1.  What is 'SMS One-time Password '(SMS OTP) ?

SMS stands for‘Short Message Service'.‘SMS One-time Password' is a password which is used for authenticating customers' identity online. As soon as customers transact a particular transaction online, we will send by SMS notification to their designated mobile phone a‘SMS one-time password' together with the transaction details. Only if they input this password can the transaction be initiated so as to ensure the validity of the transactions. The service is available to account holder only.

2.  I don't register a mobile phone number to receive the SMS notification. Can I continue using the internet banking service?     

If you don't prefer to receive the SMS notification, you may have a restricted access to the internet banking service. For instance, you are not allowed to make funds transfer to unregistered third party accounts in the internet banking. You may go to our branches or send us your application by post to register third party funds transfer service so that you can make funds transfer in the internet banking.

3.  What should I do when I receive your SMS notification?    

When you receive our SMS notification, you must scrutinize the transaction details and confirm its accuracy. You should immediately report to the bank any transaction errors, irregularities or omissions, etc.

4.  Internet banking account holders should have their own password to access Internet Banking. How come we need a SMS one-time password?

Yes, we issue each internet banking account holder a password for the purpose of authentication when accessing Internet Banking, authorization when transacting general transactions online. In order to safeguard our customers' interests, we require some high-risk transactions verified by two-factor authentication before processing. SMS one-time password is one of the two-factor authentication methods serving the purpose.

5.  Should we need to register SMS one-time password?

As mentioned above, some high-risk transactions need to be verified by two-factor authentication before they go ahead. In addition to SMS one-time password, e-certificate is another two-factor authentication method. We recommend that you, as our customer, register SMS one-time password in order to enjoy a full range of our internet banking services.

6.  How can I register SMS one-time password?

You are welcome to visit our branch or sub-branches and we are pleased to help.

7.  I do not immediately use the SMS one-time password after receiving it. Can I retain it for next transaction?

SMS one-time password is applicable only to the current transaction. The password will become invalid unless 
you apply it within 100 seconds, its time-limit, after its dispatch. Besides, the password is also inoperative in the following circumstances.

1. Used more than one time (for once); 

2. Input incorrect password five consecutive times;

3. After inputting the password, not press‘Confirm' button and instead press other buttons, ‘Change' ‘Cancel' or other function buttons.

8.  How does the SMS one-time password work? And what is the transaction flow from the beginning to transaction completion?

You login to internet banking and access the selected transaction input screen (at the page bottom there requires SMS one-time password to transact). Once you input the transaction data and press‘Submit' button, we will send by SMS notification to your designated mobile phone a‘SMS one-time password' together with the transaction details which you must first examine with care and verify its accuracy before you input the one-time password in the password field box at the web page and press ‘Confirm' button to authorise the transaction. After transactions completed, we will send to your designated mobile phone another SMS notification showing the transaction type, part of the third party account number and the amount for your review.  Should there be any doubts, please contact us immediately. When you change your designated mobile phone number or any other contact number, please visit any of our branches to update the new number.

9.  I have registered the 'SMS One-time Password '. I don't receive any SMS when or after I carry out high-risk transactions online. Why?

SMS may be interfered or interrupted by the traffic in the mobile phone network. Please try again to carry out the unsuccessful transaction. For enquiries, please contact us at (852) 2269 9699 for assistance.

10. I have registered 'SMS OTP'. I am now not allowed to transfer funds to unregistered a/c & make bill payment to financial institutions.Why?

If you haven't made funds transfer to unregistered account and paid bill to merchant categories which belong to banking and credit card services, credit services and securities brokers in the past 12 months, to safeguard your interests, we will temporarily terminate the transfer and bill payment service until you go to any of our branches to reactivate the functions.

11. I have registered e-certificate as a two-factor authentication. I am not allowed to carry out high-risk transactions in the internet banking. Why?

With effect from 16/11/2009, e-certificate holders are not allowed to transact high-risk transactions through the internet banking unless they register the SMS Alert Service and the SMS One-time Password Service, the latest security measures for internet banking. Please visit any of our branch or sub-branches to apply for the services.