The following are security tips when you use Corporate Mobile Banking Services, Mobile Token and Biometric Authentication:

• Do not save your Corporate Mobile Banking user name and password or Mobile Token Password on your mobile handset. Set a password that is difficult to guess and different from the ones for other services. The password should be changed regularly.
• Install and update the latest anti-virus and anti-spyware software regularly on your mobile handset, whenever available.
• Avoid sharing your device with others and use your own mobile handset/device for Corporate Mobile Banking Services, Mobile Token and Biometric Authentication. Do not leave your device unattended.
• When you log on to Corporate Mobile Banking Services, you should beware of whether anyone is trying to peek at your password. Do not leave your mobile handset unattended after logging on to Corporate Mobile App. Always log off properly when you have finished using the services.
• Set up auto-lock and passcode lock to prevent unauthorized access to your mobile handset.
• When you use Wi-Fi, only the trusted Wi-Fi networks or service providers should be used; Avoid logging into Corporate Mobile Banking Services via public Wi-Fi or Wi-Fi without password setting.
• Use the default operation system originally provided on your mobile handset rather than newly installed operation system downloaded from other sources.
• Do not use any jailbroken/rooted mobile handset which may have security loopholes to log on to Corporate Mobile Banking Services; to protect your online transactions, we will check whether your mobile handset is jailbroken or rooted upon using the Corporate Mobile Banking Services. Customers may not be allowed to access Corporate Mobile Banking Services via jailbroken or rooted mobile device.
• Do not install applications on your mobile handset from unknown sources. Understand the permissions of mobile applications before you install them. Do not use untrusted custom virtual keyboards.
• If you use the Corporate Mobile Banking Services, only download the app from official App stores (Google Play and App Store) or our website and update the software regularly.
• Install updates and patches to your mobile handset regularly, including upgrades/updates of your Operating System (OS) and other mobile applications. Enable data encryption on your handset if possible.
• When you activate Biometric Authentication, any fingerprint / facial map saved on your device can be used for Fingerprint Authentication or Facial Recognition. Therefore, you should only save your own fingerprint / facial map on your device and should not allow any third-party fingerprint / facial map to be saved on your device, or use other people’s device to log on to your Corporate Mobile Banking Services. Do not leave your device unattended.
• Do not use facial recognition for Biometric Authentication if you have an identical twin sibling or a sibling who looks like you.
• Do not use facial recognition for Biometric Authentication if you are an adolescent while your facial features may be undergoing a rapid stage of development.
• Do not take any action to disable any function provided by, and/or agreeing to any settings of, your device that would otherwise compromise the security of the use of your biometric credentials for Biometric Authentication (e.g. disabling “Attention-Aware” for facial recognition). • When you log on to Corporate Mobile App and conduct a transaction, you should beware of spying, unauthorized recording or other suspicious behavior. Please ascertain that the login information (including username, login password, token password) are not exposed for unauthorized access.