Security tips on online banking

Security tips on online banking

Using online banking with caution

Here are some suggestions for you to enhance the security of online banking:

  • Keep your devices that store digital certificates (e.g. personal computers, security devices that generate one-time passwords and smart cards) and authentication methods (e.g. passwords and one-time security codes) used for accessing Personal e-Banking
  • Destroy any printed cop(ies) of the password(s)
  • Understand the risks of using biometrics (i.e. fingerprint or face recognition), Mobile Security Key or device binding as authenticators for making payments and how to protect your devices and those authentication methods
  • Don’t write down the passwords on any device for accessing our Personal e-Banking or on anything usually kept with or near it.
  • Inform us as soon as possible if you suspect your authentication methods or devices for accessing our Personal e-Banking have been compromised, lost or stolen, or there are unauthorised transactions over your accounts
  • Never use a public computer or someone else’s smartphone / mobile device for online or mobile banking
  • Never use unreliable or unencrypted wireless networks for online or mobile banking
  • We recommend you to use a Physical Security Device or Mobile Security Key that generates the Security Code for online and mobile banking, as this will enable us to verify your identity when you conduct high-risk transactions. Learn more about e-Banking security information
  • Take care of your Security Device. Never leave it unattended in a public place or in the control of other people
  • Never disclose any of your authentication methods to others, including passwords, one-time security codes and one-time passwords (OTPs) sent to your mobile or security devices
  • Before entering an OTP that has been sent to your mobile phone, you should ensure you are expecting to receive an OTP from the stated sender and for the stated purpose. If you have any doubts or concerns, please call Hang Seng Bank Hotline
  • Never disclose your username for online banking log-on and authentication methods (e.g. passwords and one-time security codes) to anyone nor record the password in any unencrypted form
  • Please change your password regularly and use a password that is difficult to guess. We advise against recording your password in written form. Should you decide to write down your password, please ensure it is encrypted or disguised
  • When using online and mobile banking services, please be vigilant for any abnormal or suspicious elements on the website or app. If you have any doubts or concerns, please close the page or app, and report your suspicions to us via Hang Seng Bank Hotline
  • Every time you use online and mobile banking services, please make sure you follow the proper log-out procedure as soon as you have concluded your transactions
  • Please download our mobile app through the official app store for your device. You can find the appropriate links on our website
  • Do not use banking services on a mobile device that has been modified, hacked or jailbroken
  • When there is an alert about the payee is related to a scam report on transfer page, you must verify the payment details and make sure the payee is trustworthy before each transfer

Please note, you may be held liable for all losses if you have acted fraudulently or neglectfully, knowingly allow the use by others of your device or authentication methods, or failed to follow the safeguards set out above.

For detailed information on how to safeguard your personal and account information, we recommend customers to refer to the e-leaflet “Smart Banking Customer Guide-Online Banking Services”, produced by the Hong Kong Monetary Authority.

In order to provide customers with better protection when using online banking services such as Hang Seng Personal e-Banking, Hang Seng Commercial e-Banking and Hang Seng HSBCnet, we have adopted safer and more effective “dual authentication” online security measures. Please visit our e-Banking Security for more details. Customers may also visit designated website of the Hong Kong Monetary Authority for more tips on online banking security.

Executing online securities trading safely

Please consider adopting the below measures to enhance the security of online securities trading:

  • Choose to register for using a physical Security Device or Mobile Security Key to generate the security code. After registration, if you log in to Personal e-Banking via dual-password authentication, you will be required to log in with the Security Device in order to complete the first securities trading transaction
  • Choose an e-Banking password that is difficult to guess and different from your other online passwords. Stronger passwords use a combination of letters, numbers and symbols
  • Ensure that your mobile phone number and email address registered with us is correct and kept up-to-date
  • Always check our SMS notifications of your transaction record promptly. Contact us immediately if you have any doubts or concerns
  • Review your online account records regularly, and check all messages and statements issued by the Bank promptly
  • Avoid logging in online banking and conducting transactions by using public computer or through public wireless network

SMS prompts

We may send SMS notifications to your registered mobile phone number for certain card and bank transactions in accordance with the online banking security guidelines issued by the Hong Kong Monetary Authority.

Customers will receive an SMS alert from us after performing the following transactions via Hang Seng Personal e-Banking:

  • Transfer to non-registered third party account
  • Bill payment to beneficiary in the ‘online merchants’ category
  • Issue of electronic cheque
  • Increase transfer limit
  • Add registered payee

In order to perform any of the above transactions via Hang Seng Personal e-Banking or Mobile Banking app, you must provide us with your valid and current Hong Kong mobile phone number. You can visit Manage Your Banking Profile to check or update your registered mobile phone number.

Alternatively, you may register or update your mobile phone number by:

  • Logging in to Hang Seng Personal e-Banking and clicking on the following links on the menu on the left of the page: Customer Service Change Account Information Personal Information; or
  • Calling our 24-hour Phone Banking hotline: (852) 2998 8022 (Prestige Private Customers) / (852) 2998 9188 (Prestige Banking Customers) / (852) 2822 8228 (Preferred Banking Customers) / (852) 2912 3456 (Integrated Account Customers); or
  • Visiting any Hang Seng Bank branch