Two Factor Authentication

Two-factor Authentication Tools 

To enhance the online security level, the Company provides customers with a comprehensive range of two-factor authentication tools to safeguard the designated transactions and designated investment transactions* performed by customers via Internet/Mobile Banking. 

Types of Two-factor Authentication Tools:

“Mobile Token”

“Mobile Token” is a built-in function of BOCHK Mobile Banking. Once the “Mobile Token” is activated, you will be spared the hassle of carrying a separate physical “Security Device” to truly enjoy convenient and secure banking.

Upon activating the “Mobile Token” on compatible mobile device, you can confirm designated Mobile Banking transactions or designated investment transactions* via the preset passcode or using “Biometric Authentication”. In addition, you can also confirm designated Internet Banking transactions or designated investment transactions* by generating a one-time “Security Code”/“Transaction Confirmation Code” via the “Mobile Token”.

Features:

More convenient

Free from the hassle of carrying a separate physical "Security Device"
More simple

Confirm various transactions, such as third-party fund transfer, investment transactions, and more
More secure

  • Use “Biometric Authentication” (Fingerprint/Face ID) or
  • Preset passcode to enable the Mobile Token

 

Biometric Authentication

You can register “Biometric Authentication” (e.g. Fingerprint, Face ID) on your mobile device for the following services when you activate the “Mobile Token”:

  • Log in Mobile Banking
  • Enable the “Mobile Token” to confirm designated Mobile Banking transactions or designated investment transactions*
  • Enable the “Mobile Token” to generate a one-time “Security Code”/“Transaction Confirmation Code” to confirm designated Internet Banking transactions or designated investment transactions*

 

Activating the Mobile Token

Personal Customers:

1. Select “Mobile Token” icon on the homepage of BOCHK Mobile Banking (indicate in red circle below) 2. Select “Activate” 3. Log in to Mobile Banking
4. Register “Biometric Authentication” (Option to register later) 5. Set up “Mobile Token” Passcode 6. Follow the instructions on the page, and then you will receive an “One-Time Password” (OTP) from the mobile phone number registered with the Bank, input the OTP to complete the activation

 

Corporate Customers:

1. Select “Mobile Token” icon on the homepage 2. Log in Mobile Banking 3. Select “Activate”
4. Register “Biometric Authentication” (Option to register later) 5. Set up “Mobile Token” Passcode 6. Input “Security Device” one-time “Security Code”
7. You will receive an “SMS One-Time Password” (OTP) from the mobile phone number registered with the Bank, input the OTP to complete the activation    
   

 

Operating system requirements and compatible mobile device:

Mobile Token iOS Android
Operating System Personal Customers Corporate Customers Personal Customers Corporate Customers
iOS 14 or above iOS 14 or above Android 8.1 or above

 

Android 8.0 or above
Biometric Authentication
  • Fingerprint (Depending on the availability of fingerprint recognition function of the mobile device)

  • Face ID (Depending on the availability of Face ID recognition function of the mobile device)

  • Fingerprint (Depending on the availability of fingerprint recognition function of the mobile device)

 

Download Mobile Banking:

Please download BOCHK Mobile Banking now to activate the "Mobile Token"


New BOCHK Mobile Banking understands you better with its chic design and easy-to-use features.

Download now
iOS users         Android users    Huawei users
  

Android users
(If unable to access Google Play)

Version: 7.1.5
Updated on: 22 March 2024

Points to Note for “Mobile Token”:

  • For security reasons, customer can only activate “Mobile Token” on one mobile device.
  • For personal customers, upon successfully activation of “Mobile Token”, the “Security Device” (if any) will be suspended. For reactivation of “Security Device”, customers are required to suspend the “Mobile Token” on your mobile device.
  • Corporate customers can hold both “Mobile Token” and “Security Device” at the same time.
  • Please keep your mobile device that has activated “Mobile Token” function in a safe and secure place. In case of loss or damage, please suspend the “Mobile Token” and contact us immediately.

Remarks:

  • Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc.. Android, Google Play, and the Google Play logo are the registered trademarks of Google Inc.. Huawei AppGallery is provided by Huawei Services (Hong Kong) Co., Limited. HUAWEI EXPLORE IT ON AppGallery and the HUAWEI EXPLORE IT ON AppGallery logo are the registered trademarks of Huawei Technologies Co., Limited.

 

“Security Device”

Personal customers (except BOC Credit Card) can visit any of our branches to apply for “Security Device”. Primary Users of corporate customers can apply by submitting application form to any of our branches, or apply for Delegated Users through Corporate Internet Banking. "Security Device" with audio capability is also provided for the convenience of the visually impaired using Internet/Mobile Banking.

 

Points to Note for “Security Device”:

  • Upon receipt of the "Security Device", please log into the Internet Banking immediately and follow the instructions to activate the "Security Device".
  • Please keep your "Security Device" in a safe and secure place. Do not allow anyone to use your "Security Device" or leave it unattended. In case of loss or damage, please contact us immediately.

 

“e-Certificate”

Corporate customers can apply for “e-Certificate” as the two-factor authentication tool by submitting the application form to any of our branches. Upon completion of application, “e-Certificate” will be mailed to the registered correspondence address of the customers.

Below are the reminding notes for keeping your “e-Certificate” safe:

1. DO NOT disclose the passphrase to anyone (including BOCHK staff).

2. Change the passphrase of “e-Certificate” periodically.

3. Keep the “e-Certificate” in a safe place by a designated person/party to prevent unauthorized use of the device(s).

4. Keep the “e-Certificate” and the passphrase by different persons/parties.

5. Ensure the “e-Certificate” is completely unplugged/loaded off from your file transmission system after connection and keep in a safe place. DO NOT leave the “e-Certificate” unattended

6. Keep the system connect with terminal (e.g. iGTB CONNECT terminal) in a secure and safe place as well as to prevent unauthorized use.

7. If “e-Certificate” lost or suspects for any unauthorized use, please contact us immediately.

 

“One-Time Password”

Personal customers can receive a one-time password message through the customers’ registered mobile phone number to conduct designated investment transactions*.

 

Remarks:

Designated transactions:

  • Transfer funds to non-registered payee
  • Registration of third-party accounts
  • Issue e-cheque(s) / e-cashier's order(s)
  • Bill Payment (registration of designated merchant)
  • Transaction limit increment
  • Other high-risk transactions

 

Designated investment transactions:

  • HK Securities / Securities Margin, A Shares Securities / Securities Margin, US Securities

    • Trading
    • Monthly Stocks Savings Plan
    • IPO – Subscription / Financing
    • NotALot

  • Debt Securities / Certificates of Deposit

    • IPO
    • Buy / Sell

  • Funds

    • Subscribe
    • Redeem / Switch
    • Monthly Funds Savings Plan
    • Smart Invest

  • Precious Metal / FX Margin

    • Market Order
    • Good-Till-Date Order (include Trading/Delete)

  • Precious Metal

    • Trading

  • Structured Investment

    • Application

  • Currency Linked Investments

    • Open Dual Currency Investment
    • Open Option Linked Investment
    • Squaring Contract

  • Equity Linked Investments

    • Subscribe