| (a) | At all times keep the Corporate Cyberbanking Account Number, the private key and/or password of Digital Certificate and the PIN confidential; do not disclose, and shall procure the Authorised Person(s) not to disclose them to any person under any circumstances; in particular, not to send them through electronic mail; and never assign the same PIN and/or password for accessing other Services (for example, for connection to the internet or accessing other websites).
|
| (b) |
Notify The Bank of East Asia, Limited ("BEA") immediately of any actual or possible unauthorised use of Corporate Cyberbanking Account Number, the PIN and/or Digital Certificate and shall confirm the same in writing without delay to BEA.
|
| (c) | Do not disclose the PIN, the private key and/or the password of Digital Certificate to anyone in any circumstances who claims to represent BEA or holds out as BEA's employee or authorised person (it is not necessary for BEA's employee to know the PIN, the private key and/or password of Digital Certificate).
|
| (d) | Logout the service and clear the browser cache after a banking session.
|
| (e) | Never leave the computer unattended while using Corporate Cyberbanking.
|
| (f) | Do not use computers which the public may have access to in order to access Corporate Cyberbanking.
|
| (g) | Take caution of hackers and virus infection when sending and receiving emails, visiting and disclosing personal/financial information to unknown websites and downloading files or programs from websites.
|
| (h) | Install proper firewall and anti-virus software and update them with security patches or newer versions on a regular basis to strengthen the security of the computers.
|
| (i) | Upgrade browsers and application software to support SSL 128-bits encryption or a higher encryption standard; and not select the option on browsers for storing or retaining user ID and PIN and/or the password of Digital Certificate.
|
| (j) |
Remove file and printer sharing in computers, especially when you have internet access through cable modem, broadband connection, wireless or similar setups.
|
| (k) |
Change the PIN immediately by selecting a new PIN on the first usage and destroy those documents printed with the PIN subsequently.
|
| (l) |
Not to use your identity card number, telephone number, date of birth, driving license number or popular number sequences (such as 987654 or 123456) when choosing the PIN and/or the password of Digital Certificate; and not use the same digit more than twice.
|
| (m) |
Do not write the PIN and/or password of Digital Certificate down, and shall memorise the same.
|
| (n) |
Keep the PIN and/or password of Digital Certificate separate from the Corporate Cyberbanking Account Number/user ID and the Digital Certificate respectively.
|
| (o) |
Be alert to the surroundings before performing any banking transactions, and make sure that no one sees the PIN and/or password of Digital Certificate.
|
| (p) |
For security reason, change the PIN and/or password of Digital Certificate regularly.
|
| (q) |
Check the authenticity of BEA website by comparing the URL and the Bank’s name in its Digital Certificate and a security icon that looks like a lock or key appear when authentication and encryption is expected.
|
| (r) |
Notify BEA of any change to the information provided to Certification Authority (“CA”) as soon as such change occurs and BEA shall not in any event be held liable for any loss or damage suffered resulting from or in connection with your failure to do so.
|
| (s) |
Do not use the Digital Certificate after it has been cancelled or revoked or has otherwise become invalid.
|
| (t) |
Set the password to protect the Digital Certificate immediately when receiving the Digital Certificate.
|
| (u) |
Verify the accuracy of the transaction details in the SMS in case of the transaction executed at Corporate Cyberbanking prior to entering the One-time Password (“OTP”) to initiate the online transaction.
|
| (v) |
Make sure the Digital Certificate and its private key is non-duplicable and stored in a secure media and remove the media storing the Digital Certificate from the computer after use.
|
| |
|
| Other Notes |
| (1) |
Change your PIN immediately if you suspect that you have been deceived by a fraudulent website or email. For example, if you fail to log in to a service website after inputting your correct PIN, with or without any alert messages.
|
| (2) |
Do not use software or programme(s) from untrustworthy sources.
|
| (3) |
Do not click URLs or hyperlinks embedded in any email, search engine, or any untrusted source to access BEA website.
|
| (4) |
Limit the number of people who can use your personal computer and set your own password for your personal computer if it has this facility.
|
| (5) |
Disable your browser’s “AutoComplete” function. On some browsers, this function remembers the data you input previously. Refer to your browser’s “Help” function if necessary.
|
| (6) |
Make sure that all other browsers are closed before logging in to Corporate Cyberbanking.
|
| (7) |
Input Corporate Cyberbanking or BEA website into the address bar of a web browser directly.
|
| (8) |
Only access Corporate Cyberbanking through www.hkbea.com.
|
| (9) |
Every time you log in to Corporate Cyberbanking, please verify your last login date and time, displayed on the first page.
|
| (10) |
Do not use/install any software or programme to access Corporate Cyberbanking.
|
| (11) |
Access Corporate Cyberbanking with browsers recommended by BEA.
|
| (12) |
Check your bank balance and transaction history regularly. Notify BEA immediately if you discover any errors or unauthorised transactions.
|
| (13) |
Regular review and follow security tips issued by BEA.
|
| (14) |
Contact BEA for confirmation immediately whenever a website claiming to originate from BEA looks suspicious to you.
|
| (15) |
Keep your Digital Certificate, bank statements, cheque books, other important documents and any security media/devices for accessing Corporate Cyberbanking in a safe place. If you want to discard any documents that contain your personal information, destroy them first.
|
| (16) |
Under no circumstances shall BEA, by way of email, ask for your personal information, such as your password, HKID Card number, date of birth, credit card number, credit card expiry date, etc. In addition, BEA will not ask you to access BEA website by clicking hyperlinks attached to any email.
|
| (17) |
Check the website’s privacy policy statement and statement on security safeguards before providing personal data to the website.
|
| (18) |
BEA will never ask you for your PIN by email, phone, or any other method.
|
| (19) |
Cover the keypad when you enter your PIN on any device, such as a personal computer, an ATM, or other self-service terminal.
|
| (20) |
Use proper firewalls, anti-virus software and anti-spyware software to scan your PC from time to time to strengthen the security of your personal computer.
|
| (21) |
Take precautions against hackers, viruses, spyware, and any other malicious software when sending and receiving email, opening email attachments, visiting and disclosing personal/financial information to unknown websites, and downloading files or programmes from websites.
|
For more information on how to ensure your safety when using Internet banking, please visit the website of The Hong Kong Association of Banks at 
