Personal e-Banking Security


To ensure online protection and provide you safe and secure e-Banking services, we have implemented the following online security measures. 

In the meantime, you can also help safeguard your account information and data privacy. Please read about how to protect your use of internet banking and visit the Security Information Centre.

Online Security Measures



On top of your user name, we have adopted dual password authentication, which requires your first password and three random characters from your second password to log on to Personal e-Banking. The dual password authentication reduces the chance that hackers or attackers capture your second password in full.

If you have activated your Mobile Security Key / Security Device, you may choose to log on with your first password and the security code generated by the Mobile Security Key / Security Device.


The Security Device / Mobile Security Key employs two-factor authentication to ensure data privacy and protect particularly high-risk transactions in Personal e-Banking. The Mobile Security Key is a digital version of the Security Device within the Hang Seng Personal e-Banking mobile app. You can generate one-time security codes for verification purposes when you perform designated transactions with either your Mobile Security Key or physical Security Device.

Transaction Signing

For added online protection when you perform any high -risk transactions, you are required to enter transaction-specific information into the Mobile Security Key / Security Device to generate a unique security code that will authorise the respective instruction in Personal e-Banking. This additional transaction verification function further prevents fraudulent attacks and ensures high-risk transaction will be made only for the account you specify.

Mobile Security Key

Learn more about Mobile Security Key

Security Device

What can you do with the Security Device

  • Transfer to Non-registered accounts / payees (including small value limit)
  • Pay bills to e-Merchants
  • Issue e-Cheque
  • Enroll to e-Bills
  • Set up Direct Debit Authorisation
  • Raise daily transfer and bill payment limit
  • Register new payee
  • Register Cross-Border View & Transfer services
  • Trading securities and other investment products
  • Request for ATM Card Replacement / ATM PIN
  • Request for Credit Card PIN / Phone PIN
  • Request for Spending Card PIN / Phone PIN
  • Report Card lost and card replacement
  • Update Personal Particulars
  • Reset Personal e-Banking passwords
  • Replace Security Device


To safeguard your Security Device from easy access by third parties in case of loss, it is PIN-protected. You will have to set a PIN before the first time you use it and this PIN will be required to unlock the device before each use.

For any queries, e.g. instructions for setting up or replacing your Security Device, please visit Frequently Asked Questions.


You will receive a SMS notification when you have completed the following transaction in Personal e-Banking:

  • Transfers to non-registered 3rd-party accounts
  • Bill payment to payee under “e-merchants” category
  • Issue e-Cheque
  • Raise daily transfer and bill payment limit
  • Register new payee
  • Set up / amend Direct Debit Authorisation to designated beneficiaries
  • Change of personal particular
  • Reset password via “Forget password(s)”

To conduct the above transactions, you must have your mobile number registered in our record. Please note that your SMS message will not be forwarded even if you have subscribed to an 'SMS Forwarding' service provided by a telecommunications service providers in Hong Kong.

To review and update your registered mobile number, please visit Customer Services > Account Maintenance > Personal Particulars after logging on to Personal e-Banking.

Other online security measures

If you want to make bill payments to payees under the category of Banking and Credit Card Services, Brokers, Other Financial Institutions, or Sports and Leisure, you will need to complete pre-registration at one of our branches.

You will notice the bank's URL address begins with “https” when you have established a secure session with Hang Seng Personal e-Banking. Most desktop browsers will display a padlock icon either in the address bar or near the top of the browser to indicate you are accessing genuine Personal e-Banking services.

If a session is unattended or inactive for a certain period, it will be terminated automatically to prevent unauthorised access to your bank account.

Useful information