Two Factor Authentication

Two-factor Authentication Tools

To enhance online security, the Internet Banking Service of Company (except Po Sang) provides personal customers with a "Security Device" as the two-factor authentication tool. With effect from 2 December 2012, personal customers are required to use the "Security Device" to conduct online Designated Transactions. Application for the "Security Device" can be made through our Internet Banking or at any of our branches. Upon receipt of customers' application, we will send the "Security Device" to customers' registered correspondence address.

In addition, corporate customers (except BOC Credit Card and Po Sang) can apply the "Security Device" through Internet Banking or at any of our branches. Customers can choose either "Security Device" or "e-Certificate" as their two-factor authentication tool.

Please be reminded of the following when you use the "Security Device":

"Security Device"

  • You are required to register your mobile number and activate the two-factor authentication function before applying for a "Security Device". Please visit any of our branches to complete the procedures.
  • Upon receipt of the "Security Device", please log into the Internet Banking immediately and follow our online instructions to activate the "Security Device".
  • No extra software / driver or authorisation code generated by a third party is required.
  • Customers can choose to log into the Internet Banking by entering a one-time Security Code generated by the "Security Device" to enjoy extra protection for banking online.
  • Customers are required to enter specific transaction information (e.g. registered account number) into the "Security Device" to generate a one-time Transaction Confirmation Code for Designated Transactions.
  • Please keep your "Security Device" in a safe and secure place. You should not allow anyone to use your "Security Device" or leave it unattended. In case of loss or damage, please contact our staff immediately.

How does the "Security Device" work?

  • Each "Security Device" contains a unique serial number, internal information and a clock. Once the "Security Device" is activated, the internal clock will synchronise with our system. When you press the button on the "Security Device", a one-time Security Code will be generated according to the information and clock inside the Device. The Code, for verifying the identity of customers, is valid within a short time interval. If the time permitted for the entry of the Security Code expires, you have to press the button again to generate another Security Code.

Is there any charge for the "Security Device"?

  • Personal customers will be provided with the "Security Device" free of charge.
  • Each CBS Online account will be provided with a "Security Device" free of charge.

How do I use the "Security Device"?

  • Different Security Codes will be generated by the "Security Device" depending on the nature of transactions. Customers should follow online instructions to complete authentication procedures.
    1. When logging into the Internet Banking or performing general transactions, you should press the button at the bottom right hand side of the "Security Device". A 6-digit Security Code will be displayed on the LCD screen of the "Security Device". The Security Code, valid within a short time interval, is for one-time use only.
    2. When performing "Designed Transactions", you should press the button at the bottom left hand side of the "Security Device" and enter the digits highlighted in RED online into the number keys of the Device. After you have input the required information, please press the left button at the bottom again. A 6-digit Transaction Confirmation Code will be displayed on the LCD screen of the "Security Device". The Transaction Confirmation Code, valid within a short time interval, is for one-time use only.

I have entered the "Security Code" or "Transaction Confirmation Code" into Internet Banking, but my transaction instruction cannot be verified. Why?

  • Your transaction instruction may not be verified by Internet Banking due to the following reasons:
    • Entry of incorrect code
    • The time permitted for entry of the code has expired
    • The "Security Device" has been hit or exposed to heat, old or wet conditions or magnetic fields
  • Please follow our online instruction and enter a valid "Security Code" or "Transaction Confirmation Code". If your transaction instruction still cannot be verified, please contact our staff to reset the status of your "Security Device".
  • In case the verification process is still not successful after resetting of the device‚Äôs status, a replacement Customers can replace a "Security Device" and it will be free of charge.

What if the message "BATT" is displayed on the LCD screen?

  • "BATT" means that the "Security Device" will soon run out of battery. The battery normally lasts for 3 to 5 years, depending on the frequency of your usage. Personal customers must visit any of our branches to apply for replacement. Application can be made online by corporate customers. Please note that the battery of the "Security Device" cannot be replaced. Any attempt to remove the components of the "Security Device" may cause malfunction of the Device.

OTP for activation of "Security Device" and "Notification of Execution of Designated Transactions"

  • Company's  SMSs (if any) in respect of "OTP" and "Notification of Execution of Designated Transactions" will be sent only to your mobile phone number registered with Company. Such SMSs will not be forwarded to any other mobile phone number even if you have enabled the "SMS Forwarding Service" provided by any the following local mobile phone service providers in Hong Kong:
    • SmarTone Mobile Communications Holdings Limited
    • CSL Limited
    • Hutchison Telephone Company Limited
    • China Mobile Hong Kong Company Limited

You are advised to check carefully the transaction details sent by Company through an SMS against the transaction conducted by you via the Internet Banking. Please contact us immediately if you have any enquiry.