Please read the following precautions before using UK Cyberbanking and refer to them from time to time:
A. PIN Management
- If you suspect that someone has tampered with the sealed envelope containing your PIN prior to receipt, please contact us immediately.
- Make your Security Details difficult to guess and different from those for other internet services (such as your internet connection, or login details for another website or social media accounts), and change your passwords regularly.
- Do not use your identity card number, telephone number, date of birth, driving license number, or any popular number sequence (such as 98765 or 12345) when choosing your PIN or password. Do not use the same digit more than twice.
- Do not disclose your Cyberbanking login details to anyone. The Bank will never ask you for your Security Details, including Security Code generated through i-Token.
- Do not send your Security Details via email / SMS or use it as password for accessing other services.
- Memorise your Security Details. Do not write it down or store them and other sensitive information on your device in a way that can be understood by someone else.
- For security reasons, change your Security Details regularly.
- Change options on your browser to avoid storing your Cyberbanking login details or sensitive account information on your device.
- Change your Security Details immediately if you suspect someone knows it or if you suspect that you have been deceived by a fraudulent website, email, or SMS message to disclose your Cyberbanking login credentials.
B. Device and Email Protection
- Maintain adequate security on all devices accessing UK Cyberbanking.
- Keep your operating system, anti-virus software, and apps installed on your device up-to-date with the latest security patches.
- Get our app only from the Apple Store or Goggle Play Store and ensure that you download the latest version.
- Install / update security software if available.
i) Increase the protection of the computer you use to access Cyberbanking with firewalls, anti-virus software and anti-spyware software, and update them on a regular basis. Use such protection measures to scan your computer from time to time to strengthen the security of your computer. ii) Consider using the latest versions of mobile security software/programs to scan your device from time to time to strengthen its security. - Do not “root” or “jailbreak” your mobile device (i.e. do not undergo processes to attain root access to the operating system code or remove software restrictions built into devices).
- Do not update your mobile operating system via or download mobile apps from untrustworthy sources. You are recommended to set your device to block installation of apps from unknown sources and keep it properly configured.
- Carefully read installation and/or permission requests from websites, apps and other software and programs. Be wary of any unusual or unnecessary request.
- Do not follow links sent in suspicious emails and SMS messages. Take precautions against hackers, viruses, spyware, and any other malicious software when reading emails, opening attachments, visiting unfamiliar websites, and downloading mobile apps and programs from websites.
- Do not browse suspicious websites or click on the hyperlinks and attachments in suspicious emails or messages received through WhatsApp, Line, WeChat, and other e-Communities. Contact the Bank for confirmation immediately whenever a website, SMS, email or other correspondence claiming to originate from the Bank looks suspicious to you.
- Disable your mobile device’s "AutoFill" or similar option and avoid storing your login credentials on your device.
- Disable any wireless network functions that are not in use, such as Wi-Fi, Bluetooth, near-field communication (NFC) or payment apps.
- Do not share your device with others or use other people’s devices to log in to Cyberbanking. Always lock your device with password protection when not in use, and activate the auto-lock function.
- If your device is capable of biometric authentication (e.g. fingerprint or facial recognition), do not let any other person register his/her biometrics on it.
- Do not disable any feature that can strengthen the security of biometric authentication, such as “attention awareness” for facial recognition (e.g. ensure that the “Require Attention for Face ID” setting is enabled).
C. Accessing UK Cyberbanking
- Keep your login credentials confidential at all times and do not send sensitive account information via email.
- Never Share the One-Time-Password (“OTP”)/ Security Code/i-Token PIN with anyone. The OTP/ Security Code generated through i-Token should not be given to anyone (even to the police or us), either verbally or in writing. It should only be entered when using our Cyberbanking.
- Make sure that all other browsers are closed before logging in to Cyberbanking.
- Only access Cyberbanking through our website www.hkbea.co.uk or our mobile app.
- Be alert to your surroundings when performing any online banking transactions and make sure that no one sees you enter your login credentials.
- Every time you log in to Cyberbanking, please check to ensure that the Personal Greeting (if any) or your last login date and time are correct.
- Do not click on URLs or hyperlinks embedded in any email, SMS, instant message, QR code, search engine, or any untrusted source to log in to Cyberbanking. The Bank will not send emails to the customers with embedded hyperlinks / QR codes to access Cyberbanking.
- If any suspicious screens pop up or your device’s network / traffic is unusually slow, you should log out from your internet service / account immediately and scan your device with the most up-to-date version of anti-virus software.
- Confirm the legitimacy of the Bank's website by comparing the URL and the Bank's name in its site digital certificate. A security icon resembling a padlock or key appears when authentication and encryption are activated.
- Always log out and then close the browser / app after each banking session.
- Do not leave your device unattended while using Cyberbanking.
- Do not use public computers to access Cyberbanking. Public computers are unsafe for logging in to Cyberbanking because they are used by many people and thus, more likely to be infected with malwares
- Avoid joining untrusted Wi-Fi networks and using public Wi-Fi hotspots to access Cyberbanking. Choose encrypted networks and remove any unnecessary Wi-Fi connection settings when using Wi-Fi to log in to Cyberbanking.
- Do not activate any SMS forwarding function which is supported by your mobile network provider
- Regularly review and follow the security tips issued by the Bank.
D. Other Notes
- Check your bank statement(s) regularly and inform the Bank immediately if you discover any errors or suspicious/unusual transactions.
- Regularly check to make sure your information with us (including your email and mailing address) is up-to-date.
- Inform the Bank immediately whenever you change your mobile phone number or if your phone is lost or stolen to prevent anyone else from accessing the OTP.
- Contact the Bank immediately, if you ever receive an OTP or notification from the Bank which you are not expecting.
- Keep your bank statements, cheque books, and other important documents in a safe place. If you want to discard any documents that contain your personal information, destroy them first.
- Under no circumstances shall the Bank, by way of email / SMS, instant message, phone call or any other method, ask you for your sensitive information, such as your PIN, OTP, Security Code, i-Token PIN or Username and Passcode etc.
- Do not send sensitive account information via email, SMS or social networks.