| (a) | At all times keep your Cyberbanking account number, private key/Digital Certificate password, and Personal Identification Number ("PIN") confidential. Ensure that you (or, in applicable cases, the Authorised Person) do not disclose this information to anyone - including any joint account holder - under any circumstances, and do not transmit this information via email. Never assign the same PIN or password for any other service (such as your internet connection, or login for another website).
|
| (b) |
Notify The Bank of East Asia, Limited ("BEA") immediately of any actual or possible unauthorised use of your Cyberbanking account number, PIN, or Digital Certificate, and send confirmation in writing to BEA without delay.
|
| (c) | It is not necessary for anyone affiliated with BEA to know your PIN or private key/Digital Certificate password. Do not disclose this information to anyone including but not limited to any person who claims to be an employee or representative of BEA under any circumstances.
|
| (d) | After you finish a session, make sure to log out of Cyberbanking and clear your browser cache.
|
| (e) | Never leave your computer unattended while using Cyberbanking.
|
| (f) | Do not use a public computer to access Cyberbanking.
|
| (g) | Take precautions against hackers, viruses, spyware, and any other malicious software when sending and receiving email, opening email attachments, visiting and disclosing personal/financial information to unknown websites, and downloading files or programmes from websites.
|
| (h) | Use proper firewalls, anti-virus software and anti-spyware software and install the most up-to-date version timely to scan your PC from time to time to strengthen the security of your personal computer.
|
| (i) | Upgrade your browser and applications to support SSL 128-bit encryption or a higher encryption standard, and make sure that the browser option for storing or retaining usernames, PINs, and Digital Certificate passwords is unselected.
|
| (j) |
Remove shared files and printers from your computer, especially accessing the internet access via a cable modem, broadband connection, wireless network, or similar setup.
|
| (k) |
Change your PIN immediately by selecting a new PIN the first time you use the service, and then destroy all documents that your former PIN is printed on.
|
| (l) |
Do not use your identity card number, telephone number, date of birth, driving license number, or any commonplace number sequence (such as 987654 or 123456) when choosing your PIN or Digital Certificate password. Do not use the same digit more than twice.
|
| (m) |
Memorise your PIN and Digital Certificate password. Do not write them down.
|
| (n) |
Keep your PIN and Digital Certificate password separate from your Cyberbanking account number, user ID, and Digital Certificate.
|
| (o) |
Check your surroundings before performing any banking transactions, and make sure that no one sees your PIN or Digital Certificate password.
|
| (p) |
Change your PIN and Digital Certificate password regularly.
|
| (q) |
Check the authenticity of the BEA website by checking the URL and the Bank's name in its Digital Certificate. A security icon that looks like a lock or key will appear when authentication and encryption is expected.
|
| (r) |
Notify BEA of any change to the information provided to the Certification Authority as soon as such change occurs. BEA shall not in any event be held liable for any loss or damage suffered resulting from or in connection with your failure to do so.
|
| (s) |
Do not use your Digital Certificate after it has been cancelled or revoked or has otherwise become invalid.
|
| (t) |
Set a password to protect your Digital Certificate immediately.
|
| (u) |
When you receive an SMS with a One-time Password ("OTP"), verify the accuracy of the transaction details prior to entering the OTP.
|
| (v) |
Make sure your Digital Certificate and its private key is non-duplicable and stored in a secure format. Remove the device storing the Digital Certificate from your computer after use.
|
| |
|
| Other Notes |
| (1) |
Change your PIN immediately if you suspect that you have been deceived by a fraudulent website or email (for example, if you fail to log in to a service website after inputting your correct PIN, with or without any alert messages).
|
| (2) |
Do not use software or programs from untrustworthy sources.
|
| (3) |
Do not click URLs or hyperlinks embedded in any email, SMS, search engine, or any untrusted source to access the BEA website.
|
| (4) |
Limit the number of people who can use your personal computer and set your own password for your personal computer if it has this facility.
|
| (5) |
Disable your browser's "AutoComplete" function. On some browsers, this function remembers the data you have input previously. Refer to your browser's "Help" function if necessary.
|
| (6) |
Make sure that all other browsers are closed before logging in to Cyberbanking.
|
| (7) |
Input the Cyberbanking or BEA website address into the address bar of your web browser directly.
|
| (8) |
Only access Cyberbanking through www.hkbea.com.
|
| (9) |
Every time you log in to Cyberbanking, please verify your last login date and time, displayed underneath the "Welcome" message on the first page.
|
| (10) |
Do not use/install any software or program to access Cyberbanking.
|
| (11) |
Access Cyberbanking using a browser recommended by BEA.
|
| (12) |
Check your bank balance and transaction history regularly. Notify BEA immediately if you discover any errors or unauthorised transactions.
|
| (13) |
Review and follow the security tips issued by BEA on a regular basis.
|
| (14) |
Contact BEA for confirmation immediately whenever a website claiming to originate from BEA looks suspicious to you.
|
| (15) |
Keep your Digital Certificate, ATM Card, bank statements, cheque books, other important documents, and any security devices for accessing Cyberbanking in a safe place. If you want to discard any documents that contain your personal information, destroy them first.
|
| (16) |
Under no circumstances will BEA use an email, SMS, phone, or any other method to ask for your personal information, such as your password, OTP, HKID number, date of birth, account/credit card number, credit card expiry date, telephone number, or Cyberbanking account number/user ID. BEA will not ask you to access the BEA website by a clicking hyperlink attached to any email or SMS.
|
| (17) |
Check the website's privacy policy statement and statement on security safeguards before providing personal data to the website.
|
| (18) |
Cover the keypad when you enter your PIN on any device, such as a personal computer, an ATM, or other self-service terminal.
|
| (19) |
If any suspicious screens pop up or your computer's network/traffic is unusually slow, you should log out from your internet service/account immediately and scan your computer with the most up-to-date version of your virus protection software.
|
| (20) |
Your mobile phone number, email address, and correspondence address must be up to date at all times in order to successfully receive notifications from BEA. You can update your information at any BEA branch.
|
| (21) |
Protect yourself from email scams - verify the sender's identity before you take any action, to avoid being deceived.
|
For more information on how to ensure your safety when using Internet banking, please visit the website of The Hong Kong Association of Banks at 
