• Customers are reminded to be vigilant of any fraudulent websites which seek to pass off as the Company’s website.
• Unless you are certain that you are connected to the website of the Company, particulars of your Internet Banking or Online Futures Trading accounts should not be provided.
• Under no circumstances would the Company send out any emails to ask for or verify customers' personal information, including but not limited to account number, PIN, account balance, HKID card number or passport number. You should not access your Internet Banking or Online Futures Trading accounts through hyperlinks embedded in emails sent to you from any unknown source. It is always prudent to type in our web address into the browser address bar to protect your personal information.

• With the use of 128bit Secure Socket Layer (SSL) encryption, we ensure the security of your data during transmission.
• Our web servers are protected by firewall systems to prevent unauthorised access.
• Our system will monitor each login attempt. If there are several consecutive login attempts with incorrect password, the online service will be suspended immediately.
• In the event that you forget to logout from Internet Banking or Online Futures Trading Service, your online access will be disconnected automatically after a short period of inactivity to prevent unauthorised transaction.
• We will not ask for customers' account number, password or any personal information via emails.
• Bank of China (Hong Kong) Limited, Nanyang Commercial Bank Limited, Chiyu Banking Corporation Limited's Internet Banking Services provide digital certificates and SMS-based one-time password (OTP) as your two-factor authentication tools for further verification when you need to conduct high-risk online transactions.
• During each login of CBS Online users, we will verify user's identity by validating the electronic certificate issued by Digi-Sign Certification Services Limited. To apply for an electronic certificate, please contact your account-opening bank. To learn more about its usage, please refer to the Certification Practice Statement of Digi-Sign Certification Services Limited via www.dg-sign.com.
• You should not leave your two-factor authentication device(device for receiving SMS-based one-time password and e-Cert storage media) unattended to avoid unauthorised use of such device by third party to conduct online transaction.

 Your password and personal information should be well protected

• Upon receipt of your PIN mailer, you should change the password via Internet Banking or Online Futures Trading Service immediately and destroy the original PIN mailer.
• Do not write the password on any of the devices used for Internet Banking or Online Futures Trading Service or anything nearby.
• Do not use easy-to-guess numbers or words as your password, and avoid selecting the same password that you have used for accessing other web services.
• Do not disclose your user name and password of your Internet Banking or Online Futures Trading Service to anyone (including bank staff and the police). You should also avoid disclosing your personal information such as HKID card number and date of birth to anyone.
• Please memorise your password and never write down or record your password in a way that can be accessed easily by someone.
• Please change your password regularly.
• If you have lost your password/security device, or suspected that your password or security device has been used by an unauthorised party, or found any unauthorised transaction(s) associated with your account, please contact us immediately.

Protect your personal computer against hackers and viruses

• Download and install updates and patches for your operating systems and browsers regularly.
• Install firewall systems on your personal computer.
• Install anti-virus software on your personal computer. Update the virus definition file and perform virus scanning regularly.
• Avoid downloading or installing programmes from unreliable sources or opening suspicious files or emails. This helps protect your personal data againse hackers' programmes or viruses.
• If you access our Internet Banking or Online Futures Trading Service via wireless network, please check your network security settings.

Take precautionary measures while you are using Internet Banking or Online Futures Trading Service 

• Do not access Internet Banking or Online Futures Trading Service from a shared computer in public such as cafes or bars with internet access.
• Only pre-set and access reliable Wifi network for internet connection.
• Do not login Internet Banking or Online Futures Trading Service through hyperlinks embedded in any emails or search engines.
• Close all other internet browsers before accessing Internet Banking or Online Futures Trading Service. Do not open other internet browsers or visit any other websites while you are using Internet Banking or Online Futures Trading Service.
• Make sure no one can see your user name and PIN when you login Internet Banking or Online Futures Trading Service.
• Check your last login and logout record every time you use our Internet Banking or Online Futures Trading Service. Check your account balance and transaction records regularly. If you discover anything suspicious, please contact us immediately.
• Click the "logout" button to exit from the system after you have finished all your online transactions. Please always clear the cache and history in your browser after using our online service.
• If you have adopted secure media to store the e-Cert as two-factor authentication tool, remember to remove it from your computer and place it safely after finishing your online transaction.
• Do not leave your computer unattended before logout.
• To learn more about other online security measures, please click here.

Dual authorization for financial transactions ( Applicable to customers of CBS Online only)

• To enhance security and ensure the accuracy of transaction details, you are advised to set up dual authorization for financial transactions.

To ensure customer data security, please install any of the browser versions we recommended to log onto the Internet Banking after 20th Nov 2011. The minimum specification is as follows:

Personal Internet banking
Microsoft Internet Explorer (version 6 or above)
Mozilla Firefox ((version 3 or above)
Apple Safari (version 4 or above)
Google Chrome (version 6 or above)
(For optimum effect, kindly use Microsoft Windows and Internet Explorer (version 6,7,8) to login Personal Internet Banking.)

Corporate Internet banking
Microsoft Internet Explorer (version 4 or above)

Please note that viruses, Trojan software and hacker programmes can be distributed via emails. Virus like "Worms" can even reproduce and deliver infected emails to the recipients in your address book. Hence, you should not open any unknown or suspicious emails. Instead, you should delete them immediately. Please do not login Internet Banking or Online Futures Trading Service through embedded links in any emails. You should also perform virus scanning before opening any attachment. In addition, fraudsters will perpetrate frauds using emails.

Example of fraudulent emails: Fraudulent claims of estate

The email sender claimed to be a bank staff, inviting the recipient to pretend to be the next-of-kin of a deceased client who has left a huge sum of unclaimed fixed deposit. Upon receiving favourable reply, the fraudster requested the recipient to pay a fee in advance for preparing the necessary documents in order to claim that estate. Finally, the email recipient was cheated and could not reach the sender again.

Microsoft Internet Explorer

• Click the 'security lock icon' at the bottom right corner
• Check the valid date of the certificate and the following information

Bank of China (Hong Kong) Limited, Nanyang Commercial Bank Limited and Chiyu Banking Corporation Limited

domain name as issued to: its.bochk.com
Issued by: VeriSign Class 3 Extended Validation SSL SGC CA

(Personal Internet Banking has adopted EV SSL Certificate (Extended Validation SSL Certificate). Customer can validate the bank website's identity in the green address bar of the browser and accessing the details in the certification. For details on EV SSL Certificate, please refer to the "Verisign" website.)

domain name as issued to: cbs.bochk.com
Issued by: www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign

Po Sang Futures Limited

domain name as issued to: trading.posangfutures.com
Issued by: Thawte Premium Server CA

The system will run a specific Java applet programme on the user’s computer when e-Certificate is used as an authentication tool for CBS Online customers. For the sake of security, most of the Internet browsers will pop-up a window showing the e-Certificate signing authority and related authentication information for customers to verify the programme.

Before login to the CBS Online, customers are asked to verify the following information:

1. Distributed by: "Bank Of China (Hong Kong) Limited".
2. Publisher authenticity verified by: ”Thawte Consulting cc”.
3. Security certificate has not expired and is still valid.

Is Mobile Banking secure?

• We have developed various security measures to safeguard your information. The website is protected with strong encryption (128-bit Secure Sockets Layer). Access is protected by personalized username and password. The system is protected from duplicate access (Customer cannot sign on at the same time with different devices). The session will be automatically terminated after idling for around 10 minutes, which prevents unauthorized use of your session by anyone else.

How can I access and sign on Mobile Banking?

• Visit one of the following URLs with the web browser in your mobile handset and sign on with your Internet Banking Number / User Name and Password.

BOC Group	Mobile Banking URLs
Bank of China (HK) Ltd.	https://m.bochk.com
Nanyang Commercial Bank Ltd.	https://m.ncb.com.hk
Chiyu Banking Corporation Ltd.	https://m.chiyubank.com

Can I know more about the security measures of Mobile Banking?

• The certificate of our Mobile Banking is issued by VeriSign to "m.bochk.com, Bank of China (Hong Kong) Ltd".

What should I avoid when using Mobile Banking?

• Do not save or keep your password in your browser, and disable the "Auto-Complete" feature to prevent others from obtaining your information via the browser.
• Avoid signing on Mobile Banking via public Wi-Fi (wireless network) and Wi-Fi without password setting. We advise using pre-set and reliable mobile internet connection.
• Avoid using Mobile Banking in crowded area and take note of entering password via specific handsets. The format of password may be enlarged with clear display. It would arouse people nearby from getting your information indirectly. You should take extra care.
• Check your last login and logout record every time you use our Internet Banking or Online Futures Trading Service. Check your account balance and transaction records regularly. If you discover anything suspicious, please contact us immediately.
• You should hold accountability of ensuring your password and personal information that are well protected
• Do not write the password on any of the devices used for Mobile Banking or anything nearby.
• Do not use easy-to-guess numbers or words as your password, and avoid selecting the same password that you have used for accessing other web services.
• Do not disclose your user name and password of Mobile Banking to anyone (including bank staff and the police). You should also avoid disclosing your personal information such as HKID card number and date of birth to anyone.
• Please memorise your password and never write down or record your password in a way that can be accessed easily by someone.
• Please change your password regularly.
• If you have lost your password/security device, or suspected that your password or security device has been used by an unauthorised party, or found any unauthorised transaction(s) associated with your account, please contact us immediately.

What if there is an incoming call or weak signal when I am placing an instruction? How can I ensure the instruction has been submitted?

• One of the followings can tell whether the instruction has been successfully submitted:
• The Order Number upon transaction completion; or
• Last Ten Transaction Records

Do I need to close the web browser after logging out Mobile Banking?

• You are advised to close the web browser after logging out and delete the temporarily saved and past historical records on a regular basis.

Protecting your PIN and ATM card

To prevent any fraudulent cases, please keep your PIN secret and your BOC Card safe upon receipt of your PIN and BOC Card. In addition, please note the followings:

• Destroy the PIN mailer issued by the Company to avoid divulging of the PIN.
• Do not disclose your PIN to anyone (including bank staff and the police).
• Do not allow anyone else to use your card or PIN.
• Never write down the PIN on the card or anything which is usually kept with it.
• Do not write down or record PIN without disguising it.
• Do not use your name, date of birth, ID number, telephone or lucky number, or other easy-to-guess personal information as your PIN; Please also avoid using the same PIN to access other services like connection to internet or other websites.
• Change your PIN frequently.

When using ATM

• Cover the key pad with your hand when entering your PIN at ATMs.
• In the event that anything abnormal or any unusual device(s) is/are installed at the card slot or on the key pad, please do not use the ATM and notify the Company immediately.
• Stay alert and do not let any strangers near the ATM distract you or look at your PIN.
• If any strangers offer assistance to you, please ignore and leave as soon as possible after completing your transaction.
• If you have any difficulties when using ATM, you should cancel the transaction immediately and report to our staff or call our 24-hour ATM Service Hotline at 2691 2323 for further assistance.

Points to remember

• If you have lost or leaked your PIN, or have found any unauthorised use / transaction of your card, please notify the Company immediately.
• Please carefully examine the transaction details listed in the statement of account, advice and confirmation. In case of any error or unusual  transaction, you must notify the Company immediately.
• You can conveniently access your transaction records via Internet Banking. 

Bank of China (Hong Kong) Limited, Nanyang Commercial Bank Limited, Chiyu Banking Corporation Limited and BOC Credit Card provide e-certificates and SMS-based One-time Password (OTP) for enhanced identity verification through two-factor authentication before you conduct high-risk transactions online. If you use the SMS-based OTP service, please note the following items:

• With effect from 31 October 2011, our SMSs (if any) in respect of "One-time Password" and "Notification of Execution of Designated Transactions" will be sent only to your mobile phone number registered with our bank. Such SMSs will not be forwarded to any other phone number even if you have enabled the "SMS Forwarding Service" provided by the mobile phone service providers in Hong Kong.
• The OTP will be sent only to the mobile phone number provided by the following Mobile Network Operators in Hong Kong which comply with our security requirements:
  • SmarTone Telecommunications Holdings Limited
  • PCCW Limited
  • CSL Limited
  • Hutchison Telecommunications Hong Kong Holdings Limited
  • China Mobile Hong Kong Company Limited
• You are advised to check carefully the transaction details given in the OTP SMS for two-factor authentication against the transaction to be conducted by you via the Internet Banking. Please do not input your OTP at any webpage in case of any doubt.