Open API Security Information

To make the most of this innovation, check out our safety guides and security tips.

Open API Security Information

What is Open API?

Open API (Open Application Programming Interface) allows the bank to open up its internal IT systems and data for programmatic access by third-party service providers (TSPs) authorised by the bank to offer unique products and create new customer experience. Through Open API, TSPs can obtain, apply and aggregate these data with banking services into their platforms. For instance, users may compare deposit or foreign currency exchange rates using the same platform. Open API can better integrate banking and non-banking services, such as travelling or dining, facilitating innovation and improving customer experience.

Currently, we have already implemented Phases I and II of Open API. That means you can enquire about the bank’s product and service information and submit an application through a TSP's platform. The delivery timeline of Phases III and IV, account information and transactions, is to be announced.

Is Open API safe?

You can rest assured that the bank will never use Open API to share your personal details or your account information without your consent. Additionally, your banking credentials including e-Banking usernames, passwords, security code, etc. will not be shared with TSPs at all.

How can I use Open API safely?

First, you should check to see whether the TSP and its product / service in partnership with Hang Seng Bank are listed on our partnership list.

When you choose to use its product / service, be aware that the TSP may or may not have the same privacy standards and data storage standards as the bank. You should ensure that you have read the TSP’s service agreement and are aware of the information it requests and the permissions you are granting to it to use that information.

Disclosing to or allowing any third party to acquire or use your banking credentials, such as your e-Banking username, password, security code and other account information could expose you to various risks, including increased chances of unauthorised transactions and personal data leakage. You should understand the scope of the permission you are granting and these associated risks, before disclosing your banking credentials to others, and be prepared to bear full financial responsibility.

If the TSP application takes you to the bank’s website, you should not rely solely on its appearance or your intuition to detect fraud. The better way is to verify if its digital certificate information and validity are identical to those of the bank’s official website. If you are linked to the bank’s application, you must download it from the official app store. Moreover, you should always stay alert for fraud and occasionally check out our Security and Fraud Centre.

Meanwhile, you should be aware of suspicious phone calls and SMS messages. Note the bank has not authorised or appointed any intermediaries to conduct telesales marketing activities to promote of personal loans, tax loans and credit cards. If you are suspicious about the identity of the callers or the hotline number shown in the SMS messages, you should ask for the callers’ contact numbers and information and verify them with us at (852)2822 0228. Press 9 after selecting a language.

To find out more online security information, check out our Online Security Tips. Also, you are welcome to contact us for any enquiry or opinion on Open API service.