Hong Kong's privacy watchdog is investigating risks to early users of HSBC's popular PayMe mobile app after the South China Morning Post found some remain unaware their personal details may have been exposed. The compliance review will examine vulnerabilities of legacy users and the need for in-app prompts. The watchdog stressed that the bank must ensure the highest level of privacy protection by default.
PayMe, one of Hong Kong's largest e-payment apps run by HSBC, serves more than 100,000 local and online merchants, from retail shops to taxis across the city. The app has 3.2 million users, with concerns centering on early adopters who signed up during its initial phase as a peer-to-peer social payment tool.
The Office of the Privacy Commissioner for Personal Data (PCPD) told the South China Morning Post on Monday that the compliance review would “look into all relevant issues, including the vulnerability of legacy users and the need for in-app prompts.” The probe follows the Post's discovery that some early users remain unaware their personal details may have been exposed due to privacy settings on transaction history.
HSBC stated that since 2019, users have been able to choose the level of visibility for their transaction history within the app. However, the watchdog insisted the bank must prioritize the highest level of privacy protection by default, in line with the Personal Data (Privacy) Ordinance and Data Protection Principle 3.
PayMe's evolution from a social payment app to a full mobile wallet highlights privacy challenges in Hong Kong's booming digital payments sector. While no widespread breach has been confirmed, the investigation underscores the need for fintech firms to enhance user awareness and safeguards. Keywords reference an August 2024 incident, though details are unclear.
