The amount of money stolen from customers using Hong Kong’s new faster payment system has ballooned to HK$400,000 (US$51,000) – and the Monetary Authority believes that figure could increase.
On Tuesday, Howard Lee Tak-chi, the deputy chief executive of the HKMA, said there were more than 10 suspected cases of fraud involving the system they knew about so far, and the authority was in the process of gathering more information from its various partners.
“We need to figure out the amount with various parties such as customers, banks and e-wallet operators,” Lee said. “If customers do not tell us, we wouldn’t have known.”
Lee said e-wallet operators would compensate victims if unauthorised fund transfers were found, under an agreement between the operators and banks.
Only last week, the city’s de facto central bank put the amount believed to have gone missing at HK$180,000.
While most cases have involved several thousands of dollars in losses, HK$100,000 was taken in one instance, a spokeswoman for the authority said earlier.
The thefts are a setback for Hong Kong’s smart banking push, and last Wednesday the authority ordered e-wallet operators to suspend the automatic top-up function from 21 banks to Octopus and the city’s units of Alipay and WeChat Pay.
Police are investigating the fraud, but Lee moved to reassure the public that the thefts had nothing to do with the security of the services, which are part of the faster payment system launched on September 30.
Comparing the system to a highway, and the e-wallet operators as car park managers, Lee said the new system was like a road connecting different banks and operators, and the thefts happened not on the road, but at the car parks.
“Thieves stole cars from car parks and drove on the highway,” he said. “The problem is not about the highway, but the security of the car parks. It is up to car park managers to guard their gates on who they allow to get in.”
The fast payment system is meant to enable the instant transfer of funds between banks and e-wallet operators, rather than the 24 to 48 hours it can presently take.
Some victims said they believed their personal data, including Hong Kong ID numbers, had been stolen, perhaps from data they had submitted when applying for jobs.
The stolen identity numbers were then used to set up accounts in different e-wallets, enabling top-up transfers from different banks.
Before suspending the auto transfer function, the authority allowed 21 banks and 10 e-wallet operators to conduct immediate fund transfers, top-up of e-wallets, and other cashless point of sale transactions.
Lee said the function would be resumed later this week after e-wallet operators stepped up security measures on authorisation procedures for new accounts.
E-wallet operators such as Alipay Hong Kong, WeChat Pay Hong Kong, Octopus and HKT’s Tap & Go mobile wallet were affected. Alipay is affiliated with Alibaba which owns the South China Morning Post.
Other fast payment system functions such as topping up from credit cards or individual fund transfers were not affected. The popular peer-to-peer payment app, PayMe, run by HSBC, was not affected as it had yet to join the faster payment system.
Lee said there were 1.5 million registered accounts with the faster payment system, with a daily usage of 30,000.
Author: Kimmy Chung