Despite the enormous efforts taken by us, you are playing an important role in ensuring the system security. The following security tips are highly recommended:


Internet Banking

Security measures for the use of User ID and PIN of Internet Banking/Mobile Banking
Protect your computer
Security measures for the use of Internet Banking
Internet
Types of Threats when using Internet
Website's identity authentications
High-risk Online Transaction
Security Device

Mobile Banking

Security measures for the use of User ID and PIN of Internet Banking/Mobile Banking
Security measures for the use of Mobile Banking

Telematic Banking

Security measures for the use of Telematic Code and PIN of Telematic Banking

ATM

Security measures for the use of ATM Card and PIN

OCBC Wing Hang JETCO Pay mobile app

Security measures for the use of OCBC Wing Hang JETCO Pay mobile app

Email

Email

Other Securities Measures

Security measures provided by the external parties
Keep the Bank updated of your contact information

Security measures for the use of User ID and PIN of Internet Banking/Mobile Banking

Ensure nobody is watching you while input your User ID and PIN or any other sensitive personal information.
Do NOT keep any written record of the User ID and PIN near the computer.
Keep your User ID and PIN private and NEVER disclose to anyone else including our staff and police.
Do NOT allow others to use your User ID and PIN.
Use different User ID and PIN for bank and credit card sites. Do NOT use the same User ID and PIN of other website.
Check your last login record every time you use Internet Banking/Mobile Banking Services.
Customers are reminded to stay vigilant to anything abnormal when using the Internet Banking services (e.g. unusual pop-up screens, unusually slow browser response, multiple requests for password input, incorrect website address etc.).
Please change your PIN regularly to minimize the risk.
Always contact us immediately if you lose your User ID or PIN, or suspect your Internet Banking/Mobile Banking account is stolen.
Check your bank's SMS messages and other messages in a timely manner and verify your transaction records. Inform your bank immediately in case of any suspicious situations. Banks will not ask for any sensitive personal information (including passwords) through phone calls or emails.
Access your account in a safe environment and avoid letting other people to see your screen as you enter confidential information.
Turn on security feature in your mobile phone to prevent others from accessing and using the device when you are not around.
Setup password for your mobile devices, to prevent unauthorized people stealing your personal data when your mobile devices is lost.
Use strong User ID and PIN. A good, strong User ID and PIN should meet all of these criteria:
  • Easy for you to remember, but difficult for others to guess,
    • The length of the PIN must be EIGHT and required to use a combination of letters and numeric characters
    • Use THREE or more different characters, e.g. b2a22aa2
    • Do not use the same character for SIX times or more, e.g. 1111ab11
    • Do not use SIX or more consecutive characters (in alphabetical or reverse alphabetical order), e.g. a123456t, fedcba11
    • Do not use your User ID as your PIN
    • Do not use a word found in the dictionary
    • Do not use a User ID and PIN that is hard to memorize so that you have to written it down
    • Do not use easy accessible number or data such as your birthday, ID number or personal telephone number as your User ID or PIN

Protect your computer

Do not install unlicensed software, which may contain bugs or viruses.
Install anti-virus and anti-spyware software and update the software regularly to ensure you have the latest protection.
Install a personal firewall to help your prevent unauthorized access and update the firewall regularly to ensure you are covered with the latest protection. For details, please contact your software vendor.
Install security updates and patches to your operating systems or browser when they are made available. They are designed to provide you with protection from known possible security problems.
Ensure the file sharing feature is disabled in your operating system while online, particularly if you are linked to the Internet through a cable, DSL modem, or network router.

Security Measures for the use of Internet Banking

To ensure your protection, always exit Internet Banking/Mobile Banking by using "logout" button.
Regularly check your account balances and statements. If any discrepancies or suspicious transactions found, report to us without delay.
Do not conduct Internet Banking/Mobile Banking transaction using personal computers, which are available for public access (e.g. Cyber Cafe).
Do NOT use a common computer in public area (e.g. Cyber Cafe) to login Internet Banking services.
Only access the reliable wifi network.
Do NOT click any hyperlink in email which is link to the Internet Banking services.
To prevent leakage of your login details, please make sure no anyone is watching you when you are entering the login details.
Please check the previous record of login and logout time when using Internet Banking services.
Please install and update the latest fire wall and anti-virus software regularly.
Never leave the Internet Banking/Mobile Banking Services unattended after logging in.
Ensure the "File & Print sharing" is disabled while online, especially if you are connecting Internet through broadband connection.
Review your online transaction limits regularly and make necessary adjustments to manage risk.
You can decrease your daily transaction limit of Internet Banking/Mobile Banking Services to reduce the loss as a result of your User ID and PIN being stolen.
You may verify the security certificate of our website by clicking the 'Lock' icon at the browser's address bar, which a server certificate issued by VeriSign will appear and the details validity of the certificate will be shown.
Please report to us without delay when you detect any unusual transactions or observations like suspicious pop-up screens, abnormal Internet banking login steps etc.
You are strongly advised to do prompt checking of all relevant notifications and accounts statements/advice from the Bank and any information about the date and time of the last login to Internet banking (e.g.as shown in the notifications or upon login to Internet banking).
Your account service will be suspended after 12 months of not logging on Internet / Mobile Banking.

Internet

If you suspect a website that is not owned by the Bank, leave it immediately and do not follow the instructions it provides.
Logout the service, close the browser and clear browser cache after a banking session.
Do not leave your relevant devices (e.g. personal computer, mobile phone or palm) unattended in the middle of a session.
Do not browse other website by opening a new session, while you are using Internet Banking/Mobile Banking Services.
Do not use "Auto Complete" function provided by Internet Explorer or other software to remember your User ID and PIN.
You should also check if the domain name is one of the following
 
www.ocbcwhhk.com
ebanking.ocbcwhhk.com
m.ocbcwhhk.com
Do not access to the Bank's website through internet search engines or suspicious pop-up windows.
Please always connect to a bank website by typing the authentic website address into the browser or by bookmarking the genuine website for subsequent access.
Use encryption to protect your wireless network.

Types of Threats when using Internet

Fraudulent or spoof websites
  Where customers are asked to input their personal information, mistaking it to be the bank's genuine website.
Phishing
  Normally a spam e-mail containing a hyperlink to a log-on page, which requests online banking passwords. The page appears to be an official website but is actually a spoof website.
Trojan software
  A malicious code attached or embedded in software that is planted in a customer's PC by a fraudster to access the customer's personal information. A form of Trojan is "key-logger" which monitor and record the keystrokes when a person types on the keyboard(e.g. User ID and PIN). This information can be passed back to an unauthorized person.
Spyware
  Any software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet; however, it should be noted that the majority of shareware and freeware applications do not come with spyware. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about e-mail addresses and even passwords and credit card numbers.

Website's identity authentications

We have introduced the latest security measures, EV SSL Certificate (Extended Validation SSL Certificate), for website's identity verification. If you are using Internet Explorer 7.0 or above to access Internet Banking Services:

You can see the colour of the browser's address bar changes to green and shows the organization name of the website.
Please ensure the address bar is showing the Bank's name "OCBC Wing Hang Bank Limited [HK]" before logging in.
Click the Bank's name on the address bar to see the certificate's information.
You are under secure protection if the URL address starting with "https://" or show the 'Lock' icon at the browser's address bar after log in Internet Banking.

High-risk Online Transaction

Although you are protected by our Two-Factor Authentication while you initiate a high-risk transactions (for example, Non-registered Third Party Account Transfer (include OCBC Wing Hang and Other Bank Account Transfer, Telegraphic Transfer, CHATS and HK-Macau Instant Remittance), Bill payment to designated merchants, Overseas ATM Cash Withdrawal Setting and e-Cheque Issuance), the following security tips are highly recommended:
Ensure nobody is watching you while inputting your Security Key No and do not disclose your Security Key No. to anyone including our bank staff (it is not necessary for the Bank's employee to know the Security Key No.)
An SMS will be sent to your mobile phone after a high-risk transaction done. Please check carefully the details in the SMS must be the same as the transaction you have just completed.
Security Key No. SMS will only be sent to customer's pre-registered mobile phone number and not be forwarded to other mobile number even if customer has subscribed "SMS Forwarding Service" provided by telecommunications service providers in Hong Kong.
Please inform the bank staff to stop the service temporary at once if you have lost your mobile phone
If you have changed your mobile phone no., please inform the bank to update.
Before you finish the high-risk online transaction, do not leave your eBanking devices (e.g. personal computer, mobile phone or palm) unattended in the middle of a session.
Automatically reduce transaction limit. Transaction limit for "Non-registered Third Party Account Transfer" (including OCBC Wing Hang and Other Bank Account Transfer, Telegraphic Transfer, CHATS and HK-Macau Instant Remittance) will be reset to Zero automatically if no such fund transfer was conducted for more than 12 months. To reset the limit, please go to "Daily Limit Maintenance" on Internet Banking (Security Device is required) or submit a Personal eBanking Service - Alteration Request Form to any of our branches.

Security Device

Please follow the guidelines below to protect your Security Device:
Keep your Security Device in a safe and secured place all the time.
Store your Security Device in a dry and cool environment. Leaving your Security Device in extremely high or low temperatures or water may cause problems with the Security Device.
Do not open your Security Device or remove the battery or circuit board. Request for replacement if your Security Device is running out of battery.
Never leave your Security Device unattended or exposed with the One-Time Security Code displayed
Do not lend your Security Device to others.
Do not reveal your Security Device serial number or One-Time Security Code to anyone.
Refer to FAQ íV Security Device for more details.

Security Measures for the use of Mobile Banking

Please download our bank apps from official App Store or Google Play by searching "OCBC Wing Hang".
Do NOT save or store your login name and PIN in mobile phone.
Please set a hard-to-guess password and enable auto-lock for your mobile device.
To avoid login Mobile Banking in a crowded area (e.g. train compartment).
Prevent to share with others to use Mobile Banking in your mobile phone.
Prevent to access the public wifi when you are using Mobile Banking.
Turn off wireless network functions (eg. Wi-Fi, Bluetooth, NFC) which are not in use. If using Wi-Fi, please connect an encrypted network and remove any unnecessary connection settings.
Do NOT use any jailbreak mobile phone to login Mobile Banking, it will cause security loopholes.
Please install and update the latest anti-virus software in mobile phone regularly.
Please login and logout the Mobile Banking correctly after using.
Please use the defaulted browsers provided by mobile phone.
Please logout the Mobile Banking services when you are using another apps.
Please properly install and update other mobile apps and operating system of mobile platforms. Avoid installing and updating any suspicious mobile apps or operating system of mobile platforms from unknown sources.
Your account service will be suspended after 12 months of not logging on Internet / Mobile Banking.

Security measures for the use of Telematic Code and PIN of Telematic Banking

Ensure nobody is watching you while inputting your Telematic Code and PIN.
Keep Telematic Code and PIN private and NEVER disclose to anyone else including our staff and police.
Do Not allow others to use your Telematic Code and PIN.
Do Not use the same PIN of the Telematic Banking Services of other bank.
Always contact us immediately if you lose your PIN, or suspect your Telematic Banking account is stolen.
Use strong PIN. A good, strong PIN should meet all of these criteria:
  • Easy for you to remember, but difficult for others to guess,
    • The length of the PIN must be in EIGHT numeric characters
    • Use THREE or more different characters, e.g. 12522552
    • Do not use the same character for FIVE times or more, e.g. 11115721
    • Do not use FIVE or more consecutive characters (in alphabetical or reverse alphabetical order), e.g. 81234596, 98765753
    • Do not use your Telematic Code as your PIN
    • Do not use a PIN that is hard to memorize so that you have to written it down
    • Do not use easy accessible number or data such as your birthday, ID number or personal telephone number as your PIN

Security measures for the use of ATM Card and PIN

Destroy the PIN mailer after memorizing the PIN.
Do Not write down the PIN and never keep any written record of the PIN with your ATM card.
Change your PIN at any JETCO ATM regularly.
Avoid using easily accessible number such as personal data including your birthday, ID number or personal telephone number etc.
Do Not disclose your PIN to any person including any joint account holder, the police and the bank staff. The Bank will never ask for your PIN by any means such as email, SMS, phone, etc.
Do Not send your PIN via email / SMS and never use the same PIN to access other services.
Always stay alert when using ATMs. Cover the keypad with your hand with entering the PIN, and reject any assistance from strangers.
Do Not allow others to use your ATM card and PIN.
Be careful of any suspicious device on or near ATM and card reader slot before using ATM (e.g. pinhole camera, card reader, etc.).
Stop the transaction and report to the Bank immediately if you observe the PIN panel has been removed or loosened.
Remember to take back your ATM card after using ATM or POS terminal.
Count the banknotes immediately after cash withdrawal. Do not take the banknotes or ATM card left at an ATM dispenser by another person. The banknotes or ATM card will be automatically returned to the ATM.
Check account activity regularly to spot unusual transactions.
Immediately inform the Bank in case of any actual or suspected unauthorized use of your ATM card and/or PIN, or your ATM card is stolen or lost.
To comply with the latest regulatory requirement of The Hong Kong Monetary Authority to strengthen the security controls for ATM services, with effect from 1 March 2013, the overseas ATM cash withdrawal (including cash advances) service of all ATM cards and credit cards will be pre-set as "deactivated". Customers are required to activate Overseas ATM Cash Withdrawal Service for their ATM cards and credit cards before using overseas ATM to withdraw cash (including cash advances). No activation is required for cash withdrawal via JETCO ATMs in Macau and China.
Please put your ATM/credit cards that are used for authenticating customer identity at self-service terminals in safekeeping.

Security measures for the use of OCBC Wing Hang JETCO Pay mobile app

Keep your phone safe
Don't store your Mobile PIN, Internet/Mobile Banking User ID and PIN on your mobile handset.
Avoid using free Wi-Fi access point. Use trusted Wi-Fi networks or service providers.
Avoid sharing your mobile device with others. Use your own mobile device to register OCBC Wing Hang JETCO Pay service.
Don't leave your mobile device unattended after logon to this app.
Always quit the app when you are finished OCBC Wing Hang JETCO Pay transactions with it.
Set up auto-lock and enable passcode lock.
Don't forward your One Time Password (OTP) and push notification to anyone.
 
Use only trusted device and apps
Install and update the latest anti-virus and anti-spyware software regularly on your mobile handsets.
Use default browsers originally provided by the mobile devices rather than newly installed browsers downloaded from other sources.
Don't use any jailbroken or rooted mobile device.
Install apps on your mobile handsets from official and updated sources where appropriate.
Download mobile apps from official app stores, and ensure the search wording is correct.
Wipe data on your old mobile phone before you donate, resell or recycle it.

Email

The Bank will not ask for sensitive account and personal information such as User IDs and passwords via e-mails.
The Bank will not send e-mails with embedded hyperlinks (including those presented as QR code) to transactional websites to the customer for requesting enter or confirming any personal information and password.
Do not open Email attachment from unknown, suspicious or unreliable sources and delete it immediately.
Be aware of scam Emails which may pretend to be sent from your trusted business partners and friends, however they were designed to trap you into downloading a virus or visiting a fraudulent website and disclosing your sensitive information including your User ID and PIN.
Do not send your User ID and PIN or other sensitive personal or financial information via Email. We always use encrypted sites that are secure to receive the information.

Security measures provided by the external parties

Click here to learn more about digital security tips published by the Hong Kong Monetary Authority.
Click here to learn more about the latest cyber security and technology crime published by the Hong Kong Police.
Click here to learn more about the cyber security information provided by the Office of the Government Chief Information Officer.
By clicking the above links, you are now leaving the OCBC Wing Hang Bank Ltd website and entering a third party site. All the information you provide will be subject to confidentiality and security terms of the applicable third party site. OCBC Wing Hang Bank Ltd does not take responsibility for information you provide at such third party sites.

Keep the Bank updated of your contact information

To ensure the Bank can contact you in an efficient manner, please inform us your latest contact phone number and/or correspondence address by submitting a Change of Address Form to any of our branch.
 
=