All 35 authorised institutions offering e-banking services have installed digital certificates on their servers, allowing customers to verify the authenticity of e-banking websites.

Responding to a question in the Legislative Council today, Secretary for Financial Services & the Treasury Frederick Ma said the Monetary Authority issued a guidance note in July 2000 requiring the institutions to implement appropriate measures, such as digital certificates, for customers to verify the identity and genuineness of their websites.

The guidance note, however, does not mandate the use of digital certificates for authenticating electronic messages due to certain technical limitations, he said.

The authority then recommended a more pragmatic approach in May. The proposals included:

* ensuring that e-banking customers are made aware the institution or its agents/business partners will never ask for customers' sensitive account information (such as PIN numbers or passwords) by e-mail;

* advising their e-banking customers of ways to ensure that they are communicating with the official site, such as by checking the digital certificate of the e-banking site;

* searching the Internet regularly to see if there are other websites with domain names which could be mistaken for that of the institution or websites which have established hyperlinks to its site;

* if the intent of these websites is doubtful, the institution should consider disputing the use of those similar domain names or seeking the assistance of the Police or the authority; and,

* the authority, Police and the Association of Banks have co-operated to launch a consumer education programme to promote awareness of e-banking security precautions among the general public.