Security measures for the use of User ID and PIN of Internet Banking

	Ensure nobody is watching you while input your User ID and PIN or any other sensitive personal information.
	Do NOT keep any written record of the User ID and PIN near the computer.
	Keep your User ID and PIN private and NEVER disclose to anyone else including our staff and police.
	Do NOT allow others to use your User ID and PIN.
	Use different User ID and PIN for bank and credit card sites. Do NOT use the same User ID and PIN of other website.
	Check your last login record every time you use Internet Banking Services.
	Customers are reminded to stay vigilant to anything abnormal when using the Internet Banking services (e.g. unusual pop-up screens, unusually slow browser response, multiple requests for password input, incorrect website address etc.).
	Please change your PIN regularly to minimize the risk.
	Always contact us at Customer Service Hotline 3199 9188 immediately if you lose your User ID or PIN, or suspect your Internet Banking/Mobile Banking account is stolen.
	Check SMS messages and other messages from the Bank in a timely manner and verify your transaction records. Inform the Bank immediately in case of any suspicious situations.
	If you suspect a website, SMS or email that is not owned or sent by the Bank, leave it immediately and do not follow the instructions or click and open the hyperlinks, attachments or QR codes it provides.
	The Bank will not contact customers by SMS or e-mail to request customers to provide or validate personal and transactional information such as User ID and PIN, account number, credit card number and SMS or email one-time password.
	Access your account in a safe environment and avoid letting other people to see your screen as you enter confidential information.
	Turn on security feature in your mobile phone to prevent others from accessing and using the device when you are not around.
	Setup password for your mobile devices, to prevent unauthorized people stealing your personal data when your mobile devices is lost.
	Use strong User ID and PIN. A good, strong User ID and PIN should meet all of these criteria: Easy for you to remember, but difficult for others to guess, The length of the PIN must be EIGHT and required to use a combination of letters and numeric characters Use THREE or more different characters, e.g. b2a22aa2 Do not use the same character for SIX times or more, e.g. 1111ab11 Do not use SIX or more consecutive characters (in alphabetical or reverse alphabetical order), e.g. a123456t, fedcba11 Do not use your User ID as your PIN Do not use a word found in the dictionary Do not use a User ID and PIN that is hard to memorize so that you have to written it down Do not use easy accessible number or data such as your birthday, ID number or personal telephone number as your User ID or PIN

Protect your computer

	Do not install unlicensed software, which may contain bugs or viruses.
	Install anti-virus and anti-spyware software and update the software regularly to ensure you have the latest protection.
	Install a personal firewall to help your prevent unauthorized access and update the firewall regularly to ensure you are covered with the latest protection. For details, please contact your software vendor.
	Install security updates and patches to your operating systems or browser when they are made available. They are designed to provide you with protection from known possible security problems.
	Reference: The Government's Cyber Security Information Portal (http://www.cybersecurity.hk)

Security Measures for the use of Internet Banking

	To ensure your protection, always exit Internet Banking Services by using "logout" button.
	Regularly check your account balances and statements. If any discrepancies or suspicious transactions found, report to us without delay.
	Do not conduct Internet Banking transaction using personal computers, which are available for public access (e.g. Cyber Cafe).
	Do NOT use a common computer in public area (e.g. Cyber Cafe) to login Internet Banking services.
	Only access the reliable wifi network.
	Do NOT click any hyperlink in email which is link to the Internet Banking services.
	To prevent leakage of your login details, please make sure no one is watching you when you are entering the login details.
	Please check the previous record of login and logout time when using Internet Banking services.
	Please install and update the latest fire wall and anti-virus software regularly.
	Never leave the Internet Banking Services unattended after logging in.
	Ensure the "File & Print sharing" is disabled while online, especially if you are connecting Internet through broadband connection.
	You can decrease your daily transaction limit of Internet Banking Services to reduce the loss as a result of your User ID and PIN being stolen.
	You may verify the security certificate of our website by clicking the 'Lock' icon at the browser's address bar, which a server certificate issued by DigiCert will appear and the details validity of the certificate will be shown.
	Please report to us without delay when you detect any unusual transactions or observations like suspicious pop-up screens, abnormal Internet banking login steps etc.
	You are strongly advised to do prompt checking of all relevant notifications and accounts statements/advice from the Bank and any information about the date and time of the last login to Internet banking (e.g.as shown in the notifications or upon login to Internet banking).
	Please set up proper dual controls and authorization before conducting high-risk transactions to ensure your protection.

Internet

	If you suspect a website that is not owned by the Bank, leave it immediately and do not follow the instructions it provides.
	Logout the service, close the browser and clear browser cache after a banking session.
	Do not leave your relevant devices (e.g. personal computer, mobile phone or palm) unattended in the middle of a session.
	Do not browse other website by opening a new session, while you are using Internet Banking Services.
	Do not use "Auto Complete" function provided by browser or other software to remember your User ID and PIN.
	You should also check if the domain name is one of the following
	www.ocbc.com.hk ebanking.ocbc.com.hk velocity.ocbc.com
	Do not access to the Bank's website through internet search engines or suspicious pop-up windows.
	Please always connect to a bank website by typing the authentic website address into the browser or by bookmarking the genuine website for subsequent access.
	Use encryption to protect your wireless network.
	Please properly install and update other mobile apps and operating system of mobile platforms. Avoid installing and updating any suspicious mobile apps or operating system of mobile platforms from unknown sources.

Types of Threats when using Internet

	Fraudulent or spoof websites
	Where customers are asked to input their personal information, mistaking it to be the bank's genuine website.
	Phishing
	Normally a spam e-mail containing a hyperlink to a log-on page, which requests online banking passwords. The page appears to be an official website but is actually a spoof website.
	Trojan software
	A malicious code attached or embedded in software that is planted in a customer's PC by a fraudster to access the customer's personal information. A form of Trojan is "key-logger" which monitor and record the keystrokes when a person types on the keyboard(e.g. User ID and PIN). This information can be passed back to an unauthorized person.
	Spyware
	Any software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet; however, it should be noted that the majority of shareware and freeware applications do not come with spyware. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about e-mail addresses and even passwords and credit card numbers.

Website's identity authentications

We have introduced the latest security measures, EV SSL Certificate (Extended Validation SSL Certificate), for website's identity verification. If you are accessing Internet Banking Services:
	Before logging in, please ensure the Bank's name "OCBC Bank (Hong Kong) Limited" or “OCBC Velocity” is shown on the top left corner of the login page and the name is shown on the address bar when accessing through some of the browsers e.g. IE and Chrome.
	Click the Bank's name on the address bar (for IE) or the lock icon (for Chrome/ Edge) to see the certificate's information.
	You are under secure protection if the URL address starting with "https://" or show the 'Lock' icon at the browser's address bar after log in Internet Banking.

Security measures for the use of USB Security Token and PIN

	Ensure nobody is watching you while input your PIN of USB Security Token.
	Do Not keep any written record of the PIN near the USB Security Token.
	Keep your PIN private and NEVER disclose to anyone else including our staff.
	Do Not allow others to use your USB Security Token and PIN.
	Do Not use the same PIN of the USB Security Token of other bank.
	Always contact us immediately if you lose your PIN or your USB Security Token.
	Use strong PIN. A good, strong PIN should meet all of these criteria: Easy for you to remember, but difficult for others to guess, The length of the PIN must be between EIGHT and SIXTEEN characters that consists of letters and numbers Case letters can be used to enhance security Do not use a word found in the dictionary Do not use a PIN that hard to memorize so that you have to written it down Do not use easy accessible number or data such as your birthday, ID number or personal telephone number as your PIN
	Always remove the USB Security Token [eCertificate] from your devices after the certificate is used for accessing Internet banking.

Security Device

Please follow the guidelines below to protect your Security Device for OCBC Bank Business Internet Banking:
	Keep your Security Device in a safe and secured place all the time.
	Store your Security Device in a dry and cool environment. Leaving your Security Device in extremely high or low temperatures or water may cause problems with the Security Device.
	Do not open your Security Device or remove the battery or circuit board. Request for replacement if your Security Device is running out of battery.
	Never leave your Security Device unattended or exposed with the One-Time Security Code displayed
	Do not lend your Security Device to others.
	Do not reveal your Security Device serial number or One-Time Security Code to anyone.
	Refer to FAQ – Security Device for more details.

For OCBC Velocity, Mobile Token and Biometric Authentication are supported and please follow the guidelines below:

	Avoid sharing your device with others and use your own mobile handset/ device for Mobile Banking Services, Mobile Token and Biometric Authentication. Do not leave your device unattended.
	When you log on to Mobile Banking Services, you should beware of whether anyone is trying to peek at your password. Do not leave your mobile handset unattended after logging on to OCBC Mobile banking. Always log off properly when you have finished using the services.
	When you activate Biometric Authentication, any fingerprint/ facial map saved on your device can be used for Fingerprint Authentication or Facial Recognition. Therefore, you should only save your own fingerprint/ facial map on your device and should not allow any third-party fingerprint/ facial map to be saved on your device, or use other people's device to log on to your Mobile Banking Services. Do not leave your device unattended.

Security Measures for the use of Mobile Banking

	Please download our bank apps from official App Store or Google Play by searching "OCBC Bank" or "OCBC Bank Business Mobile".
	Do Not save or store your login name and PIN in mobile phone.
	Please set a hard-to-guess password and enable auto-lock for your mobile device.
	To avoid login Mobile Banking in a crowded area (e.g. train compartment).
	Prevent to share with others to use Mobile Banking in your mobile phone.
	Turn off wireless network functions (eg. Wi-Fi, Bluetooth, NFC) which are not in use. If using Wi-Fi, please connect an encrypted network and remove any unnecessary connection settings.
	Do Not use any jailbroken or rooted mobile phone to login Mobile Banking, it will cause security loopholes.
	Please install and update the latest anti-virus software in mobile phone regularly.
	Please login and logout the Mobile Banking correctly after using.
	Please use the defaulted browsers provided by mobile phone.
	Please logout the Mobile Banking services when you are using another apps.
	Please properly install and update other mobile apps and operating system of mobile platforms. Avoid installing and updating any suspicious mobile apps or operating system of mobile platforms from unknown sources.

Security measures for the use of Telematic Code and PIN of Telematic Banking

	Ensure nobody is watching you while inputting your Telematic Code and PIN.
	Keep Telematic Code and PIN private and NEVER disclose to anyone else including our staff and police.
	Do Not allow others to use your Telematic Code and PIN.
	Do Not use the same PIN of the Telematic Banking Services of other bank.
	Always contact us immediately if you lose your PIN, or suspect your Telematic Banking account is stolen.
	Use strong PIN. A good, strong PIN should meet all of these criteria: Easy for you to remember, but difficult for others to guess, The length of the PIN must be in EIGHT numeric characters Use THREE or more different characters, e.g. 12522552 Do not use the same character for FIVE times or more, e.g. 11115721 Do not use FIVE or more consecutive characters (in alphabetical or reverse alphabetical order), e.g. 81234596, 98765753 Do not use your Telematic Code as your PIN Do not use a PIN that is hard to memorize so that you have to written it down Do not use easy accessible number or data such as your birthday, ID number or personal telephone number as your PIN

Security measures for the use of ATM Card and PIN

	Destroy the PIN mailer after memorizing the PIN.
	Do not write down the PIN and never keep any written record of the PIN with your ATM card.
	Change your PIN at any JETCO ATM regularly.
	Avoid using easily accessible number such as personal data including your birthday, ID number or personal telephone number etc.
	Do not disclose your PIN to any person including any joint account holder, the police and the bank staff. The Bank will never ask for your PIN by any means such as email, SMS, phone, etc.
	Do not send your PIN via email / SMS and never use the same PIN to access other services.
	Always stay alert when using ATMs. Cover the keypad with your hand with entering the PIN, and reject any assistance from strangers.
	Do not allow others to use your ATM card and PIN.
	Be careful of any suspicious device on or near ATM and card reader slot before using ATM (e.g. pinhole camera, card reader, etc.).
	Stop the transaction and report to the Bank immediately if you observe the PIN panel has been removed or loosened.
	Remember to take back your ATM card after using ATM or POS terminal.
	Count the banknotes immediately after cash withdrawal. Do not take the banknotes or ATM card left at an ATM dispenser by another person. The banknotes or ATM card will be automatically returned to the ATM.
	Check account activity regularly to spot unusual transactions.
	Immediately inform the Bank in case of any actual or suspected unauthorized use of your ATM card and/or PIN, or your ATM card is stolen or lost.
	To comply with the latest regulatory requirement of The Hong Kong Monetary Authority to strengthen the security controls for ATM services, with effect from 1 March 2013, the overseas ATM cash withdrawal (including cash advances) service of all ATM cards and credit cards will be pre-set as "deactivated". Customers are required to activate Overseas ATM Cash Withdrawal Service for their ATM cards and credit cards before using overseas ATM to withdraw cash (including cash advances). No activation is required for cash withdrawal via JETCO ATMs in Macau and China.
	Please put your ATM/credit cards that are used for authenticating customer identity at self-service terminals in safekeeping.

Two-factor Authentication

	Two-Factor Authentication (2FA) is now mandatary for Internet Banking Investment Services besides high-risk transactions (e.g. funds transfers to non-registered payee).
	Please make sure you have updated mobile number & email record with us.
	Our employee will ever ask you for your password or OTP (One-Time-Password). If you receive a call or email from someone claiming to be our employee, government official or even a member of law enforcement and they ask you for your password, ignore the call and contact us at Customer Service Hotline 3199 9188 immediately.
	Refer to Two-factor Authentication for Internet Investment Servicesfor more details

Email

	The Bank will not ask for sensitive account and personal information such as User IDs and passwords via e-mails.
	The Bank will not send e-mails with embedded hyperlinks (including those presented as QR code) to transactional websites to the customer for requesting enter or confirming any personal information and password.
	Do not open Email attachment from unknown, suspicious or unreliable sources and delete it immediately.
	Be aware of scam Emails which may pretend to be sent from your trusted business partners and friends, however they were designed to trap you into downloading a virus or visiting a fraudulent website and disclosing your sensitive information including your User ID and PIN.
	Do not send your User ID and PIN or other sensitive personal or financial information via Email. We always use encrypted sites that are secure to receive the information.

Security measures provided by the external parties

	Click here to learn more about digital security tips published by the Hong Kong Monetary Authority.
	Click here to learn more about the latest cyber security and technology crime published by the Hong Kong Police.
	Click here to learn more about the cyber security information provided by the Office of the Government Chief Information Officer.
	By clicking the above links, you are now leaving the OCBC Bank Ltd website and entering a third party site. All the information you provide will be subject to confidentiality and security terms of the applicable third party site. OCBC Bank Ltd does not take responsibility for information you provide at such third party sites.

Keep the Bank updated of your contact information

To ensure the Bank can contact you in an efficient manner, please inform us your latest contact phone number and/or correspondence address by submitting a Change of Address Form to any of our branch.