Learning Centre : Safe Mobile Payment Services | Cyber Security Information Portal

Risks

• Mobile phone to be stolen or lost due to the failure of safeguarding the device properly.
• Mobile phone to be attacked by malicious software due to insufficient security measures.
• Transaction details (e.g. the recipient) to be altered or payment details probably stolen while making transactions with suspicious merchants.
• Chances of being redirected to malicious websites while using QR code payment services.
• Chances of encountering NFC tags altered by criminals or fake NFC readers while using NFC payment services.

Impacts

• Redirected to malicious websites leading to download of malware on the mobile phone.
• Personal data, transaction contents or payment details to be stolen.
• Manipulated by criminals to make unauthorised transactions leading to monetary loss.

General Security Measures

• Set a strong password and enable auto-lock screen feature on your mobile phone.
• Set a strong password for the mobile payment service application. This password should be different from the ones for other services. Change the password regularly. Never save the password on your mobile phone or disclose it to anyone.
• Install mobile payment applications only from official or trusted sources, and read carefully the terms and conditions to understand the service charges, and users’ rights and responsibilities, in particular those related to privacy and personal data.
• Do not deposit large amount of money in the mobile payment application. The amount should be duly kept to your actual needs.
• Check your transaction records regularly and report to the related bank or payment service provider as soon as possible for any suspicious or unauthorised transactions found.
• Avoid using mobile payment services through public Wi-Fi networks.
• Turn off any unused wireless connection like NFC or Bluetooth after the transaction.
• Never alter your mobile operating system or “Jailbreak” or “Root” your device.
• Remove expired software and timely update your operating system, mobile applications and web browsers.
• Keep your anti-malware software and its signature file up-to-date.
• Always safeguard your mobile phone and other mobile devices used for payment services.
• Turn on the security features in your mobile phone, for example iOS users can turn on the Remote Wipe function and use two-step authentication on iCloud.

For more information on the security measures of Android and iOS, please visit the safety centre of this website.

Considerations while Using Mobile Payment Services

Security Measures after Completion of Mobile Payment Transactions

• Check the transaction records issued by the bank or mobile payment service provider immediately.
• Keep all transaction records for reference and scrutiny in the future.

• Initiate Remote Wipe to remove the credit card information stored in the mobile phone.
  • For iOS users, please login to the “Setting” section at the website icloud.com.
  • For Android users, please login to the “Device Management” section of Google.
  • Other users could initiate Remote Wipe through other specific applications. Should you have any enquiries, please contact the mobile service provider or smart phone manufacturer.
• Report loss to or request suspension of mobile payment services with the bank or mobile payment service provider.
• Stay vigilant against any unusual transactions.

Contact of local banks

Please visit the website of the Hong Kong Association of Banks

• Hong Kong Monetary Authority - e-Wallets and Prepaid Cards
  
  
• Cyber Security Information Portal - Keep your mobile device safe for Android user
  
  
• Cyber Security Information Portal - Keep your mobile device safe for iOS user
  
  
• Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) - Near Field Communication Security Guidelines
  
  
• Consumer Council - Get to know your data protection rights before using mobile payment services