Firms Apply for Virtual Banking Licenses: The Real Competition? Cybercrime

Posted October 2, 2018

Firms Apply for Virtual Banking Licenses: The Real Competition? Cybercrime

It’s official: The Hong Kong Monetary Authority (HKMA) has announced 29 applicants have met the deadline for the chance to score one of its first batch of virtual banking licenses.

While the entire financial services industry will be watching how things unfold, that other global industry—Cybercrime, Inc.—will likely be sharpening its knives.

According to the South China Morning Post, official applicants range from global financial institutions to fintechs to telecommunications firms. That by itself demonstrates what a gamechanger the HKMA’s virtual banking initiative represents for one of the world’s most important financial centers. In fact, it may very well offer a glimpse at the future of financial services worldwide.

But as mentioned in one of our recent posts, losses from cybercrime could exceed $4 trillion this year. Which means that getting from here to a secure and profitable virtual banking rollout won’t exactly be a cakewalk—even the most cybersecurity-savvy companies. With that in mind, here are some things current and future-round applicants should keep in mind.

Cybercrime in the Region is Exploding

As the Post reports, contenders in the first round of licenses to offer branchless, digital-only banking services in Hong Kong and mainland China include big guns, like Standard Chartered Bank, China CITIC Bank and Bank of East China.

Digital-native names like Airwallex, WeLab and tech companies like TNG are on the list, too. While unconfirmed, there’s even word that smartphone maker Xiaomi had plans to submit a first-round application by deadline.

Organizations that are approved for licenses will be competing in a market that is growing decidedly digital, and most especially mobile. According to our own data, China is currently seeing the strongest growth in mobile adoption rates worldwide, along with South East Asia and India. Not only is the region home to vibrant middle- and high-income individuals and families, but mobile is also a key enabler of financial inclusion for underserved populations.

Factor in Hong Kong’s new Faster Payment System (FPS), and it’s clear mobile is, quite literally, where it’s at. Unfortunately, thieves ranging from individual fraudsters to far-flung cybercriminal networks have taken notice. According to the Q2 2018 Cybercrime Report from ThreatMetrix, Hong Kong is, not surprisingly, a prime target for cyberattacks. Worldwide, there were 150 million cyberattacks in the first half of the year, including a 157% increase in China, and a 59% increase in Southeast Asia, year-on-year.

What’s more, while 58% of all digital transactions now originate from mobile devices worldwide, one-third of all fraud attempts now target this channel.

eKYC is Key

The detailed business plans and minimum HK$300 million in capital required to apply for a virtual banking license suggests entrants have the wherewithal to deploy formidable cybersecurity operations. Indeed, several of them have run successful Internet banking businesses for years.

But the electronic Know Your Customer (eKYC) requirement imposed on financial institutions and certain financial reporting entities under increasingly stringent anti-money laundering (AML) laws is a key consideration for both new and existing players getting into this space.

eKYC is the process of verifying the identity of customers, and assessing the risks or illegal intentions, at the point of each transaction, whether they’re opening or logging into an account, applying for a loan or making a payment.

Entrants may already be planning to deploy modern, digital identity-based user verification and assessment solutions that enable them to meet eKYC requirements while protecting against cybercriminals wielding stolen identity credentials to launch account takeover (ATO) attacks, set up fraudulent accounts and more.

Thanks to the availability of so much stolen identity data on the dark web, look for some organizations to prioritize options that leverage global threat intelligence from thousands of companies spanning numerous industries around the globe.

Firms that have deployed such solutions report that not only does this kind of intel boost the odds of blocking fraudsters, but the same technologies dramatically increase customer recognition rates, helping deliver a frictionless customer experience for legitimate users.

A Data Breach Can Cost You Big

Few banks, few if any challenges can be more disastrous than a successful data breach. As Asian Banking and Finance (ABF) reports, seven in 10 customers will not think twice about leaving their bank in the event cybercriminals gain access to customer data. Forget about customer acquisition: customer loyalty can be one of the first major casualties in these scenarios.

“Due to the presence of the five largest banks in the world, as well as the highest penetration rates of mobile banking and mobile payments,” ABF points out, “Asia remains the most vulnerable to security attacks.”

And it can cost you. According to the 2018 Cost of a Data Breach Study from Ponemon Institute, financial institutions pay an average of US$206 for each compromised data file, and experience a churn rate as high as 6% in the aftermath of a successful breach.

Given the fact that 48% of all breaches are caused by outside cybercriminals and malicious insiders using stolen login credentials, a digital identity-based approach to authentication that possesses the analytical firepower to assess transaction intent could prove especially valuable to digital-only financial institutions.

Threats of Every Kind

Whatever cybersecurity mechanisms they put in place, the market’s first virtual banks and their customers had better hope they’re effective—and resilient. The total cost of cybercrime per financial institution is already $18 million per year, and more than $16 billion industrywide.

Should any stumble, they may have more than cybercrime to worry about. If Alibaba, HSBC and other interested parties apply for virtual banking licenses in future rounds, competition here could go super nova—fast.

Attend a special Meet-up on Virtual Banking Security, 18 Oct 2018 at Kowloon Shangri-La Hotel in Hong Kong, (for details and to reserve your seats, please email James Man at and read more on digital identity-based authentication in this case study.

Ken Lam

Ken Lam

Senior Director of Marketing, Asia Pacific Region and Japan

close btn