Security Information

(Note: Chiyu are no longer members of BOCHK Group. The relevant webpages will be updated as soon as possible.)

This webpage sets out the security information of the electronic banking (“e-banking”) services offered by Bank of China (Hong Kong) Limited ("BOCHK"), Chiyu Banking Corporation Limited ("Chiyu"), BOC Credit Card (International) Limited ("BOC Credit Card") and Po Sang Securities and Futures Limited ("Po Sang") (each named as "the Company", “we”). e-banking services refers to banking services delivered over the internet, wireless network, ATMs, telephone network or other electronic network, terminals or devices, including but not limited to the Company’s Internet Banking, Mobile Banking, Mobile Application (Mobile App), WeChat official account, Phone Banking, Automated Banking, online services of BOC Credit Card and online securities and futures trading services of Po Sang.

Latest / Important Security Information

  • To safeguard your online banking security, you should access our Internet Banking Services through the Company’s official websites. Please do not login the Internet Banking Services through hyperlinks in any Email, SMS, QR code, search engine, social networking platform or any third-party website or mobile app not authorized by us. For enquiry, please contact us immediately.
  • Before making payment by Mobile Phone No., E-mail Address, Faster Payment Identifier (FPS ID) or QR code, you should verify the details of payment request including the payee name carefully. If you have any doubt, please confirm with the payee in advance.
  • You should ensure that your devices for accessing e-banking services do not being infected by virus or unauthorized accessed by malicious, corruptive or destructive program, for the retrieval, use and change of the password, biometric credential or personal information.
  • You should stay vigilant to anything abnormal when logging into and using e-banking services. (e.g. unusual pop-up screens, unusually slow browser response, multiple requests for password and security code). In case of doubt, you should terminate the operation and contact us immediately.
  • You should notify us for any change of your mobile phone number or email address without delay. You are requested to remain responsible for any unauthorised use of the e-banking services by others before we receive your notification.
  • You should be aware of the obligations in relation to security for e-banking services and following the relevant security measures specified from time to time by us for the protection of customers. You may bear the risk of suffering or incurring any loss if not taking the security measures that we recommend.

 

Online Security Tips and Information

What Have We Done to Protect You

  • We have adopted the 128-bit or above Transport Layer Security ("TLS") encryption to ensure the security of your data during transmission and prevent any unauthorised access by the third party to your data.
  • Our web servers are protected by firewall systems to prevent any unauthorised access to our system.
  • Your login attempts are recorded systematically. In the event of several consecutive login attempts with incorrect password, the related Internet Banking Services will be suspended immediately.
  • Our Internet Banking Services will be automatically disconnected after remaining inactive (i.e. no operational instructions have been received) over a period of time to prevent unauthorised transaction.
  • Our Internet Banking Services (except Po Sang) provide personal customers with “Mobile Token” or “Security Device” as a two-factor authentication tool, while corporate customers are offered a “Security Device” or an e-Certificate as the two-factor authentication tool. This advanced security measure has been adopted to further verify your identity before the “Designated Transactions” or “Designated Investment Transactions” * could be conducted via the Internet Banking Services. For details, please refer to “Two-factor Authentication Tools”.  
  • During each login to Corporate Internet Banking using e-Certificate by corporate customers, our system will verify the identity of the user based on the information of the “e-Certificate”. To apply for an “e-Certificate”. Please contact your account opening branch. To learn more about its usage, please refer to the Certification Practice Statement of Digi-Sign Certification Services Limited at www.dg-sign.com.

Security Certificate

We use Extended Validation ("EV") SSL Certificate to allow you to verify the authenticity of our websites by checking the address bar of your browser. The address bar is green for browsers Microsoft Internet Explorer Version 7 or above which is one of the security features of EV SSL. For browser Microsoft Internet Explorer, you can also check the certification details, including the validity date of the certificate and the following information, by clicking the "security lock" icon at the login page of our Internet Banking Services. Please note that the layouts may be different for different browser versions. For details on the EV SSL Certificate, please refer to the website of Verisign, the issuer of the certificate.  

BOCHK
Domain name issued to: www.bochk100.com
Issued by: DigiCert SHA2 Extended Validation Server CA

BOCHK and Chiyu
Domain name issued to: its.bochk.com
Issued by: DigiCert SHA2 Extended Validation Server CA


Domain name issued to: cib.bochk.com
Issued by: DigiCert SHA2 Extended Validation Server CA

 

Domain name issued to: m.bochk.com
Issued by: DigiCert SHA2 Extended Validation Server CA

   

   

Po Sang

Domain name issued to: trading.posangonline.com
Issued by: DigiCert Global CA G2

Domain name issued to: securities.posangonline.com
Issued by: DigiCert Global CA G2

The system will run a specified Java applet programme on your personal computer when e-Certificate is used as an authentication tool by Corporate Internet Banking customers. For the sake of online security, most of the Internet browsers will create a pop-up window showing the "e-Certificate" signing authority and related authentication information for you to verify the programme.

If you are corporate customers, you are requested to check the following information before logging into Corporate Internet Banking:

  1. Distributed by: "Bank of China (Hong Kong) Limited"
  2. Publisher authenticity verified by: "Thawte Consulting cc"
  3. Security certificate has not expired and is still valid
     

Recommended browsers for minimum security requirements

To ensure your data security, please install any of the browser versions we recommend to log into the Internet Banking Services.

Personal Internet Banking Service
Microsoft Internet Explorer (Version 11 or above)
Mozilla Firefox (Version 45.2 or above)
Apple Safari (Version 8 or above)
Google Chrome (Version 43 or above)


Corporate Internet banking Services
Microsoft Internet Explorer (Version 11 or above)
Mozilla Firefox (Version 45.2 or above)

Information Security Tips

  1. Beware of fraudulent website
    You should be vigilant of any fraudulent websites which seek to pass off as our websites. Unless you are certain that you are connected to our websites, particulars of your Internet Banking Services should not be provided.

     

  2. Fraudulent emails
    Please beware that viruses, Trojan software and hacker programmes can be distributed via emails. Virus like "Worms" can even reproduce and deliver infected emails to the recipients in your address book. Hence, you should not open any unknown or suspicious emails. Instead, you should delete them immediately. Please do not log into Internet Banking Services through hyperlinks or QR Code embedded in any emails or SMS. You should also perform virus scanning before opening any attachment. In addition, you should pay extra care as fraudsters will perpetrate frauds using emails.

    Please do not rely solely on email correspondences for any remittance transaction. You should use other channels (e.g. telephone, fax, etc.) to confirm the transaction and the beneficiary details before completing the remittance.

    Example 1 of fraudulent emails: Commercial email scam

    A fraudster hacked into the email correspondences between a foreign buyer and its service provider over a few months. After getting to know the details of their transaction, the fraudster sent out fictitious emails at an email address very similar to that of the service provider, requesting the foreign buyer to make a remittance to a fraudulent account.

    Example 2 of fraudulent emails: Fraudulent claims of estate

    A fraudster claimed to be a bank staff in an email, inviting the recipient of the email to pretend to be the next-of-kin of a deceased client who has left a huge sum of unclaimed fixed deposit. Upon receiving favourable reply, the fraudster requested the recipient to pay a fee in advance for preparing the necessary documents in order to claim that estate. In the end, the email recipient was deceived.
  3. Man in the Browser Attack
    The suspected Trojan Horse cases have been reported by few corporate customers when they used the Corporate Internet Banking Service. During the login process, a fake webpage was displayed requesting the customers to input their login names and passwords, as well as the one-time transaction confirmation codes https://www.bochk.com/dam/bochk/desktop/top/security_information/tick.jpg generated by their "security devices".

    Please beware that the one-time transaction confirmation code generated by the "Mobile Token" or "security device" is only required for "designated transactions"*. Our Internet Banking login process does not require you to enter the one-time transaction confirmation code .(Please refer to the following login page)

     


    You should install firewall and anti-virus software in your personal computer and keep them up-to-date. You should also avoid visiting or downloading software from suspicious websites, and be wary of opening attachments in emails from unfamiliar sources.
     

    You should access our Internet Banking Services through the Company’s official websites. Please do not login the Internet Banking Services through hyperlinks in any Email, SMS, QR code, search engine, social networking platform or any third-party website or mobile app not authorized by us. For enquiry, please contact us immediately.

     

    Bank Website
    Bank of China (Hong Kong) http://www.bochk.com
    Chiyu Banking Corporation Limited http://www.chiyubank.com



    Personal Internet Banking login
    Input the Internet Banking No. / User Name and password, and press “Login”

     

    Corporate Internet Banking "2FA Login" process* (Not applicable to e-Cert users)
    Please enter Corporate Internet Banking Number / Login Name, User ID, verification code and then press "2FA Login"


    In the "2FA Login" page, please enter Corporate Internet Banking Password and Security Codegenerated by the "security device"

    You can select "Basic Login" for account enquiry

    Mobile Banking login
    Input the Internet Banking No. / Username, password and verification code, and press “Login”

    You may choose to enable Biometric Authentication with Mobile Token to login Mobile Banking via biometric credentials (i.e. Fingerprint, Face ID).


    Login page of Mobile Banking

  4. Your password and personal information should be well protected
    • Upon receipt of your password mailer, please change the password via the Internet Banking Services immediately and destroy the password mailer.
    • Please memorise your password. Do not write or store the password on any of the devices used for the Internet Banking Services or anything which is usually kept with these devices, or record password in any way without covering it.
    • Do not use your name, date of birth, HKID/passport number, telephone or lucky number, or other easy-to-guess numbers or words as your password, and should avoid selecting the same password that you have used for accessing other web services.
    • Do not disclose your Internet Banking Services login information (e.g. user name, password, one-time password or other account details) of your Internet Banking Services to anyone (including bank staff and the police). You should also avoid disclosing your personal information such as HKID/passport number and date of birth to anyone.
    • You should be careful about sharing information in the social networking platform. Please prevent the disclosure of the personal information that could be used to steal your identity (e.g. full name, email address, date of birth, corresponding address or phone number, etc).
    • You should be responsible to take reasonable steps to keep any device (e.g. personal computers, security devices that generate one-time passwords, mobile devices and smart cards that store digital certificates), secret code (e.g. Internet Banking password, passcode and phone banking password), or biometric credential (e.g. Face ID, fingerprint, finger vein and voice) used for accessing Internet Banking Services secure and secret.
    • You will be responsible for all instructions given by you or anyone using your device, secret code, or biometric credential to log in Internet Banking Services.
    • If you have lost or disclosed your password/security device(s), or suspected that your password or security device(s) has/have been used by an unauthorised party, or found any unauthorised transaction(s) associated with your account, please contact us immediately.。
    • We will not request you to enter any numbers to your security device or mobile token to obtain security code. In case of doubt, please do not follow the instructions of the suspicious web page or input any data. Please terminate the operation of Internet Banking Services immediately and contact us immediately.
    • Please change your password regularly.
    • Please carefully examine the transaction details listed in the statement of account, advice and confirmation. In case of any error or suspicious transaction, please notify us immediately.
    • You can conveniently access your transaction records via the Internet Banking Services.
  5.  

     

  6. Protect your personal computer against hackers and viruses
    • Please download and install updates and patches for your operating systems and browsers regularly.
    • Please install firewall systems on your personal computer.
    • Please install anti-virus software on your personal computer. Update the virus definition file and perform virus scanning regularly.
    • Please set a passcode for locking device that is difficult to guess and activate the auto-lock function.
    • Do not download or installing programmes from unreliable sources or opening suspicious files or emails. This helps protect your personal data against hackers' programmes or viruses.
    • If you access our Internet Banking Services via wireless network, please check your network security settings to ensure the network is safe and reliable.

  7. Take precautionary measures while you are using Internet Banking Services
    • Do not access the Internet Banking Services using a shared computer in public places such as cafes or bars with internet access.
    • Only pre-set and access reliable wireless networks for internet connection.
    • Do not log-in the Internet Banking Services through hyperlinks or QR Code embedded in any third-party website or mobile app not authorized by us, emails, SMS, search engines or social network platforms. For enquiry, please contact us immediately.
    • Suggest to close all other internet browsers before accessing Internet Banking Services. Do not open other suspicious internet browsers or visit any other websites while you are using the Internet Banking Services.
    • Make sure no one can see your user name and password when you log into the Internet Banking Services.
    • Please check your last login and logout records every time you use the Internet Banking Services. Please also check your account balance and transaction records regularly. If you discover anything suspicious, please contact us immediately.
    • Click the "logout" button to exit from the system after you have finished all your online transactions. Please always clear the cache and history in your browser after using our online service.
    • If you have adopted secure media to store the “e-Certificates” as the two-factor authentication tool, please remove them from your computer and place them safely after completing your online transactions.
    • Do not leave your computer unattended before logging out the Internet Banking Services.
    • To learn more about other online security measures, please click here.
    • If you act fraudulently or with gross negligence such as failing to properly safeguard your device, secret code or biometric credential for accessing the Internet Banking Services, you will be responsible for any direct loss suffered by you as a result of unauthorised transactions conducted through your account.
    • You will be liable for all losses if you have acted fraudulently. You may also be held liable for all losses if you have acted with gross negligence (this may include cases where you knowingly allow the use by others of your device, secret code or biometric credential) or have failed to inform us as soon as reasonably practicable after you find or believe that your device, secret code or biometric credential for accessing the Internet Banking Services have been compromised, lost or stolen, or that unauthorised transactions have been conducted over your accounts. This may apply if you fail to follow the safeguards set out above if such failure has caused the losses.
       
  8. Dual authorisation for financial transactions (Applicable to customers of Corporate Internet Banking only)
    • To enhance security and ensure the accuracy of transaction details, you are advised to set up dual authorisation for financial transactions to be conducted via Corporate Internet Banking. 

       

 

e-Cheque/e-Cashier's Order (e-CO)

  • e-Cheque/e-CO is issued with Two Factor Authentication and digitally protected by Public Key Infrastructure (“PKI”) technology to ensure the integrity and confidentiality.
  • Customer should be aware for unauthorised usage on e-Cheque/e-CO services. After is using the e-Cheque/e-CO, please check the transaction details in notification (email or SMS).
  • Every e-Cheque/e-CO display the Issuer details:
  • Bank Prepared by
    Bank of China (Hong Kong) Bank Of China (Hong Kong) Limited
    Chiyu Banking Corporation Ltd. Chiyu Banking Corporation Ltd.

  • e-Cheque/e-CO is transmitted through email. Do not open any suspicious email to avoid your computer infected by virus and do not login Internet Banking via hyperlinks or QR Code embedded in any email or SMS. Before opening any attachment in email, please use anti-virus software for scanning the attachment.

Remarks:

Designated transactions:

  • Registration of third-party accounts
  • Issuing e-cheque(s)/e-cashier's order(s)
  • Payment of bills
  • Increase transaction limit
  • Other high-risk transactions

 

Designated investment transactions:

  • Securities / Securities Margin in different markets

    • Trading
    • Monthly Stocks Savings Plan
    • eIPO – Subscription / Financing

  • Debt Securities / Certificates of Deposit

    • IPO
    • Buy / Sell

  • Funds

    • Subscribe
    • Redeem / Switch
    • Monthly Funds Savings Plan

  • Precious Metal/FX Margin

    • Market Order
    • Good-Till-Date Order (include Trading/Delete)

  • Precious Metal Passbook

    • Trading

  • Structured Investments

    • Application

  • Investment Deposit

    • Application

  • Currency Linked Investments

    • Open Dual Currency Investment
    • Open Option Linked Investment
    • Squaring Contract

Security tips for Mobile Banking and WeChat official account

Security tips for Mobile Banking

How to download Personal Mobile Banking Apps?

  • Personal Mobile Banking provides various banking and securities services. You can:
    • BOCHK - search “BOCHK > More > e-Banking Service > BOCHK Mobile Application”to download the Apps;
    • Chiyu - search “Main Page > Personal Banking > Personal Mobile  Banking” to download the Apps;
    • Search“BOCHK”(Bank of China (Hong Kong)) or “Chiyu Bank”(Chiyu Banking Corporation Limited) for free download of the Apps through the online App stores (Google Play and App Store).

If there are suspicious App for downloading, please do not login and stop proceeding the download immediately.

  • To ensure the search wording is correct and prevent from downloading any counterfeit Apps which is attached with phishing program / Trojan to steal the login information.
  • Do not reproduce and install any suspicious Apps on your mobile device.
  • If there is any abnormal operation, e.g. suspicious pop up pages or a delay login, please stop the login immediately.

 

Is Mobile Banking secure?

  • Company's website is protected with strong encryption (128-bit SSL). Access is protected by personalised user name and password. The system is protected from duplicate access, i.e. customers cannot log into the system at the same time using different mobile phones or computers. The session will be automatically disconnected after remaining inactive over a period of time to prevent unauthorised transaction.


How can I access and log into Mobile Banking?

  • Please download BOCHK mobile applications from official application stores or BOCHK website, open the mobile application and click to login Mobile Banking. Details
  • You can also visit the following URLs with the browser in your mobile handset and log into the Mobile Banking using your relevant Internet Banking number/user name and password.
Bank Mobile Banking URLs
Bank of China (Hong Kong) https://m.bochk.com
Chiyu Banking Corporation Limited https://m.chiyubank.com

 

Have you obtained any security certification for your Mobile Banking? 

  • We have obtained the certificate issued by VeriSign, "m.bochk.com, Bank of China (Hong Kong) Ltd" for our Mobile Banking. 


What should I be aware of when using Mobile Banking? 

  • Do not save or keep your password in a browser, and disable the "Auto-Complete" feature to prevent any third party from unauthorised access to your login information via the browser.
  • Avoid logging into the Mobile Banking via wireless network (i.e. Wi-Fi) which is public or without password setting. We advise using encrypted and reliable mobile internet connection.
  • Activate the auto-lock function of your mobile device and avoid logging into Mobile Banking in a crowded area and be careful when entering your password via specific mobile device. The format of password may be enlarged with clear display. It would indirectly disclose your login information to other people.
  • Disable any wireless network functions (e.g. Wi-Fi, Bluetooth, NFC) or Payment Apps not in use. Choose encrypted networks when using Wi-Fi and disable Wi-Fi auto-connection settings.
  • Avoid using the mobile device from other to login Mobile Banking and sharing your mobile device with others.
  • It is recommended to setup firewall and install anti-virus software / mobile security App in your mobile device and update regularly. You can visit HKCERT website for reference: https://www.hkcert.org/mobile-security-tools, to select the appropriate Apps.
  • To protect your online transactions, we will check whether your mobile device is jailbroken or rooted and with recommended operating systems for minimum security requirements upon using of the Bank's Mobile App. Customer may not be allowed to access the Mobile Banking via such device. Please pay attention to the reminder.
  • Please check your last login and logout records every time you use our Mobile Banking. You should also check your account balance and transaction records regularly. If there are suspicious transactions, please contact us immediately.
  • You should ensure proper protection of your password and personal information and hold accountability of this:
  • Please download and install the latest version of the Bank's Mobile App, other Mobile Apps, operating systems and browsers regularly in the official App stores (Google Play and App Store) or our website. Do not install Mobile Apps from mistrusted sources. If there is any suspicious App, please do not download, login and should stop operation immediately.

What should I be aware of when using Biometric Authentication service?

  • Upon the successful registration of the “Biometric Authentication” service on your mobile phone, any fingerprint(s) or Face ID that is / are stored on your mobile phone can be used for the purpose of the “Biometric Authentication” service. You must ensure that only your fingerprint(s) or Face ID is /are stored on your mobile phone to access the device, and ensure the security of the security codes as well as the password or code that you can use to store your fingerprint(s) or Face ID and register the “Biometric Authentication” service on your mobile phone. For security reasons, do not register fingerprint(s) or Face ID of other person(s) on your mobile phone or use jailbroken or rooted mobile phone.
  • You can cancel the “Biometric Authentication” service by disabling the option of "Enable Biometric Authentication Login and Use Mobile Token" via "Setting > Mobile Token Setting" after login Mobile Banking or contacting our customer service hotline or accessing any of our branches to "suspend mobile token". Please note that after you cancel the “Biometric Authentication” service, your fingerprint(s) or Face ID will be continuously stored on your designated mobile device. You may consider cancelling the data at your own decision.
  • If your fingerprint or Face ID record of your designated mobile device has been changed or the “Biometric Authentication” service has not been used for a specified period of time (which shall be defined by the Bank from time to time), your “Biometric Authentication” service will be suspended. You are required to re-register or re-activate the “Biometric Authentication” service.
  • You must not use “Biometric Authentication” if you have reasonable belief that other people may share identical or very similar biometric credential(s) of you or your biometric credential(s) can be easily compromised. For instance, you must not use facial recognition for authentication purpose if you have identical twin or triplet sibling(s).
  • You must not use “Biometric Authentication” if the relevant biometric credential(s) of you are or will be undergoing rapid development or change. For instance, you must not use facial recognition for authentication purpose if you are an adolescent with facial features undergoing rapid development.
  • You will use all reasonable care to keep your mobile phone secure. You will notify us as soon as reasonably practicable if you find or believe that your mobile phone has been lost or stolen or that any unauthorised transactions have occurred.

What if there is an incoming call or weak signal when I am placing an instruction? How can I ensure the instruction has been submitted?

  • If your instruction has been successfully submitted and executed, a transaction reference number will be displayed on the webpage of the Mobile Banking. You can also check the last ten transaction records as to whether the instruction has been successfully submitted and executed.
     

Do I need to close the web browser after logging out Mobile Banking?

  • You are advised to close the web browser after logging out and delete the temporarily saved and past historical records on a regular basis.

Security tips for WeChat official account

In order to ensure the services and information are provided by our company, please refer to the following registered WeChat ID when searching for the WeChat official accounts. Please do not disclose your personal and account information to any unauthorised WeChat account(s). Should you have any queries, please contact the company’s staff immediately.

The company has registered the following WeChat ID:

Bank Name WeChat ID
Bank of China (Hong Kong) Limited “BOCHK” BOCHK_Banking
BOCHK_CC
BOCHKresearch
BOCHK_SEA
Chiyu Banking Corporation Limited “Chiyu” Chiyu_Bank

Points to note when using WeChat official account?

  • When performing account binding, user is required to set up a 8-digit “WeChat password” of which three or more consecutive numbers and “12345678” are not accepted. User should take necessary prudential measures to safeguard your password, please do not disclose your password to anyone (including the company’s staff).
  • Please do not access WeChat official account via hyperlinks or QR Code embedded in any emails or SMS.
  • Please do not input personal sensitive information into WeChat dialogue box. The company will not ask user to provide account number, password and personal information via WeChat dialogue box.
  • For more details of account binding, please input "Account Binding Service Directory" into WeChat dialogue box for enquiry.
  • For enquiry, security issues report and unbinding account request, please call:BOCHK Personal Customer Service Hotline +852 3988 2388, Chiyu +852 2232 3625.
  • To ensure customer data security, the recommended operating systems and browsers are as follows:
    • iOS 8.2 or above (Default browser), WeChat 6.3.18 or above
    • Android 5.0 or above (Default browser), WeChat 6.3.18 or above
  • Please download and install updates and patches for your Apps, operating systems and browsers regularly.

ATM

Security Tips for ATM Card

Protecting your ATM card and PIN

  • Please keep your BOC ATM Card in a safe place, destroy the original printed copy of the PIN and memorise your PIN and change it regularly.
  • Not to write down or record the PIN without disguising it.
  • Please avoid writing down the PIN on the BOC ATM Card or on anything usually kept with or near it.
  • For security reasons, you are advised not to use your identity card number, date of birth, telephone number, commonly used combinations of numbers (e.g. 123456) or other easy-to-guess numbers as your PIN. You are also advised not to use the same PIN to access other services, including internet banking or other websites.
  • Please do not allow anyone else to use your BOC ATM Card or PIN.
  • Please note that the police and bank staff will never ask you for the PIN. Do not disclose your PIN to anyone under any circumstances.
  • Before using an ATM, please check if the keypad cover is abnormal (has been removed or installed with imaging facility), also if there are any suspicious devices near the card slot and keypad. If you notice anything suspicious, please notify the related bank immediately.
  • Please cover the keypad with your hand when entering your PIN at ATM or Point-of-Sale devices and make sure no one is looking over your shoulder or standing next to you.
  • The Bank will send you security messages by either text messaging or other form of alert under certain circumstances. Please check once received.
  • You should promptly report any notice or suspicion loss, theft, disclosure or unauthorised use of your BOC ATM Card and/or PIN by calling our 24-hour BOC ATM Card Service Hotline at (852) 2691 2323, NCB ATM Card 24-hour Customer Service Hotline at (852) 2616 6266, Chiyu ATM Card 24-hour Customer Service Hotline at (852) 2232 3233.

Exercise Care at ATM Withdrawals

  • Please avoid being distracted when withdrawing cash so as not to leave banknotes and your BOC ATM Card at an ATM unattended or uncollected. Print a receipt for record and count the banknotes immediately after each cash withdrawal.
  • Do not remove from an ATM dispenser any uncollected banknotes and BOC ATM Card at the card insertion slot left behind by a previous user. The banknotes and BOC ATM Card will be automatically retrieved by the machine after a designated period of time.

Safe Use of Overseas ATMs

  • To use your BOC ATM Card to withdraw cash from an overseas ATM on the “UnionPay” network will incur a handling fee of HKD / RMB 15 for each such cash withdrawal. Please visit “UnionPay” website www.unionpayintl.com/hk/ to find out more about overseas ATM locations and if ATM network(s) in your intended overseas destination can provide the cash withdrawal service you require.
  • The overseas ATM daily withdrawal limit of each BOC ATM Card is preset at ‘zero’ HKD to improve its security. You must therefore activate the ATM cash withdrawal function in advance and before you leave Hong Kong by setting the daily withdrawal limit and the validity period through the relevant designated channels to enable you to enjoy cash withdrawal service outside Hong Kong. Designated channels are:
    • Internet Banking
    • Mobile Banking
    • Bank ATMs
    • 24-hour BOC ATM Card Service Hotline (852) 2691 2323, NCB ATM Card 24-hour Customer Service Hotline (852) 2616 6266, Chiyu ATM Card 24-hour Customer Service Hotline at (852) 2232 3233

Please visit Note of Overseas ATM Cash Withdrawals Limit Setting for details.



The normal card slot of an ATM

An unusual card reader installed at the card slot

 

Two Factor Authentication

Two-factor Authentication Tools

To enhance the online security level, the Internet Banking Service of the Company (except Po Sang) provides customers with a comprehensive range of two-factor authentication tools to safeguard the designated transactions and designated investment transactions* performed by customers via Internet Banking / Mobile Banking.

Types of Two-factor Authentication Tools:

“Mobile Token”

Mobile Token is a built-in function of BOCHK Mobile Banking. Once the Mobile Token is activated, you will be spared the hassle of carrying a separate physical Security Device to truly enjoy convenient and secure banking.

Upon activating the Mobile Token on compatible mobile devices, you can confirm designated Mobile Banking transactions or designated investment transactions* via the preset Mobile Token passcode or using Biometric Authentication. In addition, you can also confirm designated Internet Banking transactions or designated investment transactions* by generating a one-time Security Code/ Transaction Confirmation Code via the Mobile Token.

Features:

More convenient

Free from the hassle of carrying a separate physical Security Device
More simple

Confirm various transactions, such as third-party fund transfer, investment transactions, and more
More secure

  • Biometric Authentication (Fingerprint/ Face ID)
  • Preset Mobile Token passcode to enable the Mobile Token

 

Biometric Authentication

You can register Biometric Authentication (Fingerprint Authentication or Face ID Authentication) on your mobile device for the following services when you activate the Mobile Token on Mobile Banking:

  • Login to Mobile Banking
  • Enable the Mobile Token to confirm designated Mobile Banking transactions or designated investment transactions*
  • Enable the Mobile Token to generate a one-time Security Code/ Transaction Confirmation Code to confirm designated Internet Banking transactions or designated investment transactions*

 

Activating the Mobile Token

 

Operating system requirements and compatible mobile devices:

 

Operating System
iOS Android
Mobile Token iOS 9.0 or above



  • Fingerprint Authentication (iPhone 5s or higher)
  • Face ID Authentication (iPhone X,iOS 11.0 or above)
Samsung, Huawei, Xiaomi, LG, Sony, HTC, Nokia, Asus and Vivo mobile phones with Android 6.0 or above

  • Fingerprint Authentication (Depending on the availability of fingerprint recognition function of the device)

 

Download Mobile Banking:

Please download BOCHK Mobile Banking now to activate the Mobile Token


BOCHK Mobile App provides you with one-stop banking and investment services, as well as the latest financial information, helping you manage your wealth flexibly.

Download now
 

Android application package**
Version: 6.1.5
Updated on: 3 March 2019

 

Points to Note for “Mobile Token”:

  • For security reasons, customer can only activate “Mobile Token” on one mobile phone
  • Upon successfully activation of “Mobile Token”, the “Security Device” (if any) will be suspended. For reactivation of “Security Device”, customers are required to suspend the “Mobile Token” on your mobile phone.
  • Please keep your mobile phone that has activated “Mobile Token” function in a safe and secure place. In case of loss or damage, please suspend the “Mobile Token” and contact our staff members immediately.

Remarks:

  • Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Android, Google Play, and the Google Play logo are trademarks of Google Inc.

 

“Security Device”

Personal Internet Banking customers (except BOC Credit Card and Po Sang) can visit any of our branches to apply for “Security Device”. Corporate Internet Banking primary users can apply “Security Device” through Corporate Internet Banking or submit application form to any of our branches.

 

Points to Note for “Security Device”:

  • Upon receipt of the "Security Device", please log into the Internet Banking immediately and follow the instructions to activate the "Security Device".
  • Please keep your "Security Device" in a safe and secure place. Do not allow anyone to use your "Security Device" or leave it unattended. In case of loss or damage, please contact our staff members immediately.

 

“e-Certificate”

Corporate Internet Banking customers can apply for “e-Certificate” as the two-factor authentication tool by submitting the application form to any of our branches. Upon completion of application, “e-Certificate” will be mailed to the registered correspondence address of the customers.

 

“SMS One-Time Password”

Personal Internet Banking customers can receive a SMS one-time password through the customers’ registered mobile phone number to conduct designated investment transactions*.

 

Remarks:

Designated transactions:

  • Registration of third-party accounts
  • Issuing e-cheque(s)/e-cashier's order(s)
  • Payment of bills
  • Increase transaction limit
  • Other high-risk transactions

 

Designated investment transactions:

  • Securities / Securities Margin in different markets

    • Trading
    • Monthly Stocks Savings Plan
    • eIPO – Subscription / Financing

  • Debt Securities / Certificates of Deposit

    • IPO
    • Buy / Sell

  • Funds

    • Subscribe
    • Redeem / Switch
    • Monthly Funds Savings Plan

  • Precious Metal/FX Margin

    • Market Order
    • Good-Till-Date Order (include Trading/Delete)

  • Precious Metal Passbook

    • Trading

  • Structured Investments

    • Application

  • Investment Deposit

    • Application

  • Currency Linked Investments

    • Open Dual Currency Investment
    • Open Option Linked Investment
    • Squaring Contract

Contact Us

BOCHK Enquiry Hotlines and Website

  • Personal Customer Service Hotline at (852) 3988 2388
  • 24-hour ATM Service Hotline at (852) 2691 2323
  • BOCHK Internet Banking Hotline at (852) 3988 2388
  • CBS Online Hotline at (852) 3988 2288
  • BOCHK Financial Institutions Online Hotline at (852) 3988 2288
  • Website www.bochk.com

Chiyu Enquiry Hotlines and Website

  • Customer Service Hotline at (852) 2232 3625
  • Internet Banking Hotline at (852) 2232 3625
  • Corporate Internet Banking Hotline at (852) 2840 1600
  • Website www.chiyubank.com
  • Enquiry Hotlines for the Internet Banking in the Mainland of China
     
    • Fuzhou Branch (86 591) 87852821
    • Xiamen Branch (86 592) 5890277
    • Xiamen Jimei Sub-Branch (86 592) 6193300
    • Guanyinshan Sub-Branch (86 592) 5990520

NCB Enquiry Hotlines and Website

  • Customer Service Hotline at (852) 2622 2633
  • Internet Banking Hotline at (852) 2622 2633
  • Corporate Internet Banking Hotline at (852) 2622 2633
  • Website  www.ncb.com.hk

 

BOC Credit Card Hotline and Website

  • 24-hour Customer Service Hotline at (852) 2853 8828
  • Website www.boci.com.hk

Po Sang Contact Details and Website

Central Office

  • 7/F, Bank of China Building, 2A Des Voeux Road Central, Hong Kong

Central (Wing On) Branch

  • 1/F, Wing On House, 71 Des Voeux Road Central, Hong Kong

Mei Foo Branch

  • Shop No 50A G/F, Mei Foo Sun Chuen, 19 Glee Path ,Lai Chi Kok, Kowloon

Yuen Long Branch

  • 4F, BOC Yuen Long Commercial Centre, 102-108 Castle Peak Road, Yuen Long, New Territories, Hong Kong

Tai Po Branch

  • Shop 9 on Level 2, Jade Plaza, 3 On Chee Road, Tai Po, New Territories

 

Customer Service Hotline (852) 2160 8148 (Securities)
(852) 2160 8160 (Futures)
Fax (852) 2905 1909
Website www.posangonline.com
Email psf_cs@bochk.com

FAQ

What is 128-bit SSL encryption?

Our Internet Services have adopted 128-bit SSL encryption, one of the online security standards for commercial application. All data transmitted via the Internet Services are protected by this technology to ensure data security.

 

What precautions should I take when I set up my password?

  • Do not use your date of birth, HKID / passport number, telephone number or any combinations of your English name as your password.
  • Do not use 3 or more consecutive identical alphabets or digits, e.g. "333", "bbb" etc.
  • Do not use sequential alphabets or digits, e.g. "123", "abc, etc.
  • Do not use your user name / login ID as your password.

     

How often should I change my password?

You are advised to change your password regularly. If you have not changed your password over certain period of time, our system will remind you automatically.

 

How can I protect my personal information?

You may be asked to provide personal information (such as your HKID / passport number and date of birth) as additional identity verification when you use the internet banking service. Be vigilant and do not casually disclose your personal information to anyone. You should also keep documents (such as letters and bank statements) which carry your personal information in a proper and secured manner.

 

Why should I update my operating systems and browsers regularly?

It helps to fix security problems of the operating systems or web browsers if you update and download "patches" provided by software vendors regularly. This helps to prevent your computer from virus attacks or unauthorised access from hackers.

 

How can I set up the security settings of Wireless LAN?

  • Do not place the Access Point (“AP”) too close to doors and windows to avoid data captured and decrypted by any third party.
  • Take appropriate security measures to protect the Wireless LAN. Do not disclose the security setting of your wireless network to any third party.

     

Precautionary measures for using internet?

  • Encrypt your data if you have to keep your personal information in an electronic storage medium to prevent unauthorised access or use by third parties.
  • Do not save or keep your password in your browser and disable the "Auto-Complete" setting to prevent third parties from accessing your information via the browser.
  • Disable the "File and Printer Sharing" function of the Windows system and set up proper access permissions of your computer to prevent unauthorised access to your data by third parties via the network.
  • Do not download or install illegal or unknown softwares to prevent infection from computer virus or Trojan programmes. Remember to scan for virus  before opening any files from external sources.

     

 Where can I obtain more information on precautionary measures for Internet Banking and ATM Services?