SECURITY ISSUE
 

Latest Update

1. You should keep the security device provided by our bank in a safe place.

2. Do not access your bank website or provide your personal information (including your password) through any hyperlinks or attachments embedded in emails or from websites. Corporate Internet Banking should be accessed by entering our bank’s website address directly, or using a bookmark.

3. Please log out the Corporate Internet Banking after conducting Corporate Internet Banking transactions.

4. Check our bank’s SMS messages and other messages in a timely manner. Inform our bank immediately in case of any suspicious situations. Banks will not ask for any sensitive personal information (including passwords) through phone calls or emails.

5. Do not access Corporate Internet Banking Services from public places/ Wi-Fi network or from shared computers. You never know what malicious programs might be installed on the PC or network you use there.

6. Please log out the Corporate Internet Banking after conducting Corporate Internet Banking transactions.

7. Our Bank suggests you to set difficult-to-guess passwords for your computer, and activate the auto-lock function.

8. Disable any wireless network functions not in use of your device to mitigate any cyber security threats. Choose encrypted networks when using Wi-Fi and remove any unnecessary Wi-Fi connection settings.

 
Internet Security Measures by the Bank
To secure your banking information and account details, our Corporate Internet banking provides the following measures.
1.   Transport Layer Security (TLS) & Strong Encryption
    When using Corporate Internet Banking Services via Internet, all account and transaction information will be encrypted by TLS encryption technology.
2.   Automatic time out
    The Corporate Internet Banking system has an automatic log-off function. The service will automatically log off after 60 minutes account inactivity so as to prevent unauthorized access of customers account. Automatic time-out function will be valid even if there are transactions in progress.
3.   Personal Identification Number (PIN)
(i)    Unique Corporate Internet Banking number, User ID / Log-in Name and User password is required to access Corporate Internet Banking and the account will be locked if incorrect password has been entered 5 times consecutively in order to protect our customers' interest.
(ii)   Our bank or our agents/business partners will never ask for your PIN or passwords by e-mail or any other means. Please do not access your internet banking account through hyperlinks embedded in emails or from other search engines. If you have any queries, please call our corporate customer services hotline at 22 699 388.
4.   Digital Certificate
   

Our bank website has a digital certificate issued by VeriSign Corporation. To ensure that you are connecting with Bank of Communications, Hong Kong Branch, you can find a small 'lock' or 'key' icon (Security padlock), in the bar at the bottom right corner of your Web browser. Double clicking the security padlock, you can verify the website's authenticity by viewing the web certificate issued by VeriSign.

5.   Multiple Authorizations
   

In order to conduct your transactions in a safer manner, you can choose multiple management control and set multiple authorization rights for Corporate Internet Banking, in which maker and checker(s) are required for internet banking transactions.

The security padlock icon will show you the digital certificate details.

Note: If you find that the certificate contains any message different from what is illustrated above, please contact Bank of Communications, Hong Kong Branch corporate customer services hotline 22 699 388 for more information or assistance.

 


Security Measures by Customers
To avoid unauthorized access to your account(s), you should pay attention to the following points: 
1.   Personal Identification Number (PIN)
(i)     Create a password with a combination of letters and numbers. Do not use the easily guessable password, such as telephone number, birthday, ID number or any personal associated numbers.
(ii)   Do not write down or record the PIN without disguising it.
(iii)    Do not use the same password in accessing other Internet services.
(iv)   Do not reveal your password to anyone else (including our bank staff and police).
(v)   Do change your password regularly, such as every 30-day. If you suspect your password has been known by someone else, you should change it immediately; if you cannot change your password through internet, please contact our corporate customer services hotline 22 699 388.
(vi)   Our bank or our agents/business partners will never ask for your PIN or passwords by e-mail or any other means. Please do not access your Corporate Internet Banking account through hyperlinks embedded in emails or from other search engines. If you have any queries, please call our corporate customer services hotline at 22 699 388.
(vii)   You should keep the security device provided by our bank in a safe place.
2.   Using Internet Banking
(i)   Never leave your Corporate Internet Banking session unattended. Do click [Logout] button to exit the service upon completion of banking transactions.
(ii)   Follow this document when conducting Corporate Internet banking transactions.
(iii)   Do not disclose your personal information if you have any doubts about the websites.
(iv)   Do not access your bank website or provide your personal information (including your password) through any hyperlinks or attachments embedded in emails or from websites. Corporate Internet Banking should be accessed by entering our bank’s website address directly, or using a bookmark.
(v)    Check your account statement, transaction history and account balance regularly, and contact us immediately if you have any doubts about the account transactions.
(vi)   Do not download software from unknown websites.
(vii)     Please log out the Corporate Internet Banking after conducting Corporate Internet Banking transactions.
(viii)     Avoid using the same computer with others, or clear the history if it is unavoidable.
(ix)     Check our bank’s SMS messages and other messages in a timely manner. Inform our bank immediately in case of any suspicious situations. Banks will not ask for any sensitive personal information (including passwords) through phone calls or emails.
(x)    In order to safeguard your interest, you should visit any of our branches/sub-branches to amend your Mobile Phone Number if you are in the User Type of "Manager" or "Administrator" , or you are in the User Type of "User" under the mode of "Maintained by Bank". You should amend your Mobile Phone Number via "Change User Info" function by using the two-factor authentication tool (eg. Digital Certificate) if you are in the User Type of "User" under the mode of "Maintained by Customer"
(xi)   In order to strive for better security protection, we provide with the following security measures as follows:
  1. If customers have not made any successful fund transfer to any un-registered third party account(s) through "Transfer Within Bank(Unregistered)", "Transfer to Local Bank(Unregistered)", "Transfer to Overseas(Unregistered)" or "ECT/Payroll" function to any unregistered account(s) in the past twelve months, we will temporarily adjust the transaction limit(s) to zero;
  2. If customers have not used bill payment service to successfully pay any designated merchants including "Banking and Credit Card Services", "Credit Services" or "Security Brokers" in the past twelve months, we will temporarily suspend the bill payment service to all designated merchants.

Please visit any of our branches/sub-branches to resume the above function(s).

The notification will be sent to you prior to one month before execution of the above security measures, and message about the notification will be shown on the welcome page once login. You can click into the "Banking Service Alert" under "Service Notice" function for viewing the notice. If you have done the above high risk transaction(s) successfully prior to the 12th month via your Corporate Internet Banking Services account, the above security measures will not be imposed on that particular high risk transaction function(s) when it reaches the 12th month.

(xii)    Proceed high-risk transactions through Corporate Internet Banking Services, two-factor authentication is required (Security Code):
  • Addition of authorized Corporate Internet Banking user
  • Transfer "Within Bank"
  • Transfer to "Local Banks" (i.e. CHATS)
  • Transfer to "Overseas" (i.e. Overseas Remittance)
  • ECT/Payroll
  • FX Order
  • Time Deposit
  • Bills
  • MPF
  • Stop Cheque 
(xiii)  

" SMS One-time Password " and SMS for " Notification of Execution of Designated Transactions " issued by our bank will be sent to your registered mobile phone number only. If your mobile phone that registered SMS or contact number has been changed, please visit our branches to complete the update procedures.

(xiv)    To learn more about Internet Trading Security , you can also get more information from the website published by Hong Kong Monetary Authority - "Consumer Education Programme - Major Safety Tips on Using Internet Banking Services ".
3.   Protect your online transaction
(i)    Do not access Corporate Internet Banking Services from public places/ Wi-Fi network or from shared computers. You never know what malicious programs might be installed on the PC or network you use there.
(ii)    Enter your password and account information under secure environment when you are using Corporate Internet Banking Services.
4.   Protect your computer
(i)     Our Bank highly recommend you to Install a personal firewall on your computer. Personal firewall software is designed to prevent hackers from accessing the computer.
(ii)    In order to prevent computer virus invasion, customer is recommended to install anti-virus software and update its version regularly.
(iii)    If any unusual screens pop up and/or the computer responds unusually slow, customers are advised to log out from the Corporate Internet Banking and scan the computer with the most updated version of virus protection software.
(iv)    Emails are a common way to spread viruses. Our bank will not send out email with attachment. If you are at all suspicious, do not open the email and please contact our Customer Services Hotline immediately at 22 699 388.
(v)    Our Bank suggests you to set difficult-to-guess passwords for your computer, and activate the auto-lock function.
(vi)    Our Bank suggests you to download and upgrade your applications or software from official and reliable sources only. Do not browse suspicious websites.
(vii)    Disable any wireless network functions not in use of your device to mitigate any cyber security threats. Choose encrypted networks when using Wi-Fi and remove any unnecessary Wi-Fi connection settings.
5.   Security guideline
    To learn more about Internet Trading Security , you can also get more information from the leaflet released by the Hong Kong Monetary Authority and the Hong Kong Association of Banks - Smart Tips on Using Internet Banking Services.