Your browser version is out dated.For optimal viewing, Please update the browser to the latest versions.(
SECURITY GUIDE
|
Latest Update 1. The procedures outlined in this document should be followed when conducting Internet Banking/Mobile Banking transactions. 2. You should properly safeguard all personal information/items required for accessing Internet Banking/Mobile Banking services, including the Internet Banking username, password, security token(s), and other personal data/item(s). This prevents scammers from stealing them to impersonate you for fraudulent activities. You must never allow others to hold or control your security token. 3. You are required to take reasonable steps to properly safeguard security devices and passwords to prevent fraudulent activities, including but not limited to: a. destroying the documents containing your password; b. not permitting any other person to use your password; c. must never write your password on devices used for Internet Banking/Mobile Banking services, or on objects frequently stored alongside or near such devices; and d. should refrain from directly writing down passwords or using password managers to store passwords. 4. Do check the last login details (including last login date and time) when you log in the Internet Banking/Mobile Banking services. If you notice any suspicious login, please contact the customer service hotline immediately at (852)223 95559. Please log off the Internet Banking/Mobile Banking after conducting all your transactions. 5. When using the Internet Banking/Mobile Banking services, you are advised to type the web address of BOCOM(HK) (www.hk.bankcomm.com) directly into the browser address bar or install the BOCOM(HK) Mobile Banking application through Google Play, App Store or BOCOM(HK) website, for access to your Internet Banking/Mobile Banking accounts. Never access your Internet Banking accounts or download the Mobile Banking application through hyperlinks provided via SMS, emails, Internet search engines, WhatsApp, WeChat, social media, or any other third-party online platforms. 6. If you have logged into the Internet Banking/Mobile Banking through third-party websites or applications, you are advised to change the passwords immediately to protect your personal information. If you discover any unauthorized transaction in your bank accounts or have any inquiries relating to the Internet Banking/Mobile Banking Services, you should contact the customer service hotline at (852)223 95559. 7. To log in to Internet Banking, you must access via our official website www.hk.bankcomm.com using only your Internet Banking username and password. However, if you have enabled the "Login to Internet Banking with Security Code" feature, you will also need to obtain and enter your security code to log in. 8. During the Internet Banking login process, the Bank will not ask you to enter any personal information. If you encounter any anomalies during the login process (such as unusual pop-up windows or requests for additional personal information), you should immediately log out of Internet Banking/Mobile Banking services and notify the Bank by calling our customer service hotline at (852)223 95559. 9. When using Internet Banking services, it is recommended to close other browsers first and avoid browsing other websites. 10. According to Microsoft's website, the Windows 10 operating system was officially terminated on October 14, 2025 unless you have purchased the extended security updates service. For details, please refer to Microsoft's official website. To ensure that you are safe to use the Internet Banking service, it is recommended to consider using the Windows 11 operating system with specified browsers (such as Chrome, Firefox or Safari) and performing regular updates. 11. Before making a payment using account numbers, mobile phone numbers, email addresses, or FPS identifiers, carefully verify the payment details, including the recipient's name and the amount. If you have any doubts, confirm with the recipient first. 12. To help customers stay vigilant against frauds, scams and deceptions, the Bank will send risk alerts based on the risk warnings, messages and indicators received by the Bank from "Scameter" provided by Hong Kong Police Force from time to time. a. When you initiate instant fund transfers through "Transfer/FPS", if the account number, mobile phone number, email address or FPS Identifier of payees are listed as High Risk on "Scameter", risk alerts will be prompted before proceeding with the transactions. You will be asked to confirm whether you want to proceed with the transactions. Please be aware of such situations and follow the risk alerts to stop the transactions (if applicable) and be aware that the transactions are considered high-risk. If you choose to continue with the transactions, you will assume the associated risks and liabilities. b. You are encouraged to use "Scameter" (www.CyberDefender.hk/scameter) provided by Hong Kong Police Force to conduct assessments of potential frauds and online security risks prior to making any fund transfers. c. When in doubt, you may call Anti-Scam Helpline 18222 for assistance or report to the Police. 13. The Bank advises you to regularly review your monthly statements. Should you have any doubts regarding transaction amounts on your statements, please notify the Bank immediately. 14. Promptly check the SMS messages, emails, and push notifications issued by the Bank. In compliance with HKMA regulatory requirements, the Bank will never send hyperlinks via text messages or emails directing customers to our website or mobile application for transactions. Furthermore, we will never request any sensitive personal information (including login credentials and one-time passwords) through hyperlinks. Any text messages or emails containing hyperlinks requesting entry of Internet Banking login details are not issued by the Bank. Customers should think twice before clicking any hyperlinks purportedly sent by the Bank. If suspicious circumstances are identified, please immediately contact our customer service hotline at (852)223 95559 to speak with a representative. 15. To prevent fraudsters from impersonating banks to send scam text messages and to help the public identify the sender's authenticity, effective January 28, 2024, the Bank will send messages to local mobile service users exclusively through the following "registered SMS sender names" starting with "#" (Note: The registration system does not apply to local users utilizing multi-number mobile services provided by non-Hong Kong operators): #BANKCOMM #BOCOM #BOCOMHK When receiving calls, texts, emails, or letters claiming to represent the Bank—especially if the sender reports issues with your bank account or credit card—exercise caution and verify the identity of the caller or sender to avoid scams. 16. Neither the Bank nor its authorized agents/affiliates will ever request sensitive personal information (including login passwords and one-time passwords) through any channel (such as SMS, phone calls, emails, instant messaging apps, or push notifications). Never disclose your username, password, or one-time password to any third-party service provider, regardless of whether they claim authorization from the Bank. For details, refer to the relevant information (Click here) on the Hong Kong Monetary Authority website and video (Click here). (Note: You will be redirected to third-party websites and the Bank assumes no responsibility for your use of the Internet via external links). 17. The Bank recommends that you set strong, hard-to-guess passwords for your computers and mobile devices, and enable automatic lock features. 18. When using Mobile Banking/Securities Trading applications, your mobile device should be updated to the iOS or Android operating system version specified by the bank. We advise upgrading your Mobile Banking/Securities Trading app to the latest version. 19. You should ensure that devices used for Internet/Mobile Banking services are free from virus infections and protected against malicious or destructive programs attempting to access, use, or alter your personal passwords, biometric authentication data, and other personal information. 20. Email is a common method for spreading viruses. Fraudsters may send spam emails containing Trojan-infected attachments or phishing website links to victims. If victims inadvertently open such attachments or websites, their devices may become infected with Trojans, allowing fraudsters to infiltrate their systems and steal or download data. Therefore, emails from the Bank will never contain attachments. If you encounter suspicious emails, do not open them and immediately contact our customer service hotline at (852)223 95559. 21. We recommend enhancing your email security to prevent criminals from stealing emails containing your personal information, such as bank statements, credit card bills, and tax documents. If you fail to receive expected correspondence, promptly contact relevant banks and institutions. 22. Since fraudsters may install malware on public computers or Wi-Fi networks to steal your personal data, do not use Internet/Mobile Banking services on public/shared computers or unknown/public wireless networks. 23. Disable wireless network connectivity on your devices when not in use to reduce cybersecurity risks. When using wireless networks, always choose encrypted networks and employ secure encryption protocols (WPA2/WPA3). 24. Remain highly vigilant against malware or apps capable of controlling your devices. Exercise caution when prompted to open suspicious links or download software/applications. Before installation, thoroughly evaluate the permissions requested by the software or app. If suspicious permissions are detected, immediately cease operations and do not proceed with installation. Additionally, regularly check your devices for and uninstall any suspicious software or apps. Perform a factory reset if necessary to ensure complete removal of malicious software or apps. Never allow the installation of software or apps from unverified sources unless you are absolutely certain of their legitimacy. 25. The Bank regularly reviews these security guidelines to ensure their adequacy and appropriateness. Please periodically check the security recommendations provided by our bank. For Mobile Banking security information, including login procedures, mobile security token, and biometric authentication, please click here to view relevant security tips. |
||
|
|
||
|
New Anti-Digital Fraud Measures: "E-Banking Security ABC" |
||
|
To facilitate enhanced protection on your e-banking security and protect customers against evolving digital fraud risks, the Bank implemented enhanced security measures in alignment with the Hong Kong Monetary Authority's new anti-digital fraud initiative "E-Banking Security ABC". These will provide you with enhanced assurance on your e-banking services. |
||
|
"Authenticate In-App" means that when customers log in to Internet Banking and perform designated high-risk transactions, they must authenticate through the Bank's mobile app instead of using SMS one-time passwords. |
||
|
"Bye to Unused Functions" allows customers to choose to deactivate online registration of third-party payees and online increase of transfer limits. Our Bank will allow customers to opt to deactivate the following functions: 1. Online registration of third-party payees (including Third Party BOCOM Account, Local Bank Account and Overseas Bank Account) 2. Online increase of transaction limit (including Daily Fund Transfer Total Limit to Registered Account, Daily Fund Transfer Total Limit to Non-registered Account & Small Value Fund Transfer Limit, Daily limit for FPS Cross Border QR Payment, Daily limit for Payment Connect). Customers can deactivate the designated high risk transaction(s)/function(s) via the "Deactivate High Risk Transaction Functions" under "Settings > Security Setting" in Internet Banking/ Mobile Banking. To reactivate the function(s), customers need to visit any of our branches to complete the form. Warm Reminder: > After successfully deactivating the "Deactivate Third Party Account Registration Function" service, you must visit our branch in person to complete the relevant verification procedures before you can process (1) Registration of third-party payees service or (2) Reactivation of the concerned service. > After successfully deactivating the "Deactivate Transfer Limit Increase Function" service, you must visit our branch in person to complete the relevant verification procedures before you can complete (1) Increase of transfer limits service or (2) Reactivation of the concerned service. Online decrease of transfer limit service remains. |
||
|
"Cancel suspicious payments" means that in case you initiate a fund transfer to suspicious accounts, an anti-fraud alert will pop up and be displayed for a period of time, which provides you with more time to review the stated risks of the transaction. |
||
|
|
||
|
Internet Security Measures by the Bank |
||
|
To secure your banking information and account details, the Internet Banking provides the following measures. |
||
|
1. |
Transport Layer Security (TLS) & Strong Encryption |
|
|
|
When using Internet Banking via Internet, all account and transaction information will be encrypted by TLS encryption technology. |
|
|
2. |
Automatic Time Out |
|
|
|
The Internet Banking system has an automatic log off function. The service will automatically log off after 20 minutes account inactivity so as to prevent unauthorized access of your account. Automatic time-out function will be valid even if there are transactions in progress. |
|
|
3. |
Security Device Login |
|
|
|
Security Device Login has been introduced to enhance the security level of Internet Banking system. To enable this setting, please access "My settings" -> "Internet Banking Login Settings". Apart from entering a User Name and Password during log-in, you will also be required to enter a security code generated by the Security Device/Mobile Token once the service is enabled. |
|
|
4. |
Password |
|
|
|
(i) |
Unique Internet Banking User Name and Password is required to access Internet Banking and the account will be locked if incorrect Password has been entered 6 times consecutively in order to protect your interest. |
|
|
(ii) |
Neither the Bank nor its clients/affiliates will ever request any sensitive personal information (including login passwords, one-time passwords, etc.) from you through any channel (including SMS messages, phone calls, emails, instant messaging applications, etc.). You must not access your Internet Banking account via hyperlinks provided in emails, internet search engines, or unusual pop-up windows. For any inquiries, please contact our customer service representatives at (852)223 95559. |
|
5. |
Digital Certificate |
|
|
|
The Internet Banking website is authenticated by a certificate issued by DigiCert. When using Internet Banking services, simply click the "lock" or "key" icon on the left or right side of the address bar at the top of your browser to display the certificate details for verification. |
|
|
|
||
|
Security Measures by Customers |
||
|
To avoid unauthorized access to your account(s), you should pay attention to the following points: |
||
|
1. |
Password |
|
|
|
(i) |
It is recommended that you use a combination of uppercase and lowercase letters, numbers, and symbols for your password. Do not use overly simple or easily guessed passwords, such as your phone number, date of birth, ID card number, or any number associated with you. |
|
|
(ii) |
Keep your password secure. Do not write it down or use password managers to store it, to prevent data leakage. |
|
|
(iii) |
Do not use the same password for accessing other online services. Your Internet/Mobile banking passwords should not be shared with other services. Never share your Internet/Mobile banking login passwords with anyone. |
|
|
(iv) |
Do not reveal your password to anyone else (including the Bank staff and the Police). |
|
|
(v) |
Do change your password regularly, such as every 30-day. If you suspect your password has been known by someone else, you should change it immediately; if you cannot change your password through Internet Banking Services, please contact the customer service hotline (852)223 95559. |
|
|
(vi) |
Neither the Bank nor its clients/affiliates will ever request any sensitive personal information (including login passwords, one-time passwords, etc.) from you through any channel (including SMS messages, phone calls, emails, instant messaging applications, etc.). You must not access your Internet Banking account via hyperlinks provided in emails, internet search engines, or unusual pop-up windows. For any inquiries, please contact our customer service representatives at (852)223 95559. |
|
|
(vii) |
You must safely keep the security token provided by the Bank. Do not share it with others. |
|
2. |
Using Internet Banking |
|
|
|
(i) |
The procedures outlined in this document should be followed when conducting Internet Banking transactions. |
|
|
(ii) |
You must access to the Internet Banking via http://www.hk.bankcomm.com and use only your username and password to login. However, if you have enabled the "Log in to Internet Banking Using Security Code" feature, you will need to obtain and enter your security code to log in. |
|
|
(iii) |
During the Internet Banking login process, the Bank will never request you to input any personal information. If any anomalies occur during login (such as unusual pop-up windows or requests for additional personal data), immediately log out of Internet Banking and notify the bank by calling our customer service hotline at (852)223 95559. |
|
|
(iv) |
After successfully logging into Internet Banking services, do not leave your computer unattended. When logging out of Internet Banking, do not simply close the browser; instead, click the "Log Out" button at the top right corner to ensure proper security protection for your Internet Banking. |
|
|
(v) |
Never access your Internet Banking account through hyperlinks or attachments provided via SMS, email, search engines, WhatsApp, WeChat, social media, or any other third-party online platforms. |
|
|
(vi) |
Do not provide your personal information to any unverified individuals or suspicious websites. |
|
|
(vii) |
Do not download or install computer software from unknown websites. |
|
|
(viii) |
Regularly check account statements, transaction records, and balances to ensure account information is accurate. Promptly notify the bank if any suspicious transactions are identified. |
|
|
(ix) |
Two-factor authentication (Security Device or SMS One-Time Password) is required when conducting the following high-risk transactions via Internet Banking:
|
|
|
(x) |
"SMS One-time Password" and SMS for "Notification of Execution of Designated Transactions" issued by the Bank will be sent to your registered mobile phone number only. If your mobile phone that registered SMS or contact number have been changed, please visit the Bank's branches to complete the update procedures. |
|
|
(xi) |
Please check the SMS, emails, and push notifications sent by the Bank promptly. Should you detect any suspicious activity, immediately contact our customer service hotline at (852)223 95559. The Bank will never request any sensitive personal information (including One-Time Passwords or login credentials) through any channel. |
|
|
(xii) |
To protect your interests, if the email address registered with the Bank has become invalid or requires any changes, please update it promptly via the "Settings Center" function in Internet Banking or visit a branch in person to complete the modification procedures. |
|
|
(xiii) |
Update all your personal information used in the Internet Banking service in a timely manner. |
|
|
(xiv) |
Avoid conducting transactions on computers shared with others. If shared devices must be used, clear your browsing history after each session. |
|
|
(xv) |
Perform regular backups. Classify data according to its varying levels of importance. For data containing sensitive information, encryption is recommended to enhance security. |
|
|
(xvi) |
For further details on security matters, refer to the Hong Kong Monetary Authority's publication "Consumer Education Programme - Major Safety Tips on Using Internet Banking Services" (You will be directed to a third-party website. The bank shall not be responsible for your use of the Internet via this link). |
|
3. |
Protect your online transaction |
|
|
|
(i) |
Due to the risk of malicious software being installed on public computers or public Wi-Fi networks by fraudsters to steal your personal data, do not use Internet Banking services through public/shared computers or via public/unknown wireless networks. |
|
|
(ii) |
Before entering your username, account number, password, or other important information, ensure that no one is watching you by checking your surroundings. |
|
4. |
Protect your computer |
|
|
|
(i) |
A firewall software can effectively prevent hackers from intruding into your computer to steal or download data. We recommend that you install a firewall software to prevent hacker intrusion and regularly update the software. |
|
|
(ii) |
In order to prevent computer virus invasion, you are recommended to install anti-virus software and update its version regularly. |
|
|
(iii) |
If any unusual screens pop up and/or the computer responds unusually slow, you are advised to log off from the Internet Banking and scan the computer with the most updated version of virus protection software. |
|
|
(iv) |
Email is a common way to spread viruses. The Bank will not send out email with attachment. If you are at all suspicious, do not open the email and please contact the customer service hotline immediately at (852)223 95559. |
|
|
(v) |
The Bank suggests you to set difficult-to-guess Passwords for your computer, and activate the auto-lock function. |
|
|
(vi) |
The Bank suggests you to download and upgrade your software from official and reliable sources only. Do not browse suspicious websites. |
|
|
(vii) |
When not using Wi-Fi, please turn off the wireless function on your device to reduce cybersecurity risks. When Wi-Fi networks are used, always use encrypted networks and secure Wi-Fi connection settings (WPA2/WPA3). |
|
5. Security guideline |
||
|
To learn more about Internet Trading Security, you can also get more information from the leaflet released by the Hong Kong Monetary Authority and the Hong Kong Association of Banks - Smart Tips on Using Internet Banking Services. |
Customer Service Hotline: 223 95559
Please visit any of