Hong Kong’s Rakuten Securities enhances online trading security mechanisms
The measures are introduced in response to new requirements outlined by Hong Kong’s Securities and Futures Commission.
Rakuten Securities Hong Kong Limited, a subsidiary of Japanese online trading expert Rakuten Securities, has published a notice on its website informing its clients of new online security measures.
For the purpose of enhancing online trading security, the broker will implement two-factor authentication (2FA) starting from late April 2018 and clients will be required to use 2FA for accessing Rakuten FX and Trading Station (TS). Otherwise, clients will not be able to access our trading platform. The second factor authentication will be in the form of a one-time passcode (OTP). For Rakuten FX Client, OTP will be sent by SMS. For TS Client, OTP can be received by SMS and “My Page App” mobile app.
The change is mandatory, the broker says.
The company explains that the new security measures are introduced in line with the new requirements outlined by the Securities and Futures Commission (SFC) on reducing cybersecurity risk associated with Internet trading issued on October 27, 2017. The new rules, effective April 27, 2018, include a mandatory requirement for licensed corporations to implement two-factor authentication mechanism for clients logging into their internet trading accounts.
Let’s recall that the new rules apply to companies engaged in:
- Type 1 regulated activity (dealing in securities);
- Type 2 regulated activity (dealing in futures contracts);
- Type 3 regulated activity (leveraged foreign exchange trading);
- Type 9 regulated activity (asset management).
In addition to 2FA, the entities should implement monitoring and surveillance mechanisms to detect unauthorised access to clients’ Internet trading accounts. Other requirements concern data encryption of sensitive information such as client login credentials (ie, user ID and password) and trade data during transmission between internal networks and client devices.
The rules also require from online trading companies to outline contingency plans for cyber incidents. The companies should make all reasonable efforts to cover possible cyber-attack scenarios such as DDoS attacks and total loss of business records and client data resulting from cyber-attacks (eg, ransomware) in the contingency plan and crisis management procedures.
