The Securities and Futures Commission in China is stepping up regulatory oversight of online trading platforms to protect them from hackers which may have implications for the likes of E*Trade (ETFC) and Charles Schwab (SCHW) down the road.
Late last week, the Chinese government released twenty new guidelines including a requirement that online trading firms provide customers with two-factor authentication to log into their trading accounts over the Internet. Firms have until April of 2018 to implement two-factor authentication. In a statement Julia Leung, the Securities and Futures Commission executive director said having robust preventive and detective controls in place is needed to lower the risks of a hack. “Given that passwords have not proven effective to prevent hacking, two-factor authentication is an important part of effective cybersecurity risk management,” she said, according to the South China Morning Post. Other rules include putting strict guidelines on passwords, having a secure network infrastructure and putting in place a cybersecurity risk management plan. The online trading firms are also expected to create a framework for monitoring and surveillance mechanisms to spot unauthorized access to client’s trading accounts and the encryption of sensitive information and trade data when it is being sent between internal networks and the customers.
The move on the part of the Chinese government agency comes as hackers have been increasingly targeting Hong Kong companies, particularly those that provide online trading. According to the SFC for the year-and-half ended in March, 12 companies in Hong Kong reported 27 cybersecurity instances with most involving the unauthorized access of clients trading accounts at securities firms. The total in unauthorized trades, as a result, hit HK$110 million.
While E*Trade and Charles Schwab, or any of the discount brokers, haven’t had any major hacks of their systems, in the wake of the Equifax data breach in which the personal information of 145.5 million customers, including 209,000 credit card accounts were compromised, customers should beef up their protections. The Securities and Exchange Commission said as much in a bulletin this spring although it hasn’t put any rules on the books. The SEC urges online trading clients or anyone accessing investments over the Internet to pick a strong and complicated password that is changed regularly. That means one that’s not only easy to guess but includes symbols, numbers, uppercase and lowercase letters. It also urges the use of two-factor authentication, biometric safeguards such as fingerprint, face or voice recognition if available and using different passwords for all of the person’s online accounts.