To further enforce security of our e-Banking Services, please note the followings:
Update your computer
Ensure you download and apply security updates and patches to your PC/browser when they are made available. They are designed to provide you with protection from known possible security problems.

Install anti-virus software
Install virus detection software on your computer to protect from known viruses such as Trojan Horses. The software should be updated regularly to ensure that you have the latest protection

Use a personal firewall
Install a personal firewall on your computer to help prevent unauthorised access and update the firewall regularly to ensure you are covered with the latest protection. Please refer to your PC or software vendor to identify a firewall that best suits your PC environment.

Use an anti-spyware programme
Not install pirated software or software from unknown sources. Such software may include spyware that run on your computer which monitor and record the way you browser the Internet and the sites you visit. Use an anti-spyware programme to protect your computer from the threats.

Be alert to potential fraud
Be aware that there are fake websites designed to trick you and collect your personal information. Type in the URL hangseng.com/e-banking to guarantee that you have entered the real e-Banking site of Hang Seng Bank. Save this URL to your favourites and use this link to access the site in the future. Avoid access to e-Banking Services through hyperlinks embedded in emails or other untrustworthy sources such as pop-up windows and the search result of the Internet search engines.
Verify that the Internet address is the genuine Hang Seng Bank website by double clicking the 'lock' icon at the bottom bar of the screen to check the security certificate of Hang Seng Bank. You should not solely rely on the look and feel of the website when using the e-Banking Services.
To prevent viruses or other unwanted problems, DO NOT click on attachments or embedded URL from unknown or untrustworthy sources, including suspicious emails. Hang Seng Bank will not display your personal information in emails or ask you to provide any personal information including username, password and Security Code by replying emails.

Keep your passwords secure
Do not disclose your passwords to anyone. (Not even to the Bank's employee, no Bank staff will ever ask for your password).
Do not write down or record the passwords without disguising it.
Do not use your birthday, name, Hong Kong Identity Card number, telephone number or similar numbers as your passwords.
Change your passwords on a regular basis, at least every 30 or 60 days.
Do not use passwords from other Internet sites.
We maintain strict security standards and procedures to prevent unauthorized access to information about you. Outside of the normal Internet Banking log-in process, Hang Seng Bank will never contact you and ask that you validate password. If you receive such a request, please notify us immediately at 2822-0228.

Be careful when you go online
Avoid conducting banking transactions or check account balances from public terminals which are shared with other users (e.g internet cafes), as it is difficult to ensure such PCs are free of hacker programmes (someone might be able to access your personal or account information).
Ensure all other Internet sessions are closed before you log on to Internet banking. While you have an Internet banking session open, we recommend that you do not open other Internet browser sessions and access other sites. This can help ensure your financial information is protected and blocked from unauthorised access via another website.
Never leave e-Banking devices unattended while using Hang Seng e-Banking Services.
Always disconnect from the Internet when you have finished to avoid leaving your computer online when you are not using the service.
Be alert to your surrounding when you use e-Banking Services via mobile devices.

Always log off
Always remember to log off properly and close the browser after you have finished using e-Banking Services.

Disable the auto-complete function within your browser
The auto-complete feature saves previous entries you have made for Web addresses, forms, and passwords. For security protection, the auto-complete function of your browser should be disabled to avoid sensitive information is saved and displayed for the automatic completion. Please refer to your browser's own "Help" function on how to disable the function.

Take care offline
Never write down your Internet banking details in a format that can be recognised by others. If you store any personal information in an electronic device, please ensure that there will be reasonable care and protection so that you are the only authorised person who can access the stored information.
Review your account regularly and always keep good records of your personal finances.

Configure your e-Banking Services
You can reduce your daily transfer limits and delete your accounts in the transfer list online.

For more information about security, please refer to questions below:
How can I be sure that my information and account data are securely sent through Hang Seng e-Banking Services?
How can I check if 128-bit encryption is being used?
How can I check that the digital certificate belongs to Hang Seng Bank?
What precautions should I take to avoid unauthorised access to my accounts online?
What is Spyware?
What if I forget my password(s)?
What is User name?
Can I change my User name, First Password and Second Password?
What safe usage tips do I need to take note of when using Security Device?
What should I do if I suspect there are unauthorised transactions in my account?
What is your Internet privacy policy?
My company uses a proxy server to speed up Internet access and increase security. What will this mean for my use of the Interactive Journal?
Can I exit Hang Seng e-Banking Services by clicking the browser-closing button at top right?

Q:  How can I be sure that my information and account data are securely sent through Hang Seng e-Banking Services?
A:  Confidentiality of customers' account information is our utmost concern. To ensure confidentiality, the following security measures are used to protect our customers:
 
1.  Hang Seng e-Banking Services are under a secure site with 128-bit encryption, the highest level of encryption commercially available. All data sent to and from Hang Seng Bank is encrypted to protect your personal / company and financial information.
2. User name and password must be entered to authenticate your identity every time you logon to our e-Banking Services. Your password will be temporarily suspended if you incorrectly key in your password for three consecutive times.
3. If the machine is left idle for more than 20 minutes, the system will automatically logoff itself to prevent any unauthorised access.
Q: How can I check if 128-bit encryption is being used?
A:  In the Chrome, right-click any text on a page (not on a graphic object) and select 'Inspect' (or press F12 key), and then select "Security" in the upper navigation bar (using the << or >> to search via the navigation bar". The "Connection" will describe the status as "TLS 1.2, ECDHE_RSA with P-256, and AES_256 GCM".
Q: How can I check that the digital certificate belongs to Hang Seng Bank?
A:  In order to assure our customers that they are dealing with Hang Seng Bank, we provide a certificate at the beginning of the session. At the upper right corner of the browser window, there will be an icon telling you if the page has been encrypted. Don't type your password on a page that isn't encrypted. Simply click on the Encrypted Icon and you will see the security certificate of Hang Seng Bank Limited.
   
  For Chrome browser,
   
  you may check the validity of the certificate as below:
   
Click the "security lock icon" at the upper left corner of the URL address box
Find the "certificate: valid" section
Click on the "certificate: valid" and the certificate information is displayed as below
   
 
  Issued to : www.hangseng.com or e-banking.hangseng.com or e-banking1.hangseng.com or e-banking2.hangseng.com
  Issued by : DigiCert SHA2 Extended Validation Server CA
  Valid from : .... to ....
 
 
Check the certificate information is displayed with:
 
Subject:
www.hangseng.com or e-banking.hangseng.com or e-banking1.hangseng.com or e-banking2.hangseng.com
HANG SENG BANK LTD

Issuer:
DigiCert SHA2 Extended Validation Server CA
www.digicert.com
DigiCert Inc.

 
Check if the certificate is within a valid date.
Q:  What precautions should I take to avoid unauthorised access to my accounts online?
A:  To avoid unauthorised access to your account(s), you should avoid conducting any transactions or checking your account balances in an area where Internet service is available to the public. You should also note the following points in taking care of your password:
 
Do not disclose your passwords or Security Code to anyone. No one at Hang Seng Bank will ever ask you to tell them your Internet banking passwords or Security Code, ensuring it remains private and confidential to you. Know everyone who uses the computer and limit unauthorized access.
Do not allow anyone else to use your passwords or Security Device.
Do not write down or record the passwords without disguising it.
Do not use your Hong Kong Identity Card number, telephone number or similar numbers as your passwords.
Occasionally change your passwords via our e-Banking Services.
Q: What is Spyware?
A: A computer software program that installs itself without a user's permission and does not or honestly tell the user what information it is gathering from the computer and how it is using it.
  It transmits collected information to an unauthorised organisation that use it to make profit in some way.
  It can lead to security issues such as 'Keylogging', 'Confidential Information Leakage' and 'Compromise Computer Security'.
 
What to do
To prevent the spyware installation without your consent, remember not to download any freeware onto the computer that you access Internet banking with.
  Always run an anti-virus software program and/or anti-spyware software before you download other programs or open emails.
  Update your anti-virus software and Windows security patches.
  Change your Internet banking password REGULARLY to protect your personal data.
Q: What if I forget my password(s)?
A:  If you have already set up Security Questions in Personal e-Banking, you can reset your passwords online. Otherwise, you are required to apply for a new password by filling in the application form online, then take a print out of the form and submit it to the Bank either by mail or in person; or validate the application via our customer service hotline(only applicable to customers with a valid Phone PIN).
Q: What is User name?
A: User name is for identification when you access our e-Banking Services. You set up your User name when register our e-Banking and each User name must be unique.
  Your User ID should be something you can easily remember, yet cannot be easily guessed by anyone else. If you wish to use your name (or something equally familiar), we suggest using a mixture of alphabets and/or numbers.
  If you forgot your user name, please contact our Customer Service Representatives.
Prestige Banking customers: 2998-9188
  Preferred Banking customers: 2822-8228
  Integrated Account customers: 2912-3456
  Other customers: 2822-0228
Q: Can I change my User name, First Password and Second Password?
A:  Once you've selected your User name, it cannot be changed. First Password and Second Password can be altered any time. Your new passwords should contain 8 to 30 letters and/or numbers (with no spaces or symbols in between), and must not be the same as your User name and any of your old/existing passwords.
Q: What safe usage tips do I need to take note of when using Security Device?
A:  You are reminded of the following tips on secure use of e-Banking:
 
Types of Security Device
Safe Usage Tips
AT LOGON, DO NOT enter any numbers generated from the Internet to your Security Device.
The yellow button on your Security Device is mainly used for transferring funds to third party accounts.
When making payment to unregistered third party accounts, always ensure the input to the Security Device is extracted from your intended beneficiary account number before using the 'Yellow' button. Never enter digits that are unfamiliar to you.
If unusual screens pop up and/or the computer's response is unusually slow, customers should log out from the online banking service completely and scan the computer with the most updated version of virus protection software.
If unusual screens pop up and/or the computer's response is unusually slow, customers should log out from the online banking service completely and scan the computer with the most updated version of virus protection software.
Q:  What should I do if I suspect there are unauthorised transactions in my account?
A:  Please contact our Customer Services Representatives immediately on the following hotlines:
Prestige Banking customers: 2998-9188
  Preferred Banking customers: 2822-8228
  Integrated Account customers: 2912-3456
  Other customers: 2822-0228
 
Q: What is your Internet privacy policy?
A:  You can refer to our privacy policy by reading 'Internet Privacy Policy Statement'.
Q:  My company uses a proxy server to speed up Internet access and increase security. What will this mean for my use of the Interactive Journal?
A:  It is possible you may have difficulties in accessing some parts of our site. For example, we have seen some users coming into the Interactive Edition from a proxy server who are unable to successfully use phrase-search feature available in the Search Archive. And some proxy server configurations have made it difficult for other users to access the site. If you experience access or search problems and you know your company has integrated a proxy server, check with your system administrator. We found that, with the administrator's assistance, most situations can be resolved.
Q:  Can I exit Hang Seng e-Banking Services by clicking the browser-closing button at top right?
A:  You should click the Logoff button below the navigation bar at the left section of the screen or click the Logoff utility icon on the top right section of the screen. This will ensure that your session is properly logged off.

If you suspect any security breach or unusual account activities, please contact our Customer Service Representatives on (852) 2822-0228 (24 hours) as soon as reasonably practicable and change your passwords as soon as possible.

Please refer to the security advice from time to time. You may want to print a hardcopy of this page for reading offline.

Warning: You may be held liable for all losses if you have acted fraudulently or with gross negligence, or failed to follow the safeguards set out above.