The Monetary Authority of Macao (AMCM) has directed local card-issuing banks to introduce a mobile-banking-app function to authorise online card transactions by the end of December 2025, replacing one-time SMS verification codes for those approvals. Cardholders who have not activated mobile banking services may continue to authorise transactions using one-time SMS codes. Under the new set-up, cardholders only need to update their mobile banking app and do not need a separate registration. When card details are entered on a merchant website, the customer is prompted to open the mobile banking app to complete identity verification, with the authorisation screen showing key transaction details including the last four digits of the credit card, merchant name, transaction currency and amount. Banks must provide clear operating guidance and adequate customer support. Separately, to reduce phishing risks, AMCM has required financial institutions to stop including any hyperlinks or QR codes in SMS or emails sent to customers from December 2025 and to reinforce related customer awareness campaigns.
Monetary Authority of Macao 2025-12-15
Monetary Authority of Macao orders banks to shift online card transaction authorisation to mobile apps and stop sending hyperlinks or QR codes to customers
The Monetary Authority of Macao has mandated local card-issuing banks to implement a mobile-banking-app function for authorising online card transactions by December 2025, replacing one-time SMS verification codes. Cardholders without mobile banking can still use SMS codes. Additionally, financial institutions must cease including hyperlinks or QR codes in customer communications to mitigate phishing risks.