Article details
The Hong Kong Securities and Futures Commission (SFC) has mandated that internet brokers and virtual asset trading platforms replace one-time passwords (OTPs) with phishing-resistant authentication methods. This directive, issued on July 9, 2026, aims to combat rising account takeover attacks targeting client credentials. The SFC emphasized the need for stronger security measures, including multi-factor authentication (MFA) and cryptographic tokens, to protect user data and prevent unauthorized access.
This regulatory shift is significant for traders and financial institutions, as it raises compliance costs and operational adjustments for firms. Enhanced security protocols may also influence investor confidence in digital platforms, particularly in the crypto sector, where phishing attacks are prevalent. Traders should anticipate increased scrutiny of platform security standards, which could impact market trust and adoption rates.
For global markets, the move reflects a broader trend toward stricter cybersecurity regulations in financial services. Investors should monitor how firms adapt to these requirements, as non-compliance risks penalties or reputational damage. The focus on phishing resistance may also drive innovation in authentication technologies, benefiting long-term market stability.