The following are security tips when you use Mobile Banking Service, Mobile Security Token and Biometric Authentication:

• Do not save your Mobile Banking user name and password or Mobile Security Token code on your mobile handset. Set a password that is difficult to guess and different from the ones for other services. The password should be changed regularly.
• Install and update the latest anti-virus and anti-spyware software regularly on your mobile handset, whenever available.
• Avoid sharing your device with others and use your own mobile handset/device for Mobile Banking Service, Mobile Security Token and Biometric Authentication. Do not leave your device unattended.
• When you log on to Mobile Banking Service, you should beware of whether anyone is trying to peek at your password. Do not leave your mobile handset unattended after logging on to Mobile Banking Service. Always log off properly when you have finished using the service.
• Turn on the screen lock feature on your mobile phone and set the auto-lock feature to prevent unauthorized use of your device.
• When using Wi-Fi, choose a trustworthy provider for your private network. Adopt advanced security protocols (WPA3/WPA2) and set a hard-to-guess Wi-Fi password. Avoid public Wi-Fi networks, or networks lacking password protection or using insecure security protocols (WPA/WEP).
• Use the default operation system originally provided on your mobile handset rather than a third-party operation system downloaded from other sources.
• Do not use any jailbroken/rooted mobile handset which may have security loopholes to log on to Mobile Banking Service; To protect your online transactions, we will check whether your mobile handset is jailbroken or rooted upon using the Mobile Banking Service. Customers may not be allowed to access Mobile Banking Service via jailbroken or rooted mobile device.
• Do not install applications on your mobile handset from unknown sources. Understand the permissions of mobile applications before you install them. Do not use third-party keyboards from unknown sources.
• Please exercise utmost caution regarding malware that can manipulate your mobile device. When you are prompted to open suspicious links or download applications, it is crucial to proceed with caution. Do not access your Internet Banking service through hyperlinks provided in SMS messages, emails, Internet search engines, WhatsApp, WeChat, social media, or other third party online platforms. Before installing any application, take the time to carefully evaluate the permission requirements of the respective mobile application. If you come across any suspicious permission requests,  it is advised not to install the related mobile application and stop operation immediately. At the same time, uninstall any suspicious application on your device, do a factory reset if needed to ensure that all suspicious applications are completely removed. Unless you are completely certain, do not allow your system to install mobile applications from unknown sources.
• To use Mobile Banking service, download the app exclusively from official app stores (Google Play or App Store) or the official Bank of Communications (Hong Kong) website (www.hk.bankcomm.com). Never download it through third-party app stores or websites, and ensure automatic updates are enabled in your app store settings.
• Please regularly update your mobile phone and its operating system, and encrypt the data on your mobile device as much as possible.  
• When you activate Biometric Authentication, any fingerprint / facial map saved on your device can be used for Fingerprint Authentication or Facial Recognition. Therefore, you should only save your own fingerprint / facial map on your device and should not allow any third-party fingerprint / facial map to be saved on your device, or use other people's device to log on to your Mobile Banking Service. Do not leave your device unattended.
• Do not use facial recognition for Biometric Authentication if you have an identical twin sibling.
• Do not use facial recognition for Biometric Authentication if you are an adolescent while your facial features may be undergoing a rapid stage of development.
• Do not take any action to disable any function provided by, and/or agreeing to any settings of, your device that would otherwise compromise the security of the use of your biometric credentials for Biometric Authentication (e.g. disabling "Attention Aware Features" for facial recognition).

New Anti-Digital Fraud Measures: "E-Banking Security ABC":

To facilitate enhanced protection on your e-banking security and protect customers against evolving digital fraud risks, the Bank implemented enhanced security measures in alignment with the Hong Kong Monetary Authority's new anti-digital fraud initiative "E-Banking Security ABC". These will provide you with enhanced assurance on your e-banking services.

• "Authenticate In-App" means that when customers log in to Internet Banking and perform designated high-risk transactions, they must authenticate through the Bank's mobile app instead of using SMS one-time passwords.
• "Bye to Unused Functions" allows customers to choose to deactivate online registration of third-party payees and online increase of transfer limits. Our Bank will allow customers to opt to deactivate the following functions:
• Online registration of third-party payees (including Third Party BOCOM Account, Local Bank Account and Overseas Bank Account)
• Online increase of transaction limit (including Daily Fund Transfer Total Limit to Registered Account, Daily Fund Transfer Total Limit to Non-registered Account & Small Value Fund Transfer Limit, Daily limit for FPS Cross Border QR Payment, Daily limit for Payment Connect).

• After successfully deactivating the "Deactivate Third Party Account Registration Function" service, you must visit our branch in person to complete the relevant verification procedures before you can process (1) Registration of third-party payees service or (2) Reactivation of the concerned service.
• After successfully deactivating the "Deactivate Transfer Limit Increase Function" service, you must visit our branch in person to complete the relevant verification procedures before you can complete (1) Increase of transfer limits service or (2) Reactivation of the concerned service. Online decrease of transfer limit service remains.
• "Cancel suspicious payments" means that in case you initiate a fund transfer to suspicious accounts, an anti-fraud alert will pop up and be displayed for a period of time, which provides you with more time to review the stated risks of the transaction.

The following are security tips when you use Cardless Cash Withdrawal Service:

• The QR code for cash withdrawal is only displayed on-screen with a countdown timer after Customer selecting "JETCO Cardless Withdrawal" or "UnionPay QR Code Withdrawal" function at a JETCO / UnionPay network ATM. Please do not scan QR codes with unknown source, provided by others or stuck beside the ATM.
• Please verify the transaction amount, the dispensation of cash notes and the account balance. Please contact our bank staff or call our 24-hour Customer Service Hotline at (852)223 95559 if necessary.
• For unsuccessful transactions, please check the dispensation of cash notes and the account balance immediately. Please contact our bank staff or call our 24-hour Customer Service Hotline at (852)223 95559 if necessary.
• Cardless Cash Withdrawal Service does not require the presentation of physical ATM card, nor the input of ATM card password under any circumstances. For suspicious situations, please contact our bank staff or call our 24-hour Customer Service Hotline at (852)223 95559 if necessary.
• When logging into Mobile Banking for transactions, be vigilant against any nearby shoulder surfing, recording devices, or other suspicious activities. Ensure your login credentials – including username, password, and security codes generated by security tokens/Mobile Security Token – remain protected from theft.
• Please avoid connecting to Wi-Fi while you are using the Cardless Cash Withdrawal Service.
• Please also refer to the Security Tips for Mobile Banking.