The Hong Kong Monetary Authority (HKMA) has seen an increase in fraudulent cases involving payment cards being linked to new mobile payment services. Fraudsters have been using phishing methods to obtain payment card information and one-time passwords from cardholders, resulting in unauthorized transactions. To address this issue, the HKMA has mandated card-issuing authorized institutions (AIs) to enhance security controls over the binding of payment cards to new mobile payment services. AIs are required to implement additional authentication measures such as obtaining extra confirmation from cardholders, requiring additional authentication before conducting the first mobile payment transaction, and activating newly bound payment services after performing a two-factor authentication. AIs must implement these measures by 31 May 2023.
resource: https://www.hkma.gov.hk/media/eng/doc/key-information/guidelines-and-circular/2023/20230425e3.pdf