Editorial | Vigilance essential as Hongkongers hit by more online scams
The authorities must take the breach of the eMPF platform seriously, rectify the underlying vulnerabilities and restore confidence in the electronic system
The eMPF platform is an online one-stop shop for account holders to choose their pension service providers, check performance and operate their accounts. The eKYC verification process, or “electronic Know-Your-Customer”, has been temporarily suspended. Instead, all users are advised to use the secure “iAM Smart” app linked to the Immigration Department’s facial recognition database, which has access to residents’ ID photos. Before the suspension, three in four local banks offered eKYC to clients to access their MPF accounts.
The scam was uncovered in late October when a pension holder tried to open an eMPF account and found someone else had stolen his identity and profile. At least 12 cases have been identified, with three victims having lost a total of HK$1.8 million. The suspects failed to open accounts with three others, while police intervened early enough to protect another six.
Police also said the syndicate had laundered HK$78 million through various bank accounts over two months, but it’s unclear whether the money laundering was related to the MPF scam.
It is clear that the criminal ring was well organised, capable of handling large sums of money and exploiting MPF accounts with identity theft. According to police, the personal information was obtained from illegal channels such as lost ID cards and data leaks.
Once they stole the identities, they could register on eMPF through eKYC verification and access the victims’ accounts. There was clearly a loophole in the system, and the criminals didn’t need much technical sophistication to exploit it.