Online security has always been our prime concern in NET Banking services provision. A safe and secure system will not only ensure confidentiality of customers' information, but more importantly, prevent unauthorized operation of customers' account. Apart from the security measures implemented by our bank, you are responsible to play an equally important role in safeguarding your personal and account information. As such, important guidelines are summarized in this section for your reference. Incorporation of these guidelines onto your NET Banking habits is highly recommended.
If you suspect any unauthorized use of your NET Banking account or any abnormal transactions in the account, you should contact our Head Office or any one of our branches or call our Customer Service Hotline at (852) 2952 6666. You may also call our 24-hour Emergency Hotline (852) 3711 7900 at once to request for suspension of NET Banking Service.
(1) User Name and Password
Creating your password
Do not use your name, telephone number, date of birth, identification number, ... etc as password as they are easily guessed.
Do not use part of username as password.
Create a unique password, which is not sharing with any other systems.
Create your password composing of numbers and characters with upper and lower case.
Do not use Wing Lung NET Banking logon ID & password for other internet services (e.g. internet access service, web mail, online messaging, online shopping and other internet Banking services).
Keeping your username and password
Do not keep any document containing your username or password.
Do not write down your password without disguising it or write it down on your Security Token. (If you have to record your password, please make sure to store your password and Security Token separately.)
Do not expose your username or password to any third parties. (Wing Lung Bank staff and Police will never ask you for your password for identity verification purposes.)
Do not send your username or password by email.
Memorize your username and password.
Destroy the original printed copy of your password once you have memorized it.
Do not disclose personal information (e.g. HKID/passport number, address, bank account/credit card number) to any persons or websites you are suspicious of.
Changing your password
Change your password regularly, say, for every 30 days.
(2) Two-Factor Authentication
As part of our on-going commitment for improving online security and protecting you, we are delighted to present you with two-factor authentication technology - Security Token, which aimed to ensure a higher level of security for NET Banking.
Two-factor authentication uses a combination of two different factors, something you know (e.g. User ID and Password) plus something you have (e.g. digital certificate, Security Token or mobile phone) for verifying a user's identity.
The Security Token offers a higher degree of protection from a large variety of online threats, including phishing, keylogging / Trojans, shoulder surfing and screen capturing.
How to use Security Token
The Security Token is a simple and convenient way to ensure greater protection for you and your financial information as you will be required to enter a One-time Password (OTP) generated by this token, in addition to your Login ID and password, when you logon to our NET Banking Service. Moreover, the OTP is also required for changing NET Banking password, for added protection to you.
One-Time Password (OTP) is a single-use, time-sensitive Security Code generated by Security Token. It is used to authenticate the identity of NET Banking customers. When logging on Wing Lung NET Banking, you have to press the Security Token button once and enter the 6-digit OTP generated by the Token, in addition to your Logon ID and password for completing the logon procedures. Besides, you are also required to enter the OTP when you change your NET Banking password or perform any high-risk transactions online. With the Two-Factor Authentication, your financial information is securely protected.
Remark:
Each OTP will be valid for a short time interval. If the time permitted for the entry of the OTP expires, simply press the button on your Security Token to generate another OTP and enter the new OTP.
Activate your Security Token
If you have received a Security Token, please follow the steps below to activate the Security Token via NET Banking.
Your Security Token has been designed as a portable way for you to further ensure your security on NET Banking service. All customers will receive their initial Security Token free of charge. Replacements of lost or damaged, will be subject to a handling fee. For further assistance in maintaining the operability of your Security Token, please follow the guidelines below.
Keep your Security Token in a safe and secure place, where it is unlikely to be lost or taken by others.
Keep your Security Token dry and safe from large temperature fluctuations.
Do not submerge your Security Token in water. The Security Token is designed to be water-resistant, but not waterproof. Submerging your Security Token in water will cause it to malfunction.
Do not expose your Security Token to extreme temperatures. Leaving your Token in areas with abnormally high or low temperatures (car trunk, clothes dryer, sun, etc.) may damage the plastic shell and cause problems with the Token itself.
Do not drop your Security Token from large heights, step on it, or otherwise physically stress the Security Token. Your Security Token has been designed to tolerate the normal day-to-day stress levels associated with daily handling. The Token will be damaged if exposed to abnormal conditions.
You may personalize your Security Token as you would a key, or other security object. Attaching stickers, key chains, and different coloured chords is fine, as long as the decoration does not give out information that would allow someone to specifically identify the Security Token with you (name, address, HKID number, etc.).
Do not open you Security Token. Your Security Token has several tamper proof features. Opening the Token, removing the battery or circuit board, etc. will cause the token to malfunction.
What if your Security Token is not functioning or lost?
If your Security Token is not functioning, in low battery or lost, please visit our Head Office or any one of our branches to request for replacement.
If you are abroad and unable to visit the Bank for replacement of the Security Token, or should you have any enquiries, please contact us at (852) 2952 6666.
The Security Token is free-of-charge on the first-time request.
If the Security Token is malfunctioned or its battery is running low (the word "BATT" is shown), you may obtain a new Security Token from the Bank free-of-charge by returning the old one to the Bank.
However, if the Security Token is lost or damaged, a handling fee will be charged for replacement.
Upon obtaining a new Security Token, you should logon to NET Banking Service and follow instructions to activate the new Security Token.
Remarks:
Customer will be liable for all losses if he has failed to inform the Bank as soon as reasonably practicable after having found that his Security Token has been lost or stolen.
Customer has to return the Security Token to our Head Office or any one of our branches upon termination of NET Banking Service, or otherwise, the Bank has the right to collect a handling fee from the customer.
Safeguard you Security Token
To let the Security Token help you experience a more secure online banking, you must:
Never personalize your Security Token (e.g. you should not use your logon name or logon password for identification purposes). Ensure to store your password and Security Token separately.
Keep your Security Token in a secure place and never leave it unattended or lend it to others.
If you suspect any unauthorized use of your NET Banking account or any abnormal transactions in the account, you should contact our Head Office or any one of our branches or call our 24-hour Emergency Hotline (852) 3711 7900 at once to request for suspension of NET Banking Service.
Ensure that the logon user name and password you input cannot be viewed by others.
Check your last logon time when you access Wing Lung NET Banking.
Confirmation of Secure Connection.
When you are connecting or have connected to NET Banking, ensure that the "lock" icon at the bottom of the browser is always in secure mode and then double click or left click the "lock" icon to verify the information on the e-Certificate.
Secure Mode
Non-secure Mode
Internet Explorer
No icon
FireFox
No icon
Safari
No icon
Chrome
No icon
Do not use public computer (e.g. computers at internet cafes or game rooms) to logon Wing Lung NET Banking.
Do not logon to Wing Lung NET Banking from the hyperlink embedded in an unknown email / instant message.
e-Certificate Verification
Ensure that the security protection is enabled when you logon to Wing Lung NET Banking.
Every time before you logon our NET Banking services, you must perform the following procedures to verify the website you have entered as being the genuine Wing Lung Bank NET Banking.
EV SSL Certificate (Extended Validation SSL Certificate)
Wing Lung Bank has introduced the latest interest security measure with the adoption of EV SSL Certificate. Customers can clearly know they are on the authentic Wing Lung Bank website.
When using the following browser versions to logon to Wing Lung NET Banking, the name of the certificate owner (Wing Lung Bank Limited) will be displayed either on the URL address bar or near the top of the browser. This indicates the identity of the site is successfully verified.
To verify e-Certificate, press the green area / text in URL address bar or double clicks the secured lock icon:
Browser Version Minimum Requirement:
Internet Explorer 7.0 or above
The URL address bar will turn green with the company and certificate issuer names displayed in alternation.
Example:
Firefox 3.0 or above
The name of the company will be highlighted in green inside the URL address bar.
Example:
Safari 3.2 or above
The name of the company will be shown in green near the top right corner of browser.
Example:
Chrome
The URL address bar will turn yellow and display the name of the company.
Example:
Remark: The changes will look slightly different depending on the browser you use.
SSL Certificate
When using other browser versions to logon to Wing Lung NET Banking, e-Certification will be displayed by clicking the secured lock icon at the bottom corner of the browser.
Example for
Internet Explorer 6.0
Example for
FireFox 3.0
Click the secured lock icon once or twice then select “view certificate” to verify the information on the e-Certificate.
Example For Internet Explorer
Example For Firefox
To inquire and verify e-Certificate, please check the following information on the e-Certificate:
Browser
Issue To
Issued By
Validity
Internet Explorer
Firefox
Safari
Chrome
www.winglungbank.com
Wing Lung Bank Ltd.
Verisign Class Extended Validation SSL SGC CA
The date you logon should be within the valid period
Logoff NET Banking and terminate the browser properly. Never leave the logon window unattended after log on.
Our system will terminate your NET Banking session after a specified period of inactivity:
NET Banking Service: 5 Minutes / NET Securities Service:10 Minutes.And pages viewed during a secure session are not recorded in your PC's temporary files.
(4) Proper Handling of Account Information
When you are conducting NET Banking transactions or making enquiries, you should:
Ensure that your screen or input cannot be viewed by any persons (or electronic appliance, such as view cam).
Make sure that no printed account information is left behind in your printer.
Shred all account information printout before disposal.
Do not enable file and print option sharing features to prevent the access of your personal information by unauthorized persons.
Check your account information (such as balance and transaction history) regularly at least once a week to ensure no abnormal transactions.
(5) Appropriate Preventive Measures
Operating System Configuration / Software Installation
Turn off remote access control features to prevent unauthorized access to your PC.
Disable file and print option sharing features to prevent the access of your personal information by unauthorized persons. (For Windows 2000 and Windows XP, this option is enabled by default. It is highly recommended to disable the option before using NET Banking services).
Never install software from unknown sources.
Browser Settings
Use the latest recommended internet browser.
Do not use a browser which is beta version.
Use the browser that supports SSL encryption version 3.0 or above.
Clear any "cache" and "history" to prevent unauthorized access to the temporary files stored in your PC, which may contain your account information.
Cache is normally used to store Web page locally in your computer. Although our system is set to prevent the saving of your personal and account information of customers in cache, the setting may be affected by the type of browsers used and their configuration.
To protect against unauthorized access to your personal and account information by opening the last visited page via the cache, you should clear the cache after logoff as follows:
For Internet Explorer
For FireFox
1)
Select Tools -> Options from menu bar;
2)
Choose General tab;
3)
Delete Temporary internet Files (as well as all offline contents);
4)
Clear History
5)
Click OK
1)
Select Tools ->Clear Private Datafrom menu bar;
2)
Select Browsing History, Cache, and OfflineWebsite Data;
3)
Click Clear Private Data Now;
4)
Click OK
Disable the "auto-complete" features
The "auto-complete" feature is a function provided by browser that automatically complete the entries of Web addresses, forms, usernames and passwords with values from previous input.
When you use this function during logon, your username and password will be masked and recorded in your PC for future auto completion. Unauthorized persons can logon to NET Banking since this function auto-completes your logon username and password.
To eliminate this risk, the auto-complete function should always be disabled.
For Internet Explorer
For FireFox
1)
Open Internet Explorer.
2)
Choose Tools ->internet Options.
3)
Choose Content -> Auto-complete.
4)
Disable user names and passwords on forms.
5)
Disable the auto-complete.
6)
Click OK.
1)
Open FireFox.
2)
Choose Tools ->Option from menu bar.
3)
Choose Security.
4)
Disable Always Remember Password.
5)
Click OK.
6)
Select Tool->Clear Private Data from menu bar.
7)
Select Saved Password.
8)
Click Clear Private Data Now.
Caution to ActiveX Controls
An ActiveX control is a type of program that can take complete control of your computer. Data in your computer system may be destroyed if you download an ActiveX control from a web site without ensuring its details and source.
Before downloading an ActiveX control, you should:
Read the information provided on the security certificate to ensure that it is the object you want to download;
Read any pre-installed document and make sure that you understand the impact of such installation.
Never download the ActiveX control if you have doubts about its source, content and impact on your system.
Make sure that the source of the program is from a known publisher;
Safety Level Settings
In Internet Explorer, users are allowed to set the safety level for personalizing the security level of domains, such as not executing cookies or prompting alerts before downloading an ActiveX control.
You are recommended to set your browser safety level to medium to enhance security.
Select Tools from menu bar.
Choose internet Options -> Security tab.
Click internet and then set the safety level to medium.
Click OK.
Virus / Malicious Programs
Install and always activate anti-virus software, anti-spyware software, update the software regularly with the latest security files and patches.
Activate personal firewall to protect your computer.
Do not download files from unknown sources.
Clear the infected files once they are discovered.
Do not scan portable disks before using them for copying files to or from your computer.
Do not use the PC if a virus is found until the virus is completely cleared.
Do not access doubtful web sites
Scan your computer periodically at least once every 30 days (including all local disks and all file types).
Keep yourself updated on the latest information of virus and take necessary precaution.
Email / Instant Message
Do not download files from unknown sources, open emails or its attachment from unknown senders. Delete emails from unknown senders immediately after receipt. Such mails should also be deleted from the "Trash Bin" of your email box.
Scan executable files attached before you open or execute them.
Do not click any hyperlink embedded in an unknown email / instant message.
Disable scripting features for emails applications to prevent auto-execution of the unknown files.
Others
Use a screen saver with password.
Shut down your computer when it is not in use.
Check your account balance & statement regularly.
In order to ensure a satisfactory banking service and to ascertain that you could be notified promptly in case of any emergency, please inform us immediately if any of your contact information (especially mobile phone and contact numbers) is changed through either of the following channels:
Click here to download the form "Notice of Change of Address and/or Telephone No". Return the completed form to any of our branches for processing in person or by mail.
Dial our Telebanking Service Hotline (852) 2928 6668. Press 8>8>1 and enter your facsimile number to request for the form "Notice of Change of Address and/or Telephone No" after selecting language. Return the completed form to any of our branches for processing in person or by mail.
Directly visit any of our branches for updating the contact details.
Remarks:
Please allow a maximum of 7 working days for updating the record.
Check your account balance & statement regularly, contact us immediately should you encounter any abnormal transaction. (Don't ignore any unusual activity even if it is a minor one.)
Check your personal profile regularly to avoid loss caused by unauthorized usage of your personal information.
Notifying us of any change of your contact information immediately, so that we can contact you in case an abnormal online transaction is found.
If you suspect any online transaction case, you should immediately use the "NET Banking Service Suspension" under the "General Service" section in our NET Banking; to suspend your NET Banking services.
Before performing NET Banking Service Suspension, you should prepare the following information relating to the abnormal activities or suspected frauds:
Your last logon time;
Printouts of account information from NET Banking; or
Emails; or
Screen captures (such as images) relating to the activities or suspected frauds.
You should submit the information to us immediately via the following channels
Call our Customer Service Hotline (852) 2952 6666; or
