Security tips for online and mobile banking

Security tips for online banking and mobile banking

Security tips for online banking

Hang Seng Bank wishes to remind customers to take appropriate security measures when using online and mobile banking services. For detailed practical information on how to safeguard your personal and account information, we recommend customers refer to the e-leaflet ‘Smart Banking Customer Guide-Online Banking Services’, produced by the Hong Kong Financial Services Authority.

At a minimum, compliance with the following principles can greatly protect the security of your online transaction:

  • Never use a public computer or someone else’s mobile device for online or mobile banking
  • Never use unreliable or unencrypted wireless networks for online or mobile banking
  • We recommend you use Physical Security Device or Mobile Security Key that generate the Security Code for online and mobile banking, as this will enable us to verify your identity when you conduct high-risk transactions. Learn more about e-Banking security information
  • Take care of your security device. Never leave it unattended in a public place or in the control of other people
  • Never disclose any of your passwords, including one-time passwords (OTP) sent to your mobile or security devices, to other people
  • Before entering an OTP that has been sent to your mobile phone, you should ensure you are expecting to receive an OTP from the stated sender and for the stated purpose. If you have any doubts or concerns, please call  Hang Seng Bank Hotline
  • Never disclose your online or mobile banking login name and password to anyone nor record the password in any unencrypted form
  • Please change your password regularly and use a password that is difficult to guess. We advise against recording your password in written form. Should you decide to write down your password, please ensure it is encrypted or disguised
  • When using online and mobile banking services, please be vigilant for any abnormal or suspicious elements on the website or app. If you have any doubts or concerns, please close the page or app, and report your suspicions to us Hang Seng Bank Hotline
  • Every time you use online and mobile banking services, please ensure you follow the proper log-out procedure as soon as you have concluded your transactions
  • Please download our mobile app through the official app store for your device. You can visit our website to find the appropriate links.
  • Do not use banking services on a mobile device that has been modified, hacked or jailbroken

Spyware

Protect your personal data: Regularly check the security settings of your electronic devices (e.g. computer, tablet, mobile) to help keep them safe from spyware.

 

What is spyware?

  • Spyware is any type of software that is installed on a device, sometimes with the unwitting permission of the device user, for purpose of collecting personal and other valuable information that can be used to carry out dishonest, fraudulent and/or illegal activities
  • This malignant type of software can record your keystrokes, provide access to personal and confidential that is entered into or stored on your device, and/or facilitate hacking of your devices by external parties

 

How can I protect my devices against spyware?

  • Never download any free software from untrusted sources onto the device you use to log in to online or mobile banking
  • You should run anti-virus and/or anti-spyware software, before and after downloading any programmes and opening e-mails, especially those including any attachments
  • Regularly update your anti-virus software and install the latest patches and security updates for your device’s operating system. For maximum protection, you can set your devices to automatically install software and security updates. Regularly change your online and/or mobile banking passwords
  • Set up a personal firewall on your computer to help prevent unauthorised persons from gaining access

Online securities trading

  • To strengthen the security of your online securities trading activity, you can choose to register to use a physical Security Device or Mobile Security Key to generate the Security Code After registration, if you log in to e-Banking via dual-password authentication, you will be required to log in with the security device in order to complete the first securities trading transaction you undertake during that session. Learn more about e-Banking security
  • Choose an e-Banking password that is difficult to guess and different from your other online passwords. Stronger passwords use a combination of letters, numbers and symbols
  • Ensure that your mobile phone number and e-mail address registered with us is correct and kept up to date
  • Should you receive a transaction or account activity notification from us via SMS or e-mail, always check your transaction / account records to ensure it is correct. If you have any doubts or concerns, please contact us immediately
  • Regularly review your online account records and promptly check all messages and statements issued by the Bank
  • Regularly update your anti-virus software and install the latest patches and security updates for your device’s operating system. For maximum protection, you can set your devices to automatically install software and security updates
  • Avoid using public computers or public wireless networks to log in to your e-Banking accounts

Mobile Banking

How can I protect my mobile devices?

  • Ensure that you have virus detection software installed on your devices and keep it updated to ensure the best possible protection
  • Ensure you regularly check for and install security updates for your devices. For maximum protection, you can set your devices to automatically install security updates
  • Never open email attachments of unknown origin or from unreliable sources without first verifying their source and/or running anti-virus scanning software
  • Never install pirated software or software from an unknown or unreliable source.
  • You should only allow people who you know and trust to use your mobile devices. Never leave your devices unattended
  • You should ensure that no unauthorised person has access to your mobile devices, especially when you are using Hang Seng Personal e-Banking or Mobile Banking app. When you finish using your mobile device, you should always log out and close the browser or mobile app.  Disconnect from the internet when you are not using your mobile device
  • If possible, do not log in to Hang Seng Personal e-Banking or Mobile Banking app in a public place as this may enable unauthorised persons to see your personal and/or account information
  • Do not log in to Hang Seng Personal e-Banking or Mobile Banking app using someone else’s mobile device as this may give other people the opportunity to access or steal your personal and/or account information
  • Please close all other browser windows before logging in to Hang Seng Personal e-Banking. Do not open other browser windows or browse other websites when using Hang Seng e-Banking as this may give unauthorized persons the opportunity to log in to your Hang Seng Personal e-Banking account or access your personal and/or account information
  • To ensure that you are using the genuine Hang Seng Personal e-Banking website, please type http://www.hangseng.com into the address bar of your browser window. You may then wish to bookmark the site for future use
  • When you have finished using Hang Seng Personal e-Banking or Mobile Banking app, please remember to log out and close the browser window or app
  • Please regularly review your personal and account information to ensure it is up-to-date and accurate
  • Beware of fraudulent SMS messages. We will never ask you to log in to your Hang Seng Personal e-Banking or Mobile Banking app in an SMS message
  • Please do not store your Hang Seng Personal e-Banking user name and/or password in on your mobile devices without any form of encryption as this may give unauthorised persons access to your account should any of your devices be stolen or lost
  • For improved security, please use passcodes or other identity authentication locks on all your mobile devices
  • Before using Hang Seng Personal e-Banking, always confirm that the URL is correct (https://www.hangseng.com) and that the browser address bar is showing the‘security lock’ that indicates that the connection is secure (SSL)
  • If your mobile device is idle for  certain period of time while using  Hang Seng Personal e-Banking, the system will automatically end your session and log you out to help protect your account.
  • You should not choose a password that can be easily guessed. Never share your device or account passwords with other people
  • You should not allow other people to store their fingerprints or other biometric authentication information in your mobile devices

If you use the Hang Seng Banking mobile app, or other online apps:

  • be sure you download them from official app stores. Please do not download from any other source
  • Never install software on or make modifications to your mobile device that may compromise its security system

SMS prompts

Hang Seng may send SMS notifications to your registered mobile phone number for certain card and bank transactions In accordance with the online banking security guidelines issued by the Hong Kong Monetary Authority, you will receive an SMS alert from us after performing the following transactions via Hang Seng Personal e-Banking:

  • Transfer to non-registered third party account
  • Bill payment to beneficiary in the ‘online merchants’ category
  • Issuance of electronic cheque
  • Increase transfer limit
  • Add registered payee

In order to perform any of the above transactions via Hang Seng Personal e-Banking or Mobile Banking app, you must provide us with your Hong Kong mobile phone number.

To protect your interests, please ensure that you have provided us with a valid and current mobile phone number. You can Manage Your Banking Profile to check or update your registered mobile phone number.

Alternatively, you may register or update your mobile phone number by:

  • Logging in to Hang Seng Personal e-Banking and clicking on the following links on the menu on the left of the page: ‘Customer Service> Change Account Information> Personal Information; or
  •  Calling our 24-hour Phone Banking hotline: (852) 2998 8022 (Superior Prestige Banking) / (852) 2998 9188 (Prestige Banking Customers)/ (852) 2822 8228 (Preferred Banking Customers) / (852) 2912 3456 (Integrated Account Customers); or
  • Visiting any Hang Seng Bank branch

e-Banking Security

In order to provide customers with better protection when using online banking services such as Hang Seng Personal e-Banking, Hang Seng Commercial e-Banking and Hang Seng HSBCnet, we have adopted safer and more effective ‘dual authentication’ online security measures. Please visit e-Banking Security for more details.

 

Learn more about Smart Tips on Using Internet Banking Services provided by HKMA.