Security Information Centre

Bogus call/SMS/Phishing email

    Warning against telephone deception –$10,000 Government’s Cash Payout Scheme

The police warn of a new use with fraudsters pretending to be bank staff or government employees asking for personal details including name, HKID and account credentials and pose as staff offering registration help for the Hong Kong government’s HKD10,000 Cash Payout scheme. Learn more about Telephone Deception – $10,000 Cash Payout Scheme at Anti-Deception Coordination Centre (ADCC).

 

    Warning against bogus voice message phone calls and SMS messages

Hang Seng Bank has not authorized or appointed any intermediaries to conduct telesales marketing activities for promotion of personal loan, tax loan and credit card.

 

If you are suspicious about the identity of the callers or the hotline number shown in SMS messages, you should request for the callers’ contact numbers and information and verify with our bank at 2822 0228. Press 9 after language selection. Customers should verify the hotline numbers with the Bank before calling rather than just following the information provided in SMS message purportedly to be sent from the Bank.

    Short Messaging Service (SMS)

Occasionally, our bank would send SMS to customer registered mobile phone numbers for selected card and banking transactions for notification purpose. To protect your interests, please ensure your mobile phone number registered with the Bank is valid and up-to-date. To enquire or get a 'Change Contact Information' form, please visit any Hang Seng Bank branch or download the form from the 'Personal Banking Forms' page.

You can verify the hotline number shown in the SMS messages (if any) with us by calling 2822 0228 or simply call the banks’ hotline numbers at the back of ATM/credit cards.

    Arrangement for SMS Forwarding Service

Since 31 Aug 2014, our SMS notification messages for selected card and banking transactions will be sent to your mobile phone number registered with the Bank, and will be forwarded to your designated mobile phone if you have subscribed to an 'SMS Forwarding' service provided by telecommunications service providers in Hong Kong.

    SMS Notifications

To meet the Hong Kong Monetary Authority guidelines on internet banking security, you will receive a mandatory SMS notification when you have completed the following transaction in Personal e-Banking:

• Transfers to non-registered 3rd-party accounts • Bill payment to payee under “e-merchants” category • Issue e-Cheque • Raise transfer limit • Register new payee
To conduct the above transactions, you must have your mobile number registered in our record. Please note such SMS message will not be forwarded even if you have subscribed to an 'SMS Forwarding' service provided by telecommunications service providers in Hong Kong.

To review and update your registered mobile number, please visit “Customer Services > Account Maintenance > Personal Particulars” after logging in to Personal e-Banking.

    Fraudulent e-mails

Beware of fraudulent e-mails that claim to have been sent by employees of Hang Seng Bank.

There have recently been fraudulent e-mails in circulation which claim to be issued by directors/senior executives/employees of Hang Seng Bank. Typically, recipients of these e-mails are invited to claim a large sum of money held in the name of an account-holder since deceased, by posing as his next-of-kin. The recipients are asked to provide the issuer with their personal details.

Please note that these e-mails were not issued by Hang Seng or its employees. Hang Seng has already reported the cases to the Hong Kong Police for investigation. If you receive e-mails of this kind you may wish to contact the Hong Kong Police.

Smart Tips on Online Shopping

Regarding the recent rising trend of online shopping scam, Hang Seng Bank wishes to alert our customers to be vigilant about security when shopping on the Internet with the following smart tips:

• Only consider purchasing from credible or trusted merchants • Verify the identity of sellers and validate their credibility through their trade history to determine whether the business is legitimate • Find out about the shipping terms and return policy before proceeding the transaction • Avoid purchasing in bulk for the first time • Keep your receipts for reference • Browse our Security Tips and View Notes to understand more about online security tips
Hang Seng Bank wishes to remind customers to remain vigilant in safeguarding their banking credentials such as Credit Card number, One-Time Password (OTP) during the online payments and other sensitive account information and not to disclose any such information to third parties. We attach great importance to the security of our online credit card payment service. For enquiries, please contact our 24-hour Customer Service Hotline on the back of Credit Card.

Online and Mobile Banking

Smart Tips on Using Internet Banking Services

The Bank wishes to alert our customers to take suitable precautionary measures when using e-Banking services. Press here to read the e-leaflet of ‘Smart Tips on Using Internet Banking Services’ published by Hong Kong Monetary Authority to understand how to protect your computers, mobile phones and internet banking.’ Followed by press releases on fraud alerts

    Online Banking

• Five Golden Rules for Online Security
Increase your PC's protection by following these rules.

• Safeguard Your Security Device*
Do not permit your Security Device* to come into the possession or control of any other person.
Do not leave your Security Device* unattended.

• Spyware
Protect Your Personal Data - Regularly review your computer's security settings and take steps to prevent the unauthorised installation of spyware.

What is Spyware?
Spyware is a computer software programme that installs itself without a user's permission and does not inform the user what information it is gathering from the computer and how it is using it.
It transmits collected information to an unauthorised organisation that uses it to make a profit in some way.
It can lead to security issues such as 'Keylogging', 'Confidential Information Leakage' and 'Compromise Computer Security'.
User should avoid conducting banking transactions or check account balances from public terminals which are shared with other users (e.g internet cafes), as it is difficult to ensure such PCs are free of hacker programmes (someone might be able to access your personal or account information).

What to do?
To prevent spyware installation without your consent, remember not to download any freeware onto computer that you use to access Internet banking.
Always run an anti-virus software program and/or anti-spyware software before you download other programs or open emails.
Update your anti-virus software and Windows security patches.
Change your Internet banking password REGULARLY.
Do not open any attachment or click the link of those untrusted email or SMS messages, such as phishing emails.
Do not use easily guessable password, such as your birthday, name, Hong Kong Identity Card number, telephone number or similar numbers as your passwords.
Do not use the same password from other Internet sites.

    Mobile Banking

What specific security measures should I take for accessing Hang Seng Personal e-Banking via mobile handsets?

• You should install virus detection software on your mobile handset to protect against viruses such as trojan horses. You should update this software regularly to ensure you have the best possible protection. • You should download and apply security updates and patches to your mobile browser when they are made available. These are designed to provide you with protection from known possible security problems. • To prevent viruses or other unwanted problems, do not open attachments from unknown or untrustworthy sources. • Do not install pirated software or software from unknown sources (such as, any source other than official Google Play Store or Apple App Store). • Know everyone who uses your mobile handset and limit unauthorised access. • Do not leave your mobile phone unattended during an open Personal e-Banking session. Always disconnect from the Internet when you have finished your Personal e-Banking session. • Do not perform transactions or applications in public places to minimise the risk of security threats such as "shoulder surfing" of logon credentials. • Do not logon to Hang Seng Personal e-Banking from a mobile handset that is shared with other people, as it may be difficult to ensure the handset is free of hacker or spyware programmes. • Ensure all other Internet sessions are closed before you logon to Hang Seng Personal e-Banking. While you have a Personal e-Banking session open, we recommend you do not open other Internet browser sessions and access other sites. This can help to ensure your financial information remains confidential and guard against unauthorised access via other websites. • Type in the URL https://mobile.hangseng.com (for Mobile Trading) or http://www.hangseng.com and click on "Apply for Travel Insurance" (for Travel Insurance application) to guarantee that you are accessing the authentic sites of Hang Seng Bank. Bookmark this URL to your favourites and use this bookmark to access the site in the future. • Always remember to log off properly using the "Logoff" button when you have finished your Personal e-Banking session. • Review your account regularly and always keep good records of your personal finances. • Be aware of the potential for fraudulent SMS messages. The Bank will never request or invite customers to logon to its Personal e-Banking service via a SMS message. • To minimise the risks should your mobile phone be lost or stolen, do not save your Personal e-Banking User Name or Password in the phone’s T9 dictionary. • You can set a password/PIN lock on your mobile phone to provide additional protection. • Check that the security padlock on your internet browser is “locked” to ensure the connection is secure and protected by SSL. You should also check that the domain of the URL is https://mobile.hangseng.com. • If you leave your mobile handset idle for a certain period of time during a Personal e-Banking session, the session will automatically be terminated to help prevent unauthorised access. • You should not choose a device passcode that can be easily guessed by anyone else or tell anyone else what your device passcode is. The same passcode should not be used in other Internet sites or mobile applications. • You should ensure that you do not store anyone else's fingerprint within your mobile handsets. • For online security information for general Internet users and general online security tips, please refer to here for details. You may want to print a hard copy of this security information page for reading offline.
For iPhone user:
If you are using iPhone for Hang Seng Forex Margin Trading, you should also be aware of:

• To guarantee that you are installing the genuine Hang Seng Forex Margin Trading iPhone App, type in and search the keyword "Hang Seng Forex Margin Trading" in Apple App Store. Ensure that the name of the iPhone App is "恒生外匯孖展買賣 Hang Seng Forex Margin Trading" and the provider is "Hang Seng Bank Limited" before you install the App. Never download Hang Seng Forex Margin Trading iPhone App from other sources. • Do not install software which may weaken your iPhone's security.
• Do not use any jailbroken iPhone handset which may have security loopholes to log on to Hang Seng Business Mobile Banking.
e-Banking Security
To provide you with better online protection, Hang Seng Bank has implemented efficient security measures. Two-factor authentication has been introduced for Personal e-Banking, Business e-Banking and Hang Seng HSBCnet. Please click below to find out more.

https://www.hangseng.com/en-hk/e-services/e-banking-security/ebanking-security/


    Online Securities Trading

• In order to enhance internet banking and online securities trading security, you can register to use Security Device* when performing securities trading. After registration, if you logon to e-Banking using a dual password, you will be prompted to use the Security Device* for the first trading transaction in the same e-Banking logon session. Please click here to learn more. • Set e-Banking passwords that are difficult to guess and different from the ones you use for other internet services, e.g. use a combination of letters, numerals and symbols. • Do not use the same e-Banking password for other Internet sites. • Maintain valid mobile phone number and email address with the Bank. • Check SMS messages issued by the Bank in a timely manner and verify your transaction records. Inform your bank immediately in case of any suspicious activities. • Check e-Banking accounts from time to time and review any alert messages and statements issued by the Bank in a timely manner. • Install and promptly update security software and anti-virus software to protect your computers and mobile phones. • Refrain from using public computers or public Wi-Fi to access e-Banking accounts.
*Security Device including a physical Security Device or Mobile Security Key, used to generate the Security Code

Security Alert and Fraud Prevention Advice

 



Fraud Prevention Advice
    Phone Banking
Important points regarding your Phone PIN
A Phone PIN will be issued to Integrated Account holders upon account opening. Non-integrated Account holders can set up the Phone PIN via our ATM directly. This Phone PIN will allow you to gain access to the Phone Banking Services.

To protect your own interests, it is important to note the following points:

• At all times take reasonable steps to keep Phone PIN secret to prevent fraud. • Upon receipt of your new / reset Phone PIN from us, immediately change your Phone PIN via our 24-hour Phone Banking Hotlines on 2998 9188 (Prestige Banking Customers) / 2822 8228 (Preferred Banking Customers) / 2912 3456 (Integrated Account Customers) or at our ATM. Destroy your PIN advice and memorise the new PIN. • Do not write down the Phone PIN on your card or on anything usually kept with or near it or record the PIN without disguising it. • Never disclose your Phone PIN to anyone, including our staff, nor allow anyone else to use your Phone PIN. • The use of easily accessible personal information such as identity card number, phone number and date of birth as your Phone PIN is NOT recommended. • For your own protection, change your Phone PIN periodically via our Phone Banking Hotlines or our ATMs. • If you incorrectly key in your Phone PIN for 4 consecutive times, your Phone Banking Service will be temporarily suspended. • If your Phone PIN is suspended or forgotten, reset your PIN via our ATM using the respective card or contact us at any of our branches. • If your Phone PIN is lost or stolen, or unauthorized transaction is recorded, you should report it immediately to our Phone Banking Hotlines on 2998 9188 (Prestige Banking Customers) / 2822 8228 (Preferred Banking Customers) / 2912 3456 (Integrated Account Customers) / 2822 0228 (Other Customers). • Please refer to the security advice provided by us at our Security & Fraud Centre at hangseng.com from time to time.
Warning: You may be held liable for all losses if you have acted fraudulently or with gross negligence, or failing to follow our fraud prevention advice set out above, and such failure has incurred losses.

    ATM
Never disclose your ATM/credit card PIN or phone PIN to anyone, including Hang Seng staff.

For non-personal customers, the Authorised Hang Seng Cardholder must be the Primary User or Secondary User of Hang Seng Business e-Banking or the Authorised Phone Banking User who may operate the relevant account(s) through such channel in order to activate the overseas ATM daily cash withdrawal limit of such account(s) via such channel.

Important points regarding your ATM Card and Card PIN
Here are some important hints to help ensure the security of ATM Card (Card) and PIN:

• At all times take reasonable steps to keep your Card safe and PIN secret to prevent fraud. • Upon receipt of your new / reset PIN from us, immediately change your PIN at our ATM. Destroy your PIN advice and memorise the new PIN. • Do not write down the PIN on your Card or on anything usually kept with or near it or record the PIN without disguising it. • Never disclose your PIN to anyone, including our staff, nor let anyone else see your PIN when you are using an ATM or other electronic payment terminal. • Do not allow anyone else to use your Card and PIN. • The use of easily accessible personal information such as identity card number, phone number and date of birth as your PIN is NOT recommended. • For your own protection, change your PIN periodically at our ATM, and do not choose the same PIN for accessing other services. • Please cover the keypad when entering your PIN. • If you incorrectly key in your PIN 3 consecutive times, your Card will be inoperative. • Always remember to remove your Card and advice after completing your transaction. • If your Card or PIN is lost or stolen, you should report it immediately to our 24-hour Lost Card Hotline on 2836 0838. To ensure immediate handling and maximum protection, please do not report your card loss by fax. • Please refer to the security advice provided by us at our Security & Fraud Centre at hangseng.com from time to time.
Warning: You may be held liable for all losses if you have acted fraudulently or with gross negligence, or failing to follow our fraud prevention advice set out above, and such failure has incurred losses.

    Mobile Payment

You are responsible to take reasonable steps to keep each of the Mobile Devices safe and keep all Card details stored in the Mobile Devices and all Security Details secret to prevent fraud. Without prejudice and in addition to the provisions of the applicable Card Terms and Conditions regarding the security of any Card or Card PIN, you shall also take the following precautions where reasonably practicable or accept the risks and consequences of the Mobile Devices being used by unauthorised persons or for unauthorised purposes:

• set up a password for your Mobile Devices to prevent unauthorized use of your Mobile Devices and access to your personal information in case it is lost or stolen; • register, activate and use your Card for the Mobile Payment Service in accordance with the directions and in the manner specified by the relevant Mobile Payment Service Provider; • designate Security Details for Mobile Devices, effecting Mobile Payment Transactions and should not do the following (or any of them): • choose any personal identification number, password, passcode or other information that is easily accessible personal information or is easy to guess by any other person; • disclose any Security Details to any other person (including the staff of the Bank) or permit any other person (including the staff of the Bank) to use them; and • allow any other person to designate his security information for the Mobile Device or to use the Mobile Device in any other manner for effecting Mobile Payment Transactions; • if you have already designated any Security Details for the Mobile Device before registering the Card for any Mobile Payment Service, you should review them and re-designate the Security Details as necessary to ensure that (i) they are not easily accessible personal information and are not easy to guess, and (ii) they have not been disclosed to any other person; • safeguard against accidental or unauthorised disclosure of any Security Details, and change the Security Details periodically or where necessary; • safeguard the security of the Card and Mobile Device and keep them under personal control, and notify the Bank of any loss or theft of the Card or Mobile Device or any suspected unauthorised transaction or use of the Card for any unauthorised purpose as soon as reasonably practicable either in writing addressed to the Bank or by telephone to the designated service hotline; • not to proceed with a payment process on the Mobile Device unless it is under personal possession or control at the time; • not to register or activate the Card in any Mobile Device in which any authorised software, programme or application has been modified, overridden, by-passed or deactivated (such as, but without limitation, a "rooted" Mobile Device where root access to its software operating system has been obtained or "jailbroken" Mobile Device with the software lockdown being overridden) or which is installed with any pirated, hacked, fake or unauthorised software, programme or application; • check each Bank statement as soon as reasonably practicable after receiving it and notify the Bank of any suspected unauthorised transaction or use of the Card for any unauthorised purpose; • notify the Bank if you do not receive a Bank statement according to the usual statement mailing cycle; • delete the Card and all Card details stored in the Mobile Device in accordance with the directions and guidance given by the relevant Mobile Payment Service Provider in the following cases (or any of them):
(i) before disposing of the Mobile Device in which that Card and its details are stored or passing that Mobile Device temporarily to any other person (e.g. for repair); and
(ii) if that Card is terminated by you or by the Bank for any reason;
• when make payment with an QR code of  relevant Mobile Payment:
(i) Stay vigilant and make sure the QR code is from a trusted source before scanning; and
(ii) Check whether the processed QR code information is correct; and
(iii) Never disclose the QR code generated by mobile payment services to others casually;
• refer to the security advice provided by the Bank from time to time and observe in a timely manner the relevant security measures in using the Card for effecting Mobile Payment Transactions as specified by the Bank on-line or otherwise from time to time.

Report Fraud