Security Tips

Despite the enormous efforts taken by us, you are playing an important role in ensuring the system security. The following security tips are highly recommended:

  • Keep your ATM Card and PIN, the User ID and PIN of Internet Banking/Mobile Banking and the Telematic Code and PIN of Telematic Banking well to prevent them from being stolen.
  • To protect your interest, we suggest you destroying the PIN documents after memorizing the PIN.
  • Change your PIN periodically, for example every 30 or 60 days.
  • Memorize your PIN and do NOT write them down.
  • Change your PIN and check the security advice through our website (http://www.ocbc.com.hk) from time to time.
  • All the loss due to improperly safeguard the PIN may not be compensated.
  • Ensure nobody is watching you while input your User ID and PIN or any other sensitive personal information.
  • Do not keep any written record of the User ID and PIN near the computer.
  • Keep your User ID and PIN private and never disclose to anyone else including our staff.
  • Do not allow others to use your User ID and PIN.
  • Use different User ID and PIN for bank and credit card sites. Do not use the same User ID and PIN of other website.
  • Check your last login record every time you use Internet Banking/Mobile Banking Services.
  • Always contact us immediately if you lose your User ID or PIN, or suspect your Internet Banking/Mobile Banking account is stolen.
  • Use strong User ID and PIN. A good, strong User ID and PIN should meet all of these criteria:
    Easy for you to remember, but difficult for others to guess,
    • The length of the PIN must be EIGHT and required to use a combination of letters and numeric characters
    • Use THREE or more different characters, e.g. b2a22aa2
    • Do not use the same character for SIX times or more, e.g. 1111ab11
    • Do not use SIX or more consecutive characters (in alphabetical or reverse alphabetical order), e.g. a123456t, fedcba11
    • Do not use your User ID as your PIN
    • Do not use a word found in the dictionary
    • Do not use a User ID and PIN that is hard to memorize so that you have to written it down
    • Do not use easy accessible number or data such as your birthday, ID number or personal telephone number as your User ID or PIN
  • Ensure nobody is watching you while inputting your Telematic Code and PIN.
  • Keep Telematic Code and PIN private and never disclose to anyone else including our staff.
  • Do not allow others to use your Telematic Code and PIN.
  • Do not use the same PIN of the Telematic Banking Services of other bank.
  • Always contact us immediately if you lose your PIN, or suspect your Telematic Banking account is stolen.
  • Use strong PIN. A good, strong PIN should meet all of these criteria:
    Easy for you to remember, but difficult for others to guess,
    • The length of the PIN must be in EIGHT numeric characters
    • Use THREE or more different characters, e.g. 12522552
    • Do not use the same character for FIVE times or more, e.g. 11115721
    • Do not use FIVE or more consecutive characters (in alphabetical or reverse alphabetical order), e.g. 81234596, 98765753
    • Do not use your Telematic Code as your PIN
    • Do not use a PIN that is hard to memorize so that you have to written it down
    • Do not use easy accessible number or data such as your birthday, ID number or personal telephone number as your PIN
  • Ensure nobody is watching you while input your PIN in ATM
  • Do not keep any written record of the PIN near the ATM Card.
  • Keep your PIN private and never disclose to anyone else including our staff.
  • Do not allow others to use your ATM card and PIN.
  • Do not use the same PIN of the ATM Services of other bank.
  • Be careful of any suspicious device on or near the ATM and the card reader slot before using the ATM.
  • Always contact us immediately if you lose your PIN or your ATM card.
  • Use strong PIN. A good, strong PIN should meet all of these criteria:
    Easy for you to remember, but difficult for others to guess,
    • The length of the PIN must be in SIX numeric characters
    • Do not use a PIN that hard to memorize so that you have to written it down
    • Do not use easy accessible number or data such as your birthday, ID number or personal telephone number as your PIN
  • To comply with the latest regulatory requirement of The Hong Kong Monetary Authority to strengthen the security controls for ATM services, with effect from 1 March 2013, the overseas ATM cash withdrawal (including cash advances) service of all ATM cards and credit cards will be pre-set as "deactivated". Customers are required to activate Overseas ATM Cash Withdrawal Service for their ATM cards and credit cards before using overseas ATM to withdraw cash (including cash advances). Noactivation is required for cash withdrawal via JETCO ATMs in Macau and China.
  • Please put your ATM/credit cards that are used for authenticating customer identity at self-service terminals in safekeeping.
  • Do not install unlicensed software, which may contain bugs or viruses.
  • Install anti-virus and anti-spyware software and update the software regularly to ensure you have the latest protection.
  • Install a personal firewall to help your prevent unauthorized access and update the firewall regularly to ensure you are covered with the latest protection. For details, please contact your software vendor.
  • Install security updates and patches to your operating systems or browser when they are made available. They are designed to provide you with protection from known possible security problems.
  • If you suspect a website that is not owned by the Bank, leave it immediately and do not follow the instructions it provides.
  • Logout the service and clear browser cache after a banking session.
  • Do not leave your relevant devices (e.g. personal computer, mobile phone or palm) unattended in the middle of a session.
  • Do not browse other website by opening a new session, while you are using Internet Banking/Mobile Banking Services.
  • Do not use "Auto Complete" function provided by Internet Explorer or other software to remember your User ID and PIN.
    • At Internet Explorer, select "Tools" and "Internet Options"
    • Select "Content" Tag and click "Auto Complete" under "Personal Information"
    • Deselect "User names and passwords on forms" and click "Clear Passwords"
    • Bo Click "OK" to save the change
  • You should also check if the domain name is one of the following
    • www.ocbc.com.hk
    • ebanking.ocbc.com.hk
    • m.ocbc.com.hk
  • Do not access to the Bank's website through internet search engines or suspicious pop-up windows.
  • Please always connect to a bank website by typing the authentic website address into the browser or by bookmarking the genuine website for subsequent access.
  • To ensure your protection, always exit Internet Banking/Mobile Banking by using "logout" button.
  • Regularly check your account balances and statements. If any discrepancies or suspicious transactions found, report to us without delay.
  • Do not conduct Internet Banking/Mobile Banking transaction using personal computers, which are available for public access (e.g. Cyber Cafe).
  • Never leave the Internet Banking/Mobile Banking Services unattended after logging in.
  • Ensure the "File & Print sharing" is disabled while online, especially if you are connecting Internet through broadband connection.
  • You can decrease your daily transaction limit of Internet Banking/Mobile Banking Services to reduce the loss as a result of your User ID and PIN being stolen.
  • You may verify the security certificate of our website by clicking the "Lock" icon at the browser's address bar, which a server certificate issued by VeriSign will appear and the details validity of the certificate will be shown.
  • Please report to us without delay when you detect any unusual transactions or observations like suspicious pop-up screens, abnormal Internet/mobile banking login steps etc.
  • You are strongly advised to do prompt checking of all relevant notifications and accounts statements/advice from the Bank and any information about the date and time of the last login to Internet/mobile banking (as shown in the page after login to Internet banking)
  • Please properly install and update other mobile apps and operating system of mobile platforms. Avoid installing and updating any suspicious mobile apps or operating system of mobile platforms from unknown sources.
We have introduced the latest security measures, EV SSL Certificate (Extended Validation SSL Certificate), for website's identity verification. If you are using Internet Explorer 7.0 or above to access Internet Banking Services:
  • You can see the colour of the browser's address bar changes to green and shows the organization name of the website.
  • Please ensure the address bar is showing the Bank's name "OCBC Bank (Hong Kong) Limited [CN]" before logging in.
  • Click the Bank's name on the address bar to see the certificate's information.
Although you are protected by our Two-Factor Authentication while you initiate a high-risk transaciton (for example, Non-registered Third Party Account Transfer (include OCBC Bank and Other Bank Account Transfer, Telegraphic Transfer, CHATS and HK-Macau Instant Remittance), Bill payment to designated merchants and Overseas ATM Cash Withdrawal Setting), the following security tips are highly recommended:
  • Check carefully if the details in the SMS are the same as the transaction you want to conduct before entering the Security Key No. to confirm the transaction.
  • Ensure nobody is watching you while inputtig your Security Key No. and Dual Password
  • Do not disclose your Security Key No. and Dual Password to anyone including our bank staff (it is not necessary for the Bank's employee to know the Security Key No. and Dual Password)
  • An SMS will be sent to your mobile phone after a high-risk transaction done. Please check carefully the details in the SMS must be the same as the transaction you have just completed.
  • Security Key No. SMS will only be sent to customer's pre-registered mobile phone number and not be forwarded to other mobile number even if customer has subscribed "SMS Forwarding Service" provided by telecommunications service providers in Hong Kong.
  • Please inform the bank staff to stop the service temporary at once if you have lost your mobile phone
  • If you have changed your mobile phone no., please inform the bank to update.
  • Before you finish the high-risk online transaction, do not leave your eBanking devices (e.g. personal computer, mobile phone or palm) unattened in the middle of a session.
  • Automatically reduce transaction limit. Transaction limit for "Non-registered Third Party Account Transfer" (including OCBC Bank and Other Bank Account Transfer, Telegraphic Transfer, CHATS and HK-Macau Instant Remittance) will be reset to Zero automatically if no such fund transfer was conducted for more than 12 months. To reset the limit, please submit a Personal eBanking Service - Alteration Request Form to any of your branches.
  • The Bank will not ask for sensitive account and personal information such as User IDs and passwords via e-mails.
  • The Bank will not send e-mails with embedded hyperlinks to transactional websites to the customer.
  • Do not open Email attachment from unknown, suspicious or unreliable sources and delete it immediately.
  • Be aware of scam Emails which may pretend to be sent from your trusted business partners and friends, however they were designed to trap you into downloading a virus or visiting a fraudulent website and disclosing your sensitive information including your User ID and PIN.
  • Do not send your User ID and PIN or other sensitive personal or financial information via Email. We always use encrypted sites that are secure to receive the information.
  • Fraudulent or spoof websites
    Where customers are asked to input their personal information, mistaking it to be the bank's genuine website.
  • Phishing
    Normally a spam e-mail containing a hyperlink to a log-on page, which requests online banking passwords. The page appears to be an official website but is actually a spoof website.
  • Trojan software
    A malicious code attached or embedded in software that is planted in a customer's PC by a fraudster to access the customer's personal information. A form of Trojan is "key-logger" which monitor and record the keystrokes when a person types on the keyboard(e.g. User ID and PIN). This information can be passed back to an unauthorized person.
  • Spyware
    Any software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet; however, it should be noted that the majority of shareware and freeware applications do not come with spyware. Once installed, the spyware monitors user activity on the Internet and transmitsthat information in the background to someone else. Spyware can also gather information about e-mail addresses and even passwords and credit card numbers.
  • To ensure the Bank can contact you in an efficient manner, please inform us your latest contact phone number and/or correspondence address by submitting a Change of Address Form to any of our branch.