Security Tips for e-Services

Security Tips for e-Services
Security Tips for e-Services

    Online security of our e-Services has always been CMB Wing Lung Bank (“the Bank”)’s prime concern. A safe and secure system does not only ensure confidentiality of customers' information but more importantly, prevent unauthorized operation of customers' bank account. Apart from the security measures implemented by the Bank, you are also responsible to play an equally important role in safeguarding your personal account information. As such, important guidelines are summarized in this section for your reference. You are highly recommended to incorporate these guidelines into your habit when handling your personal account information.

    If you suspect any unauthorized use or abnormal transactions related to your e-Services account, you should contact the Bank by calling our Customer Services Hotline at (852) 230 95555 or CMB Wing Lung Credit Card Centre 24-hour Hotline at (852) 3711 7900 to request for suspension of related e-Services.

    (1)Important Security Information
    • Do not expose your logon ID or password to anyone (staff of CMB Wing Lung Bank and Police will never ask for your password for identity verification purposes).

    • Do not disclose your personal information (e.g. HKID / passport number, address, bank account / credit card number) to any persons or websites you are suspicious of.

    • Never provide anyone with the One-Time Password (OTP) that is sent to your mobile phone (staff of CMB Wing Lung Bank will never ask for your OTP).

    • Never store your logon ID and password in browser.

    • Regularly check account information (e.g. account balance and transaction history) and instantly check transaction notification message delivered by the Bank to ensure correctness. Contact the Bank immediately should you encounter any suspicious transaction.

    (2)Using ATM /ATM Card and Protecting Your PIN
    • Before using an ATM, check if the keypad cover is abnormal (e.g.: the keypad cover has been removed or installed with camera lens), and if there are any suspicious devices near the card slot and keypad. If you notice anything suspicious, please notify the related bank immediately.

    • Cover the keypad with your hand when entering your PIN at ATM or Point-of-Sale devices and make sure your PIN, as well as account information cannot be seen by any third parties.

    • Avoid writing down the PIN on the ATM Card or anything that is kept together with the ATM Card.

    • Promptly report to the Bank’s Customer Services Hotline at (852) 230 95555 if you discover or being suspicious of any loss, theft, disclosure or unauthorized use of your ATM Card and/or PIN of the ATM Card.

    • Retrieve your banknotes and ATM Card when you have completed your withdrawal. Count the number of banknotes and keep the Customer Advice as record.

    • Do not take away any banknotes at the cash dispenser or ATM Card at the card insertion slot left behind by others. Let the banknotes or ATM Card return to the ATM automatically.

    (3)Use of e-Channels (including NET Banking Services and CMB Wing Lung Bank Wintech mobile applicatoin)
    • Do not log in to e-Channels via website or application of any third party and hyperlink or QR code embedded in emails or SMS.

    • Open a browser and type the website address of CMB Wing Lung Bank (www.cmbwinglungbank.com) by yourself in order to log in to e-Channels of CMB Wing Lung Bank. You can also bookmark the website address in the browser for future use; or follow the Bank’s announced method to log in.

    • To ensure secure transactions, download CMB Wing Lung Bank Wintech mobile application from official application stores or CMB Wing Lung Bank website.

    • Use password that is hard to guess. Change your password regularly and keep it confidential.

    (4)Encryption Function & e-Certificate

    CMB Wing Lung Bank has been using the latest encryption security measure with the adoption of EV TLS Certificate (Extended Verification TLS Certificate). When using Microsoft Internet Explorer 7.0 or above to log in to e-Channels of CMB Wing Lung Bank, URL address bar will turn into green color and the name of the certificate owner will be displayed as CMB Wing Lung Bank Ltd. This indicates the identity of the site is successfully verified. By pressing the URL address bar or secured lock icon, you can verify the Internet security certificate information including validity and information below while the display format varies for different browsers.

    NET Banking Services
    Issued to: www.cmbwinglungbank.com
    Issued by: Symantec Class 3 Extended Validation SSL SGC CA

    NET Securities Services
    Issued to: www.cmbwinglungsec.com
    Issued by: Symantec Class 3 Extended Validation SSL SGC CA

    (5)Two-Factor Authentication

    To enhance online security, e-Channels of CMB Wing Lung Bank provide Two-Factor Authentication Services for customers. When login to e-Channels of CMB Wing Lung Bank, you can choose to use the Security Token. After entering your logon ID and password, press the button on the Security Token, then enter the 6-digit OTP generated to complete the logon procedures. For certain transactions, customers are required to enter OTP or “Transaction Signing Verification Code” for transaction confirmation. With the Two-Factor Authentication, your financial information is securely protected.

    For steps on using the Security Token, please click here.

    (6) Other Preventive Measures
    • Operating System Configuration / Software Installation

      • Turn off remote access control features to prevent unauthorized access to your computer.
      • Disable file and print option sharing features to prevent the access of your personal information by unauthorized persons.
      • Never install software from unknown sources.
      • Never use any jailbreak or rooted mobile device which may have security loopholes to log on to e-channels of CMB Wing Lung Bank.
      • Keep the operating system of your mobile device and app up-to-date.
      • Do not register other’s biometrics record in the device for authentication purpose.
      • Do not authorize any unnecessary access permission when installing software / applications.
    • Browser Settings

      • Use the latest recommended internet browser.
      • Do not use a browser in beta version.
      • Use the browser that supports TLS or above.
      • Clear any "cache" and "history" to prevent unauthorized access to the temporary files stored in your computer / mobile, which may contain your account information.
    • Virus / Malicious Programs

      • Activate personal firewall to protect your computer / mobile.
      • Install and always activate anti-virus software, anti-spyware software, update the software regularly with the latest security files and patches.
      • Clear the infected files once they are discovered.
      • Do not use the computer / mobile if a virus is found until the virus is completely cleared.
      • Do not access doubtful web sites.
      • Do not download files from unknown sources.
      • Scan portable disks before using them for copying files to or from your computer.
      • Scan your computer periodically (including all local disks and all file types).
      • Regularly check the data and storage usage of your device. Uninstall any software / applications with suspicious usage immediately.
      •  
    • Others

      • Never forward the phone number used for receiving OTP via SMS to another phone number.
      • Shut down your computer when it is not in use.
      • Set a pass code for your mobile phone and activate the auto-lock function.
      • Use the latest versions of operating system, browser and mobile application. Do not jailbreak or root your mobile phone or tablet.
      • Disable any wireless network functions not in use (e.g. Wi-Fi, Bluetooth, NFC). Choose encrypted networks when using Wi-Fi and remove any unnecessary Wi-Fi connection.
      • Inform the Bank immediately through any of the following channels if your contact information (especially mobile phone and contact numbers) is changed:

        1. Visit any of our branches for updating the personal information.
        2. Click here to download the form "Customer Information Amendment Form" and then return the completed form in person or by mail to any of our branches for processing.
        3. Dial our Customer Services Hotline (852) 230 95555 and press 7>8>1 after selecting language and enter your facsimile number to request for the form "Customer Information Amendment Form". Then return the completed form in person or by mail to any of our branches for processing.
      • Regular review and follow security tips published by the Bank to keep yourself updated about the latest security issues.
    (7)More Security Information

    To know more about the security issue of e-Services, please click the following links:

    Search Results