- Home
- Mail Tracking
- Request for Change in Mail Collection Office or Mail Re-delivery
- Postage Rates
- Locations
- About Hongkong Post
- News & Publications
- Performance Pledges
- Products & Services
- PostalPlus for SME
- Hongkong Post e-Club
- Shopping
- Forms
- Access to Information
- Tender News
- Related Links
- Contact Us
News
Fact Sheet - Hongkong Post e-Cert as a Two-factor Authentication Tool
What is two-factor authentication?
Two-factor authentication is a technology that accurately authenticates an online identity and thus protects users from possible Internets frauds.
Traditional means of online authentication with user ID and password only addresses to basic security needs. Both user ID and password are transmitted over the Internet during the authentication process such as login. Cases have been reported that user IDs and passwords are stolen by fraudsters through phishing e-mails, fake websites, Trojan software and other malicious programmes over the Internet.
Two-factor authentication provides higher level of security by employing a combination of two different factors in verifying a user's online identity. The first factor is "something you know" such as user ID and password. The other factor is "something you have" such as e-Cert or security token that can be physically held by a user. The second factor is not transmitted over the Internet and thus safe from Internet fraudsters' attack.
Why two-factor authentication is needed for secure Internet banking?
- Much more secure - Internet fraudsters cannot steal "something you have" in physical possession. High-risk Internet banking transactions with two-factor authentication can provide substantially stronger online security.
- Convenient and easy to use - Only simple and straightforward steps are needed to start using two-factor authentication tools.
Catering the requirements by Hong Kong Monetary Authority, local banks will introduce two-factor authentication tools in high-risk Internet banking transactions by end of June 2005. Currently, user IDs and passwords are commonly employed by banks as the basic factor to authenticate the identities of Internet banking customers. A new second factor will be introduced in selected high-risk Internet banking transactions such as fund transfers to non-registered third party accounts, bill payments, change of personal particulars, etc.
Hongkong Post e-Cert as a readily available two-factor authentication tool
Hongkong Post's e-Cert is one of options for two-factor authentication. Through the one-year free e-Cert offer with smart ID card, more than 950,000 Hong Kong residents have already got their e-Cert embedded smart ID cards, which are readily available two-factor authentication tools for Internet banking services.
Benefits of using e-Cert as two-factor authentication
- High level of security - e-Cert is a highly secure means with two-factor authentication based on industry leading security standard (PKI).
- Confidentiality and integrity - e-Cert protects information from unauthorized access by third parties and proves that content has not been altered during transmission, and ensures privacy and confidentiality.
- Legal protection - e-Cert generates digital signatures which enjoys the same legal status as hand-written ones under the Electronic Transaction Ordinance (ETO).
Steps of using e-Cert
Step 1 of using e-Cert
Step 2 of using e-Cert
Step 3 of using e-Cert
A smart card reader is required for accessing the e-Cert on smart ID card. Over ten different types of smart card readers are available for sales at Hongkong Post in e-Cert counters inside smart ID card centers, twenty designated post offices and its online store.
Hongkong Post and e-Cert partner banks will jointly launch a series of usage promotion campaigns, offering initiatives such as free smart card readers to selected customers, to encourage the usage of e-Cert as two-factor authentication in Internet banking.
Getting e-Cert on smart
The Hong Kong Government is currently replacing existing Hong Kong Identity Card with new smart ID cards. Holders of the new smart ID cards are offered one-year free use of e-Cert. The public can enjoy one-stop registration of e-Cert available in the e-Cert counters inside smart ID card centers while they replace their smart ID cards.
Existing smart ID card holders who have not opted for the free e-Cert may apply for it anytime during the ID card replacement exercise (up to early 2007) at the nine Hongkong Post e-Cert counters inside the smart ID card centres and twenty designated post offices.