hong Kong Moving Away From OTP Logins? Hong Kong’s Securities and Futures Commission has ordered licensed virtual asset trading platforms and internet brokerage firms to phase out one-time passwords for customer login and device registration within 12 months, marking a tougher cybersecurity standard for online financial intermediaries. The directive follows a rise in spoofing attacks and account takeover attempts targeting brokerage and c…
Crypto Platforms in Hong Kong Face 12-Month Deadline for New Anti-Phishing Requirements
TL;DR: Hong Kong’s SFC ordered virtual asset trading platforms and online brokers to adopt phishing-resistant authentication within 12 months, banning OTPs through SMS, email or app-based logins. The standards point to passkeys, cryptographically verified registered devices and hardware security keys as stronger alternatives. The move follows rising phishing and social-engineering losses, including $306 million of $482 million in industry losse…
Hong Kong’s Securities and Futures Commission Orders Phishing-Resistant Logins for Brokers, Crypto Platforms | LeapRate | Online Trading Industry News, Broker Intelligence & Fintech Analysis
The Securities and Futures Commission (SFC) has issued a circular ordering internet brokers and virtual asset trading platform operators (VATPs) in Hong Kong to abandon one-time passwords (OTPs) in favour of phishing-resistant authentication methods, as account takeover attacks targeting client credentials continue to rise. The regulator’s directive, published on 9 July 2026, requires firms to stop using OTPs for both client login and device bin…
Coverage Details
Bias Distribution
- 100% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium





