This content sets out the online and ATM security information of Bank of China (Hong Kong) Limited, Nanyang Commercial Bank Limited, Chiyu Banking Corporation Limited and Po Sang Futures Limited (each named as a "Company"). Internet Banking refers to Company’s various Internet Banking Services or Online Futures Trading Service.

Customers are advised to check carefully that the transaction details enclosed with your SMS-based one-time password (OTP) for two-factor authentication must be the same as the transaction to be conducted by you via Internet Banking. In case of doubt, please do not input your OTP at any webpage.

Customers should log in Internet Banking Service and ensure the accuracy of the registered mobile phone number from time to time. In case of any discrepancy, please contact our staff immediately by calling:

Bank of China (Hong Kong) Limited (852) 233 233 28
Nanyang Commercial Bank Limited (852) 2622 2633
Chiyu Banking Corporation Limited (852) 2232 3625

An SMS notification will be sent to the registered mobile phone number of customer who has successfully conducted those high risk transactions (e.g. registration of bill, third party account, T/T account, beneficiary account via local bank transfer as well as increase of transaction limit and the like).

Customers are reminded NOT to login Internet Banking or Online Futures Trading Service through hyperlinks embedded in any emails. The Company will not ask for customers' account number, password or any personal information via emails.

Customers should read the Company’s security information from time to time to ensure that adequate and appropriate measures have been taken.

Customers must pay attention to the page layout of Internet Banking or Online Futures Trading Service. Please contact us immediately in case of any unusual change or enquiry.

The official website of each Company is as follows:

Bank of China (Hong Kong) Limited : www.bochk.com
Nanyang Commercial Bank Limited : www.ncb.com.hk
Chiyu Banking Corporation Limited : www.chiyubank.com
Po Sang Futures Limited : www.posangfutures.com

BulletBeware of fraudulent websites
BulletWhat have we done to protect you?
BulletWhat can you do to protect yourself?
BulletOther online frauds
BulletFraudulent emails
BulletSecurity certificate
BulletFrequently asked questions
BulletSecurity tips for ATM cardholders
Grey Line
Grey Line
Grey Line Red Arrow Beware of fraudulent websites
  • Customers are reminded to be vigilant of any fraudulent websites which seek to pass off as the Company’s website.
  • Unless you are certain that you are connected to the website of the Company, particulars of your Internet Banking or Online Futures Trading accounts should not be provided.
  • Under no circumstances would the Company send out any emails to ask for or verify customers' personal information, including but not limited to account number, PIN, account balance, HKID card number or passport number. You should not access your Internet Banking or Online Futures Trading accounts through hyperlinks embedded in emails sent to you from any unknown source. It is always prudent to type in our web address into the browser address bar to protect your personal information.
Back to Top
Grey Line
Grey Line
Grey Line Red Arrow What have we done to protect you?
  • With the use of 128bit Secure Socket Layer (SSL) encryption, we ensure the security of your data during transmission.
  • Our web servers are protected by firewall systems to prevent unauthorised access.
  • Our system will monitor each login attempt. If there are several consecutive login attempts with incorrect password, the online service will be suspended immediately.
  • In the event that you forget to logout from Internet Banking or Online Futures Trading Service, your online access will be disconnected automatically after a short period of inactivity to prevent unauthorised transaction.
  • We will not ask for customers' account number, password or any personal information via emails.
  • Bank of China (Hong Kong) Limited, Nanyang Commercial Bank Limited, Chiyu Banking Corporation Limited's Internet Banking Services provide digital certificates and SMS-based one-time password (OTP) as your two-factor authentication tools for further verification when you need to conduct high-risk online transactions.
  • During each login of CBS Online users, we will verify user's identity by validating the electronic certificate issued by Digi-Sign Certification Services Limited. To apply for an electronic certificate, please contact your account-opening bank. To learn more about its usage, please refer to the Certification Practice Statement of Digi-Sign Certification Services Limited via www.dg-sign.com.
  • You should not leave your two-factor authentication device(device for receiving SMS-based one-time password and e-Cert storage media) unattended to avoid unauthorised use of such device by third party to conduct online transaction.
Back to Top
Grey Line
Grey Line
Grey Line Red Arrow What can you do to protect yourself?

 Your password and personal information should be well protected

  • Upon receipt of your PIN mailer, you should change the password via Internet Banking or Online Futures Trading Service immediately and destroy the original PIN mailer.
  • Do not write the password on any of the devices used for Internet Banking or Online Futures Trading Service or anything nearby.
  • Do not use easy-to-guess numbers or words as your password, and avoid selecting the same password that you have used for accessing other web services.
  • Do not disclose your user name and password of your Internet Banking or Online Futures Trading Service to anyone (including bank staff and the police). You should also avoid disclosing your personal information such as HKID card number and date of birth to anyone.
  • Please memorise your password and never write down or record your password in a way that can be accessed easily by someone.
  • Please change your password regularly.
  • If you have lost your password/security device, or suspected that your password or security device has been used by an unauthorised party, or found any unauthorised transaction(s) associated with your account, please contact us immediately.

Protect your personal computer against hackers and viruses

Take precautionary measures while you are using Internet Banking or Online Futures Trading Service 

  • Do not access Internet Banking or Online Futures Trading Service from a shared computer in public such as cafes or bars with internet access.
  • Only pre-set and access reliable Wifi network for internet connection.
  • Do not login Internet Banking or Online Futures Trading Service through hyperlinks embedded in any emails or search engines.
  • Close all other internet browsers before accessing Internet Banking or Online Futures Trading Service. Do not open other internet browsers or visit any other websites while you are using Internet Banking or Online Futures Trading Service.
  • Make sure no one can see your user name and PIN when you login Internet Banking or Online Futures Trading Service.
  • Check your last login and logout record every time you use our Internet Banking or Online Futures Trading Service. Check your account balance and transaction records regularly. If you discover anything suspicious, please contact us immediately.
  • Click the "logout" button to exit from the system after you have finished all your online transactions. Please always clear the cache and history in your browser after using our online service.
  • If you have adopted secure media to store the e-Cert as two-factor authentication tool, remember to remove it from your computer and place it safely after finishing your online transaction.
  • Do not leave your computer unattended before logout.
  • To learn more about other online security measures, please click here.

Dual authorization for financial transactions ( Applicable to customers of CBS Online only)

  • To enhance security and ensure the accuracy of transaction details, you are advised to set up dual authorization for financial transactions.
Back to Top
Grey Line
Grey Line
Grey Line Red Arrow Other online frauds

Customers should always stay alert to any possible online frauds to avoid unnecessary loss.
Back to Top
Grey Line
Grey Line
Grey Line Red Arrow Fraudulent emails

Please note that viruses, Trojan software and hacker programmes can be distributed via emails. Virus like "Worms" can even reproduce and deliver infected emails to the recipients in your address book. Hence, you should not open any unknown or suspicious emails. Instead, you should delete them immediately. Please do not login Internet Banking or Online Futures Trading Service through embedded links in any emails. You should also perform virus scanning before opening any attachment. In addition, fraudsters will perpetrate frauds using emails.

Example of fraudulent emails: Fraudulent claims of estate

The email sender claimed to be a bank staff, inviting the recipient to pretend to be the next-of-kin of a deceased client who has left a huge sum of unclaimed fixed deposit. Upon receiving favourable reply, the fraudster requested the recipient to pay a fee in advance for preparing the necessary documents in order to claim that estate. Finally, the email recipient was cheated and could not reach the sender again.
Back to Top
Grey Line
Grey Line
Grey Line Red Arrow Security certificate

Microsoft Internet Explorer

  • Click the 'security lock icon' at the bottom right corner
  • Check the valid date of the certificate and the following information

Bank of China (Hong Kong) Limited, Nanyang Commercial Bank Limited and Chiyu Banking Corporation Limited

domain name as issued to: its.bochk.com
Issued by: www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign

 

Po Sang Futures Limited

domain name as issued to: trading.posangfutures.com
Issued by: Thawte Premium Server CA

 
Back to Top
Grey Line
Grey Line
Grey Line Red Arrow Frequently asked questions
Red Arrow Bullet

What is Secure Socket Layer (SSL) 128-bit encryption?
Our Internet Banking or Online Futures Trading Service uses SSL 128-bit encryption, which is one of the online security standards for commercial application. All data transmitted via Internet Banking or Online Futures Trading Service is protected by this technology to ensure data security.
Red Arrow Bullet

What precautions should I take when I set up my password?
  • Do not use your date of birth, HKID card number, telephone number or any combinations of your English name as your password.
  • Do not use 3 or more consecutive identical characters, e.g. "333", "bbb", etc.
  • Do not use sequential numbers or characters, e.g. "123", "abc", etc.
  • Do not use your user name or login ID as your password.
Red Arrow Bullet How often should I change my password?
You are advised to change your password regularly. If you have not changed your password over certain period of time, our system will remind you automatically.
Red Arrow Bullet

How can I contact the Company in case of any enquiries?

Bank of China (Hong Kong) Limited

  • Customer Service Hotline: (852) 233 233 28
  • BOCHK Internet Banking: (852) 233 233 28
  • CBS Online: (852) 2929 2333
  • BOCHK Financial Institutions Online: (852) 2929 2333
  • BOC Credit Card: (852) 2853 8828

Nanyang Commercial Bank Limited

  • Customer Service Hotline: (852) 2622 2633
  • Internet Banking: (852) 2622 2633
  • CBS Online: (852) 2622 2633
  • BOC Credit Card: (852) 2853 8828

Chiyu Banking Corporation Limited

  • Customer Service Hotline: (852) 2232 3625
  • Internet Banking: (852) 2232 3625
  • CBS Online: (852) 2840 1600
  • BOC Credit Card: (852) 2853 8828
  • Internet Banking - The Mainland of China
    • Fuzhou Branch: (591) 87810078 EXT. 888
    • Xiamen Branch: (592) 5851691
    • Xiamen Jimei Sub-Branch: (592) 6193302

Po Sang Futures Limited

  • Head Office Address: 1/F., Wing On House, 71 Des Voeux Road Central, Hong Kong
    Telephone Number: (852) 2815 4655
    Fax Number: (852) 2854 1955
    E-Mail Address: psf@bochk.com
  • Mongkok Branch
    Address: 3/F., 33 Argyle Street, Mongkok, Kowloon
    Telephone Number: (852) 2398 1005
    Fax Number: (852) 2787 3482
Red Arrow Bullet

How can I protect my personal information?

You may be asked to provide your personal information (such as ID card number and date of birth) as additional identity verification when using Internet Banking or Online Futures Trading Service. However, you should not disclose your personal information to any third party other than for the aforesaid purpose. You should also keep the documents (such as letters and bank statements) which include your personal information in a proper manner.
Red Arrow Bullet

Why should I update my operating systems and browsers regularly?

You should check and download patches provided by software vendors to fix security loopholes of the operating systems or web browsers. This helps avoid unauthorised access or attacks of computer viruses or hackers.
Red Arrow Bullet What is a firewall?
A firewall is a programme that helps protect your computer and your data from unauthorised access via the network.
Red Arrow Bullet Why should I update my anti-virus software regularly?
New computer virus appears from time to time. To protect your computer against the latest virus, you should update the virus definition file regularly. Most anti-virus software supports the automatic update or download of virus definition file. For details, please refer to the user manual of your anti-virus software.
Red Arrow Bullet

 What is Trojan Software?

Trojan software can hide in your computer system and capture every input from the keyboard in order to obtain your login ID and password.  In the event that anything is found unusual when you are accessing Internet Banking or Online Futures Trading Service, please contact us immediately and do not input any information or password.
Red Arrow Bullet

 What is Man-In-The-Browser Attack?

Man-In-The-Browser Attack is a kind of Trojan Software. Perpetrator  can redirect your instruction to a fraudulent website or  instantly modify your instruction placed via  Internet  Banking  or Online Futures Trading Service. To protect your interest, please download and install updates and patches for your operating systems and browsers regularly.  In the event that anything is found unusual when you are accessing  Internet Banking  or Online Futures Trading Service, please contact us immediately and do not input any information or password.
Red Arrow Bullet

 What is Spyware?

Spyware can monitor and record your online activities (e.g the websites you have visited), and send such information to unauthorised parties without your consent. To protect your interest, please do not install freeware in the computer with which you access Internet Banking or Online Futures Trading Service.
Red Arrow Bullet  How can I set up the security settings of Wireless LAN?
  • Do not place the Access Point (AP) too close to doors and windows to avoid data captured and decrypted by third party due to wireless signal exposure.
  • Turn off the power supply and disconnect from the wireless network after use.
  • Take appropriate security measures to protect the Wireless LAN. Do not disclose the security setting of your wireless network to any third party.
Red Arrow Bullet

 Precautionary measures for using internet
  • Disconnect from internet after you have finished using Internet Banking or Online Futures Trading Service.
  • Encrypt and secure your electronic storage media to protect your personal data from unauthorised access.
  • Do not save or keep your password in your browser, and disable the "Auto-Complete" feature to prevent others from obtaining your information via the browser.
  • Disable the "File and Printer Sharing" function and set up the proper access rights of your computer to avoid unauthorised access to your data via the network.
  • Do not download any illegal or unauthorised software to prevent infection of computer virus or Trojan Software. Remember to perform virus scanning before opening any files from insecure sources.
Red Arrow Bullet

 Where can I obtain more information about the precautionary measures of using Internet Banking or Online Futures Trading Service?
Back to Top
Grey Line
Grey Line
Grey Line Red Arrow Security tips for ATM cardholders

Protecting your PIN and ATM card

To prevent any fraudulent cases, please keep your PIN secret and your BOC Card safe upon receipt of your PIN and BOC Card. In addition, please note the followings:

  • Destroy the PIN mailer issued by the Company to avoid divulging of the PIN.
  • Do not disclose your PIN to anyone (including bank staff and the police).
  • Do not allow anyone else to use your card or PIN.
  • Never write down the PIN on the card or anything which is usually kept with it.
  • Do not write down or record PIN without disguising it.
  • Do not use your name, date of birth, ID number, telephone or lucky number, or other easy-to-guess personal information as your PIN; Please also avoid using the same PIN to access other services like connection to internet or other websites.
  • Change your PIN frequently.

When using ATM

  • Cover the key pad with your hand when entering your PIN at ATMs.
  • In the event that anything abnormal or any unusual device(s) is/are installed at the card slot or on the key pad, please do not use the ATM and notify the Company immediately.
  • Stay alert and do not let any strangers near the ATM distract you or look at your PIN.
  • If any strangers offer assistance to you, please ignore and leave as soon as possible after completing your transaction.
  • If you have any difficulties when using ATM, you should cancel the transaction immediately and report to our staff or call our 24-hour ATM Service Hotline at 2691 2323 for further assistance.

Points to remember

  • If you have lost or leaked your PIN, or have found any unauthorised use / transaction of your card, please notify the Company immediately.
  • Please carefully examine the transaction details listed in the statement of account, advice and confirmation. In case of any error or unusual  transaction, you must notify the Company immediately.
  • You can conveniently access your transaction records via Internet Banking.