1 / 16

Electronic Safety and Soundness World Bank Financial Sector Policy Global Dialogue

Electronic Safety and Soundness World Bank Financial Sector Policy Global Dialogue. Shu-Pui LI Division Head Banking Development Hong Kong Monetary Authority 11 September 2003 (http://www.hkma.gov.hk). Outline. Trends of Security Incidents Enhancements to Supervisory Framework

paytah
Download Presentation

Electronic Safety and Soundness World Bank Financial Sector Policy Global Dialogue

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Electronic Safety and SoundnessWorld Bank Financial Sector Policy Global Dialogue Shu-Pui LI Division Head Banking Development Hong Kong Monetary Authority 11 September 2003 (http://www.hkma.gov.hk)

  2. Outline • Trends of Security Incidents • Enhancements to Supervisory Framework • International Co-operation

  3. Recent Incidents • Increasing number of fraudulent bank websites • Fake emails purporting to be sent from banks • Highly infectious computer viruses and worms • Identity thefts targeting at the weakest link

  4. Suspicious Fraudulent Website A suspicious bank website: “www.banquedenationale.com”

  5. Case Study - Suspicious Fraudulent Website • In June 2003, the HKMA received over 14 inquires regarding “Banquedenationale Bank”, which had a website “www.banquedenationale.com” and claimed to be a bank with offices in Hong Kong, New York and London. • Initial investigation: • offering banking and investment services and claiming to have presence in Hong Kong • not an authorized institution in Hong Kong • incomplete Hong Kong address • logon page without security protection (no SSL) • website without digital certificate

  6. Case Study - Suspicious Fraudulent Website • Potential violation of Banking Ordinance and a suspicious fraudulent website • Reported to the Hong Kong Police for investigation • Confirmed with the US and UK regulators that “Banquedenationale Bank” was not authorized or did not have a banking license • Issued a press release on 19 June 2003 to alert members of the public in Hong Kong

  7. Case Study - Suspicious Fraudulent Website • Challenges • Cross-border issues • Domain name was registered with a Canadian internet domain name registration company • Website appeared to be hosted in Shanghai • Requested CBRC to assist in the suspension of the website • Website suspended near the end of June 2003 • So far, no residents in Hong Kong have been reported to have any dealings with the entity

  8. What was the aim of the fake bank website? • The website was believed to aim to trick persons into disclosing their sensitive personal information. For instance, according to an overseas press report, a clergyman in the UK received an e-mail in April 2003 claiming to be sent from Zimbabwe. It asked for the clergyman’s help to transfer USD 23 million out of Zimbabwe to fund some charity activities. • “Banquedenationale Bank” then e-mailed the clergyman to request him to fax his passport copy and account number to it to effect the fund transfer. The clergyman felt suspicious and contacted the UK Police.

  9. Enhancements to Supervisory Framework Consumer education programme • The HKMA is assisting the banking industry in Hong Kong in launching a multi-channel consumer education programme to promote awareness of e-banking security precautions among the general public. • Issuance of an educational leaflet. • Production of TV episodes and Radio segments

  10. Enhancements to Supervisory Framework Screening local domain names (“.hk”) • The HKMA has arranged with the Hong Kong Domain Name Registration Company to ensure that only authorized entities (e.g. banks) can register their local internet domain names which contain the word “bank” or any of its derivatives in any language (e.g. banque).

  11. Enhancements to Supervisory Framework • The banking industry in Hong Kong, the HKMA, and the Hong Kong Force will develop an incident response mechanism (e-FIRST process) for the banking industry to better handle: • outbreak of viruses - e.g. w32blaster.worm • e-frauds • systemic incidents

  12. Supervisory Control Self-Assessment (CSA)

  13. Supervisory Control Self-Assessment (CSA) • Assisted the HKMA to prioritise supervisory resources and to have good coverage of all major banks • Rolled out CSA to 40 banks in Hong Kong • Positive feedback received, including: • useful process for bank management to prioritise resources to focus on high risk issues • sharing of benchmarking information and common issues • minimal on-going effort by using automated tools

  14. Supervisory Control Self-Assessment (CSA)

  15. International Co-operations Cross-border co-operation • In view of the cross-border nature of some e-frauds, the HKMA has suggested the Electronic Banking Group (EBG) of the Basel Committee on Banking Supervision to: • establish an updated contact list to expediate communication among EBG members for handling cross-border e-banking incidents.

  16. QUESTIONS??

More Related