Security Information
This webpage sets out the security information of the electronic banking ("e-banking") services offered by Bank of China (Hong Kong) Limited ("BOCHK") and BOC Credit Card (International) Limited ("BOC Credit Card")(each named as "the Company", " we"). E-banking services refers to banking services delivered over the internet, wireless network, ATMs, telephone network or other electronic network, terminals or devices, including but not limited to the Company’s Internet Banking, Mobile Banking, Mobile Application, WeChat official account, Phone Banking, Automated Banking and online services of BOC Credit Card.
Latest Security Information: Beware of Mobile Device Malware Scams
- You should download BOCHK Mobile Banking (Personal and Corporate) and BoC Pay mobile application from official application stores or BOCHK official website.
- You should only download and install mobile applications provided by trusted and verified developers from official application stores, and should not download any mobile applications from unknown sources.
- Evaluate permissions requested from mobile applications carefully before installation, if suspicious permission rights are required, do not install the mobile application.
- Use the latest versions of operating system, mobile applications and browser.
- Do not jailbreak or root your mobile devices.
- Do not click on any hyperlinks from suspicious SMS messages, email, attachments, websites, social media pages/posts or unknown sources, download any attached files or scan any QR codes provided on those messages.
- Maintain proper configuration of mobile devices and do not allow installation of mobile applications from unknown sources.
- You should ensure that your devices for accessing e-banking services do not being infected by virus or unauthorised accessed by malicious, corruptive or destructive program, for the retrieval, use and change of the password, Biometric Authentication (e.g. fingerprint, Face ID) or personal information.
- Do not use applications from unknown sources under any circumstances. Do not visit suspicious websites or downloading any files from them.
- For other mobile banking security information, please refer to the following hyperlink:
https://www.bochk.com/en/security/mobile.html - If there is any question about the above malware scam information, please contact the Company's Customer Service Hotline at (852) 3988 2388.
- Please refer to the following hyperlink for The Hong Kong Association of Banks “Enhancement on security measures to safeguard customers against malware scams” information:
https://www.hkab.org.hk/en/news/press-release/292
Other Important Online Security Information: Protect your Personal Digital Keys, Beware of Fraudulent Links!
Internet banking account and personal information, Internet Banking login credentials, including Internet Banking number, usernames, login passwords and one-time passwords (OTPs), are as important in the digital world as the keys to your home, and should be properly safeguarded.
- Before inputting OTP as the transaction authorization for any online transaction (including credit card transaction), you should verify the details of transaction request carefully, such as merchant name, transaction type, amount and currency, in order to confirm these are actually referring to the intended transaction. Do not enter your OTP recklessly. If you have any enquiry, please contact us immediately.
- Ensure the website is genuine and reliable before inputting any information or conducting transaction.
- We will never ask for any sensitive personal information such as bank/ credit card/ investment/ insurance/ MPF account details, credit card number/security code, Internet Banking user name, login passwords and OTPs through phone calls, emails or instant electronic messages (e.g. SMS, WhatsApp, WeChat, etc). We will never request customers to provide any personal information through social media posts. To avoid being scammed, the Company advises the general public to remain vigilant and always verify the authenticity of social media posts. We will never send SMS or email messages with embedded hyperlinks, QR codes or attachments directing customers to the Company’s website or mobile applications to carry out transactions, or contact you via telephone voice messages. Please contact us immediately if you receive such request. If you receive any suspicious SMS or email messages with embedded hyperlinks purportedly to be from the Company requesting you to input any personal information, you should be vigilant and think twice. In case of doubt, please contact the Company's Customer Service Hotline at (852) 3988 2388.
- To safeguard your online banking security, you should access Internet Banking through the Company’s official website. Please do not log in Internet Banking through hyperlinks in any email, SMS, QR code, search engine, social networking platform or any third-party website or mobile application not authorised by us. In case of doubt, please stop the operation and do not input any data. Please close the window, delete the application. For enquiry, please contact us immediately.
- Before making payment by Mobile Phone No., E-mail Address, Faster Payment Identifier (FPS ID) or QR code, you should verify the details of payment request carefully, including the payee name. If you have any doubt, please confirm with the payee in advance.
- Do not use unknown Wi-Fi or public computers to access Internet Banking services.
- Please be reminded to stay vigilant to anything abnormal when logging in Internet Banking. In case of doubt, do not follow the instructions of the suspicious web page or input any data. You are advised to close the window and contact us immediately.
- It is recommended to setup firewall and install anti-virus software / mobile security App in your mobile devices and update regularly. You can visit HKCERT website for reference: https://www.hkcert.org/resources/security-tools, to select the appropriate Apps.
- Review transactions record of BOC credit cards and BOC cards frequently through internet banking, mobile banking or statements to check if there is any suspicious or unauthorized transaction.
- You should notify us for any change of your mobile phone number or email address without delay. You are requested to remain responsible for any unauthorised use of the e-banking services by others before we receive your notification.
- You should be aware of the obligations in relation to security for e-banking services and following the relevant security measures specified from time to time by us for the protection of customers. You may bear the risk of suffering or incurring any loss if not taking the security measures that we recommend.
Please refer to the following hyperlinks for Hong Kong Monetary Authority anti-deception information:
https://www.youtube.com/watch?v=qnj4HSGG0Vs (30-second version)
https://www.youtube.com/watch?v=EH3i6u6fD8g (Full version)
Starting from 28 January 2024, BOCHK has been using "Registered SMS Sender IDs": #BOCHK、#BOCHK_TXN or #BOCHK_CC to send SMS messages to customers’ registered mobile phone numbers.
BOCHK will continue to send "SMS messages of which receiving parties are expected to reply to the senders via phone numbers" or two-way alert SMS messages through any of the following phone numbers: +852 622649931110 or +852 645063570006 to customers’ registered mobile phone numbers when necessary, inviting you to reply whether you have logged in/made the transaction.
Please refer to the following e-Leaflet for Communications Authority information:
https://www.ofca.gov.hk/filemanager/ofca/Publicity/en/upload/65/SSRS_leaflet_Final_E.pdf