Two Factor Authentication

Two-factor Authentication Tools

To enhance the online security level, the Company (except Po Sang) provides customers with a comprehensive range of two-factor authentication tools to safeguard the designated transactions and designated investment transactions* performed by customers via Internet/Mobile Banking. 

Types of Two-factor Authentication Tools:

“Mobile Token”

“Mobile Token” is a built-in function of BOCHK Mobile Banking. Once the “Mobile Token” is activated, you will be spared the hassle of carrying a separate physical “Security Device” to truly enjoy convenient and secure banking.

Upon activating the “Mobile Token” on compatible mobile device, you can confirm designated Mobile Banking transactions or designated investment transactions* via the preset passcode or using “Biometric Authentication”. In addition, you can also confirm designated Internet Banking transactions or designated investment transactions* by generating a one-time “Security Code”/“Transaction Confirmation Code” via the “Mobile Token”.

Features:

More convenient

Free from the hassle of carrying a separate physical "Security Device"
More simple

Confirm various transactions, such as third-party fund transfer, investment transactions, and more
More secure

  • Use “Biometric Authentication” (Fingerprint/Face ID) or
  • Preset passcode to enable the Mobile Token

 

Biometric Authentication

You can register “Biometric Authentication” (e.g. Fingerprint, Face ID) on your mobile device for the following services when you activate the “Mobile Token”:

  • Log in Mobile Banking
  • Enable the “Mobile Token” to confirm designated Mobile Banking transactions or designated investment transactions*
  • Enable the “Mobile Token” to generate a one-time “Security Code”/“Transaction Confirmation Code” to confirm designated Internet Banking transactions or designated investment transactions*

 

Activating the Mobile Token

Personal Customers:

1. Select “Mobile Token” icon on the homepage 2. Select “Activate” 3. Log in to Mobile Banking
4. Register “Biometric Authentication” (Option to register later) 5. Set up “Mobile Token” Passcode 6. You will receive an “SMS One-Time Password” (OTP) from the mobile phone number registered with the Bank, input the OTP to complete the activation

 

Corporate Customers:

1. Select “Mobile Token” icon on the homepage 2. Log in Mobile Banking 3. Select “Activate”
4. Register “Biometric Authentication” (Option to register later) 5. Set up “Mobile Token” Passcode 6. Input “Security Device” one-time “Security Code”
7. You will receive an “SMS One-Time Password” (OTP) from the mobile phone number registered with the Bank, input the OTP to complete the activation    
   

 

Operating system requirements and compatible mobile device:

Mobile Token iOS Android
Operating System Personal Customers Corporate Customers Personal Customers Corporate Customers
iOS 10.0 or above iOS 11.0 or above Android 6.0 or above Android 7.0 or above

Support Samsung, Huawei, Xiaomi, LG, Sony, Google, Nokia, Asus, Oppo*, HTC and Vivo mobile devices

* Only applicable to the below Oppo devices:

  • Reno 10X Zoom Overseas Version (CPH1919)
  • Reno Z Overseas Version (CPH1979)
  • F11 Overseas Version (CPH1911)
  • Reno 10X Mainland Version (PCCM00)
  • Reno 2 Mainland Version (PCKM00)
  • Reno Mainland Version (PCAM00)
  • A11x Mainland Version (PCHM30)
  • A9 Mainland Version (PCAM10)
Biometric Authentication
  • Fingerprint (iPhone 5s or higher)

  • Face ID (iPhone X,iOS 11.0 or above)

  • Fingerprint (Depending on the availability of fingerprint recognition function of the mobile device)

 

Download Mobile Banking:

Please download BOCHK Mobile Banking now to activate the "Mobile Token"


BOCHK Mobile App provides you with one-stop banking and investment services, as well as the latest financial information, helping you manage your wealth flexibly.

Download now
                   Android users
iOS users         Android users    (If unable to access Google Play)
  
                   Version: 6.2.9
                   Updated on: 7 June 2020

 

Points to Note for “Mobile Token”:

  • For security reasons, customer can only activate “Mobile Token” on one mobile device.
  • For personal customers, upon successfully activation of “Mobile Token”, the “Security Device” (if any) will be suspended. For reactivation of “Security Device”, customers are required to suspend the “Mobile Token” on your mobile device.
  • Corporate customers can hold both “Mobile Token” and “Security Device” at the same time.
  • Please keep your mobile device that has activated “Mobile Token” function in a safe and secure place. In case of loss or damage, please suspend the “Mobile Token” and contact us immediately.

Remarks:

  • Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Android, Google Play, and the Google Play logo are trademarks of Google Inc.

 

“Security Device”

Personal customers (except BOC Credit Card and Po Sang) can visit any of our branches to apply for “Security Device”. Primary Users of corporate customers can apply by submitting application form to any of our branches, or apply for Delegated Users through Corporate Internet Banking. "Security Device" with audio capability is also provided for the convenience of the visually impaired using Internet/Mobile Banking.

 

Points to Note for “Security Device”:

  • Upon receipt of the "Security Device", please log into the Internet Banking immediately and follow the instructions to activate the "Security Device".
  • Please keep your "Security Device" in a safe and secure place. Do not allow anyone to use your "Security Device" or leave it unattended. In case of loss or damage, please contact us immediately.

 

“e-Certificate”

Corporate customers can apply for “e-Certificate” as the two-factor authentication tool by submitting the application form to any of our branches. Upon completion of application, “e-Certificate” will be mailed to the registered correspondence address of the customers.

Below are the reminding notes for keeping your “e-Certificate” safe:

1. DO NOT disclose the passphrase to anyone (including BOCHK staff).

2. Change the passphrase of “e-Certificate” periodically.

3. Keep the “e-Certificate” in a safe place by a designated person/party to prevent unauthorized use of the device(s).

4. Keep the “e-Certificate” and the passphrase by different persons/parties.

5. Ensure the “e-Certificate” is completely unplugged/loaded off from your file transmission system after connection and keep in a safe place. DO NOT leave the “e-Certificate” unattended

6. Keep the system connect with terminal (e.g. iGTB CONNECT terminal) in a secure and safe place as well as to prevent unauthorized use.

7. If “e-Certificate” lost or suspects for any unauthorized use, please contact us immediately.

 

“SMS One-Time Password”

Personal customers can receive a “SMS One-Time Password” through the customers’ registered mobile phone number to conduct designated investment transactions*.

 

Remarks:

Designated transactions:

  • Registration of third-party accounts
  • Issuing e-cheque(s)/e-cashier's order(s)
  • Payment of bills
  • Increase transaction limit
  • Other high-risk transactions

 

Designated investment transactions:

  • Securities / Securities Margin in different markets

    • Trading
    • Monthly Stocks Savings Plan
    • eIPO – Subscription / Financing

  • Debt Securities / Certificates of Deposit

    • IPO
    • Buy / Sell

  • Funds

    • Subscribe
    • Redeem / Switch
    • Monthly Funds Savings Plan

  • Precious Metal/FX Margin

    • Market Order
    • Good-Till-Date Order (include Trading/Delete)

  • Precious Metal Passbook

    • Trading

  • Structured Investments

    • Application

  • Investment Deposit

    • Application

  • Currency Linked Investments

    • Open Dual Currency Investment
    • Open Option Linked Investment
    • Squaring Contract